windbg 启动参数，常用命令

windbg [ -server ServerOptions | -remote ClientOptions ] 
   [ -premote SmartClientOptions ] [-?] [-ee {masm|c++}] 
   [-clines lines] [-b] [-d] [-aExtension] [-e Event] 
   [-failinc] [-g] [-G] [-hd] [-j] [-n] [-noshell] [-o] 
   [-Q | -QY] [-QS | -QSY] [-robp] [-secure] [-ses] [-sdce] 
   [-sicv] [-sins] [-snc] [-snul] [-sup] [-sflags 0xNumber] 
   [-T Title] [-v] [-log{o|a} LogFile] [-noinh] 
   [-i ImagePath] [-y SymbolPath] [-srcpath SourcePath] 
   [-k [ConnectType] | -kl | -kx ExdiOptions] [-c "command"] 
   [-pb] [-pd] [-pe] [-pr] [-pt Seconds] [-pv]
   [-W Workspace] [-WF Filename] [-WX] [-zp PageFile] 
   [ -p PID | -pn Name | -psn ServiceName | -z DumpFile | executable ] 

windbg -I[S] 

windbg -IA[S] 

如： windbg.exe -k com:port=\\.\pipe\com_2,baud=11520,pipe

Descriptions of the WinDbg command-line options follow. All command-line options are case-sensitive except for -j. The initial hyphen can be replaced with a forward-slash (/).

If the -remote or -server option is used, it must appear before any other options on the command line. If an executable is specified, it must appear last on the command line; any text after the executable name is passed to the executable program as its own command-line parameters.

Parameters

-server ServerOptions

Creates a debugging server that can be accessed by other debuggers. For an explanation of the possible ServerOptions, see Activating a Debugging Server.

-remote ClientOptions

Creates a debugging client, and connects to a debugging server that is already running. For an explanation of the possible ClientOptions, see Activating a Debugging Client.

-premote SmartClientOptions

Creates a smart client, and connects to a process server that is already running. For an explanation of the possible SmartClientOptions values, see Activating a Smart Client.

-aExtension

Sets the default extension DLL. The default is kdextx86.dll or kdexts.dll. There must be no space after the "a", and the .dll file name extension must not be included. For details, and other methods of setting this default, see Loading Debugger Extension DLLs.

-b

(Kernel mode only) This option has two effects:

1. The debugger will break into the target computer immediately upon connection.

2. After a reboot, the debugger will break into the target computer once the kernel is initialized. See Crashing and Rebooting the Target Computer for details and for other methods of changing this status.

-c "command"

Specifies the initial debugger command to run at start-up. This command must be enclosed in quotation marks. Multiple commands can be separated with semicolons. (If you have a long command list, it may be easier to put them in a script and then use the -c option with the $<, $><, $><, $$>< (Run Script File) command.)

If you are starting a debugging client, this command must be intended for the debugging server. Client-specific commands, such as .lsrcpath, are not allowed.

-clines lines

Sets the approximate number of commands in the command history which can be accessed during remote debugging. For details, and for other ways to change this number, see Using Debugger Commands.

-d

(Kernel mode only) After a reboot, the debugger will break into the target computer as soon as a kernel module is loaded. (This break is earlier than the break from the -b option.) See Crashing and Rebooting the Target Computer for details and for other methods of changing this status.

-e Event

Signals the debugger that the specified event has occurred. This option is only used when starting the debugger programmatically.

-ee {masm|c++}

Sets the default expression evaluator. If masm is specified, MASM expression syntax will be used. If c++ is specified, C++ expression syntax will be used. If the -ee option is omitted, MASM expression syntax is used as the default. See Evaluating Expressions for details.

-failinc

Causes the debugger to ignore any questionable symbols. When debugging a user-mode or kernel-mode minidump file, this option will also prevent the debugger from loading any modules whose images can't be mapped. For details and for other methods of controlling this, see SYMOPT_EXACT_SYMBOLS.

-g

(User mode only) Ignores the initial breakpoint in target application. This option will cause the target application to continue running after it is started or WinDbg attaches to it, unless another breakpoint has been set. See Initial Breakpoint for details.

-G

(User mode only) Ignores the final breakpoint at process termination. Typically, the debugging session ends during the image run-down process. This option will cause the debugging session to end immediately when the child terminates.

-hd

(Windows XP and later, user mode only) Specifies that the debug heap should not be used. See Behavior of Spawned Processes for details.

-I[S]

Installs WinDbg as the postmortem debugger. For details, see Enabling Postmortem Debugging. After this action is attempted, a success or failure message is displayed. If S is included, this procedure is done silently if it is successful; only failure messages are displayed.

The -I parameter must not be used with any other parameters. This command will not actually start WinDbg, although a WinDbg window may appear for a moment.

-IA[S]

Associates WinDbg with the file extensions .dmp, .mdmp, and .wew in the registry. After this action is attempted, a success or failure message is displayed. If S is included, this procedure is done silently if it is successful; only failure messages are displayed. After this association is made, double-clicking a file with one of these extensions will start WinDbg.

The -IA parameter must not be used with any other parameters. This command will not actually start WinDbg, although a WinDbg window may appear for a moment.

-i ImagePath

Specifies the location of the executables that generated the fault. If the path contains spaces, it should be enclosed in quotation marks. For details, and for other ways to change this path, see Executable Image Path.

