1、基本命令帮助
(1)断点指令
(1)断点指令
B[C|D|E] [<bps>]
clear|disable|enable breakpoints
BL
list breakpoints
BP <address>
set soft breakpoints
BA <access> <size> <addr>
break on access
(2)数据查看指令
D[type][<range>]
dump memory
DT [-n|y] [[mod!]name] [[-n|y]fields][address] [-l list] [-a[]|c|i|o|r[#]|v]
dump using type information
DV [<name>]
dump local variables
(3)数据修改指令
E[type] <address> [<values>]
enter memory values
(4)运行
G[H|N] [=<address> [<address>...]]
go
P [=<addr>] [<value>]
step over
(5)堆栈操作
K[b|p|P|v]
(6)显示加载的模块列表
LM
list modules
(7)寄存器操作
R [[<reg> [= <expr>]]]
view or set registers
(8)Search指令
S[<opts>] <range> <values>
search memory
(9)跟踪指令T,TA,TB,TC,WT,P,PA,PC
(10)退出
Q
(11)反汇编
U [<range>]
unassemble
UF
(12)版本查看
version
show debuggee and debugger version
(13)查看符号
X [<*|module>!]<*|symbol>
view symbols
(14)查看表达式
? <expr>
display expression
?? <expr>
display C++ expression
2.扩展命令
(1)!analyze
作用:该扩展命令执行大量分析,显示出当前异常或bug的大量信息
语法:
User-Mode
!analyze -c [ -load KnownIssuesFile | -unload | -help ]
Kernel-Mode
!analyze -c [ -load KnownIssuesFile | -unload | -help ]
!analyze -show BugCheckCode [BugParameters]
(2)显示临界区
!locks 扩展、!critsec 扩展、!cs 扩展和 dt
3.WinDBG快捷键
ctrl+s: set symbol path
ctrl+i: set image path
ctrl+p: set source path
ctrl+d: load crash dump file
ctrl+e: load exe file
ctrl+e: load exe file
ctrl+o: open source file
ctrl+r: connect to remote session
ctrl+k: kernel debug
f6: attach to a process
f5: go
f10: step over
f11: step into
ctrl+shift+f5: restart
alt+1: command
alt+2: watch
alt+3: locals
alt+4: registers
alt+5: memory
alt+6: callstack
alt+7: disassambly
alt+8: stratch pad
alt+9: processes and threads