https://githomelab.ru/pykd/pykd
1、安装python (坑,分x86和x64,对应windbg版本)
2、安装pykd:'pip install pykd'
3、安装Windbg插件,
下载地址:https://githomelab.ru/pykd/pykd-ext/-/wikis/Downloads
安装步骤:https://githomelab.ru/pykd/pykd-ext
排坑记录:
1、执行!py命令后提示:failed to find python interpreter
解决方案:安装对于版本的python
2、执行!py命令后windbg闪退
排错过程:
windbg加载C:UsersxxxAppDataLocalCrashDumps目录下的dump文件
!analyze -v
应该是环境的问题,搜索中发现:https://stackoverflow.com/questions/43688302/windbg-cant-find-python-interpreter-for-pykd/45856752#45856752
I had this issue when having multiple python installations on the same machine. Managed to solve it by manually creating required registry key, as I did not want to reinstall any python versions, nor change the global path/pythonpath variables.
Note that you will need x64 python for windbgx64 and x86 python for windbgx86
Let's say you want to use python 3.7x86 installed at c:python37_x86, and python 3.6x64installed at c:python36_x64
-
Create keys leading to
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodePythonPythonCore3.7-32InstallPaththere, and set the(Default)toc:python37_x86(the trailing backslash is important!) -
Similarly, create keys leading to
HKEY_LOCAL_MACHINESOFTWAREPythonPythonCore3.6InstallPaththere, and set the(Default)toc:python36_x64 - Unfortunately the
PYTHONPATHenvironment variable is still being used, and must match the referenced python version(otherwise you will encounterFatal Python error: unable to load the file system codec. NOTE: this may only be important if one of the versions is 2.x and the other 3.x. Try making it work without this step
To circumvent the last issue I created .bat files to modify the environment and launch windbg with the correct environment.
For example for launching 32 bit windbg:
set PYTHONPATH=C:python37_x86Lib;[...Rest of the PYTHONPATH for this python version...]
start windbgx -debugArch x86 -c ".load c:dev oolspykdx86pykd.dll"
解决方案:使用bat脚本启动对应windbg
根据个人环境修改
x86:
e: cd E:Windows Kits10Debuggersx86 set PYTHONPATH=D:sdkpython37_86Lib; start windbg
x64
e: cd E:Windows Kits10Debuggersx64 set PYTHONPATH=D:sdkAnaconda3Lib; start windbg
over!