Windows Debugging 学习笔记

1. Debugging Tools For Windows:

• Ntsd.exe : Console based debugger with new console

Cdb.exe : Console based debugger with existing console

• Windbg.exe : GUI based debugger
• Kd.exe : Console based kernel mode debugger
• Adplus.exe : Monitoring tool
• Umdh.exe : Memory leak detection tool
• Remote.exe : Remote debugging tool

windbg cheat sheet : http://windbg.info/doc/1-common-cmds.html

 

2. Heap Corruption: tool->Application Verifier

 

3. Resource Leaks

　　a. Tools for debuging handles

• • Task Manager
    • Shows handle count
  • Process Explorer shows handle count as well as:
    • Type of handle (file, mutant, section etc)
    • Name of the handle
    • Handle value
    • Comes in handy when figuring out what type of handle is being leaked
  • Debugger extension commend : !htrace

b. Tools for heap memory tracking

• • UMDH
    • Tracks heap based memory
    • Requires OS instrumentation to be enabled(gflags)
  • DebugDiag
    • Powerful automated debugger
    • Extensible
  • Debugger command : !heap

4. Thread Synchronization

• Critical Section
  • Per process (user mode), Under the covers uses an Event.
  • Allows one thread access to shared data
  • Represented by RTL_CRITICAL_SECTION (LockCount, RecursionCount, OwningThread, SpinCount, DebugInfo)
  • !cs <address>: Displays information about critical section
• Events
• Mutex
  • Kernal mode construct
  • be used within and across different processes
  • Represented in user mode as a handle
  • Use !handle command to view information
• Semaphore
  • Kernal mode construct
  • be used within and across different processes
  • Employs resource couniting (x number of threads can access resource)
  • Use !handle command to view information

5. Power Tools

• DebugDiag
• Procdump