WinDBG脚本入门

最近开始看一些针对非托管进程的WinDBG的使用了, Tess推荐去看Debugging Toolbox. 其第一篇就把我难住了, 脚本看不懂.

动手实践了一下, 发现下面的文章所讲的内容特别有帮助, 于是转载在这里.

 

原文地址

First steps with WinDBG scripting… (Memento)

http://www.msuiche.net/2007/08/03/first-steps-with-windbg-scripting-memento/

 

Here is a sample of script for Windbg for people who doesn’t want to waste time because they don’t find any document.

Firstly, to declare a variable you must use the prefix “r”. Moreover, the name must be $t[0..n]

Secondly, if you use the flag “/D” after “.printf” you can use pseudo-html code inside.

Thirdly, to read the value of an address you have to use “poi()” with the prefix “@” like : poi(@$t0)

To write byte or dword, you should use “eb” or “ed”.

And… the most fun is that you can create links like the following scheme :
.printf /D “<link cmd=\”COMMAND_TO_EXECUTE\”>DISPLAY_TEXT</link>\\n”;

 

To execute a script use
kd> $$>< "FULL_SCRIPT_PATH"

 

References:
http://blogs.msdn.com/debuggingtoolbox/archive/tags/Windbg+Scripts/default.aspx
http://www.dumpanalysis.org/blog/index.php/category/windbg-scripts/

posted on 2012-03-15 11:09  中道学友  阅读(1259)  评论(0编辑  收藏  举报

导航

技术追求准确,态度积极向上