-j

Allow journaling.

-k [ConnectType]

(Kernel mode only) Starts a kernel debugging session. For details, see Choosing Kernel Debugging Settings. If -k is used without any ConnectType options following it, it must be the final entry on the command line.

-kl

(Windows XP and later, kernel mode only) Starts a kernel debugging session on the same machine as the debugger. For more details, see Attaching to a Target Computer (Kernel Mode).

-kx ExdiOptions

(Kernel mode only) Starts a kernel debugging session using an EXDI driver. EXDI drivers are not described in this documentation. If you have an EXDI interface to your hardware probe or hardware simulator, please contact Microsoft for debugging information.

-log{o|a} LogFile

Begins logging information to a log file. If the specified log file already exists, it will be overwritten if -logo is used. If loga is used, the output will be appended to the file. For more details, see Keeping a Log File.

-n

Noisy symbol load: Enables verbose output from symbol handler. For details and for other methods of controlling this, see SYMOPT_DEBUG.

-noinh

(User mode only) Prevents processes created by the debugger from inheriting handles from the debugger. For other methods of controlling this, see Spawning a New Process (User Mode).

-noshell

Prohibits all .shell commands. This prohibition will last as long as the debugger is running, even if a new debugging session is begun. For details, and for other ways to disable shell commands, see Using Shell Commands.

-o

(User mode only) Debugs all processes launched by the target application (child processes). By default, processes created by the one you are debugging will run as they normally do. For other methods of controlling this, see Spawning a New Process (User Mode).

-p PID

Specifies the decimal process ID to be debugged. This is used to debug a process that is already running. For details, see Attaching to a Running Process (User Mode).

-pb

(Windows XP and later, user mode only) Prevents the debugger from requesting an initial break-in when attaching to a target process. This can be useful if the application is already suspended, or if you wish to avoid creating a break-in thread in the target. See Attaching to a Running Process (User Mode).

-pd

(Windows XP and later, user mode only) Causes the target application not to be terminated at the end of the debugging session. See Ending the Debugging Session for details.

-pe

(Windows XP and later, user mode only) Indicates that the target application is already being debugged. See Re-attaching to the Target Application for details.

-pn Name

Specifies the name of the process to be debugged. (This name must be unique.) This is used to debug a process that is already running. For details, see Attaching to a Running Process (User Mode).

-pr

(Windows XP and later, user mode only) Causes the debugger to start the target process running when it attaches to it. This can be useful if the application is already suspended and you wish it to resume execution. See Attaching to a Running Process (User Mode).

-psn ServiceName

Specifies the name of a service contained in the process to be debugged. This is used to debug a process that is already running. For details, see Attaching to a Running Process (User Mode).

-pt Seconds

Specifies the break timeout, in seconds. The default is 30. See Controlling the Target for details.

-pv

(User mode only) Specifies that the debugger should attach to the target process noninvasively. For details, see Noninvasive Debugging (User Mode).

-Q

Suppresses the "Save Workspace?" dialog box. Workspaces are not automatically saved. See Using Workspaces for details.

-QS

Suppresses the "Reload Source?" dialog box. Source files are not automatically reloaded.

-QSY

Suppresses the "Reload Source?" dialog box and automatically reloads source files.

-QY

Suppresses the "Save Workspace?" dialog box and automatically saves workspaces. See Using Workspaces for details.

-robp

This allows CDB to set a breakpoint on a read-only memory page. (The default is for such an operation to fail.)

-sdce

Causes the debugger to display File access error messages during symbol load. For details and for other methods of controlling this, see SYMOPT_FAIL_CRITICAL_ERRORS.

-secure

Activates Secure Mode.

-ses

Causes the debugger to perform a strict evaluation of all symbol files and ignore any questionable symbols. For details and for other methods of controlling this, see SYMOPT_EXACT_SYMBOLS.

-sflags 0xNumber

Sets all the symbol handler options at once. Number should be a hexadecimal number prefixed with 0x — a decimal without the 0x is permitted, but the symbol options are binary flags and therefore hexadecimal is recommended. This option should be used with care, since it will override all the symbol handler defaults. For details, see Setting Symbol Options.

-sicv

Causes the symbol handler to ignore the CV record. For details and for other methods of controlling this, see SYMOPT_IGNORE_CVREC.

-sins

Causes the debugger to ignore the symbol path and executable image path environment variables. For details, see SYMOPT_IGNORE_NT_SYMPATH.

-snc

Causes the debugger to turn off C++ translation. For details and for other methods of controlling this, see SYMOPT_NO_CPP.

-snul

Disables automatic symbol loading for unqualified names. For details and for other methods of controlling this, see SYMOPT_NO_UNQUALIFIED_LOADS.

-srcpath SourcePath

Specifies the source file search path. Separate multiple paths with a semicolon (;). If the path contains spaces, it should be enclosed in quotation marks. For details, and for other ways to change this path, see Source Path.

-sup

Causes the symbol handler to search the public symbol table during every symbol search. For details and for other methods of controlling this, see SYMOPT_AUTO_PUBLICS.

-T Title

Sets WinDbg window title.

-v

Enables verbose output from debugger.

-W Workspace

Loads the given named workspace. If the workspace name contains spaces, enclose it in quotation marks. If no workspace of this name exists, you will be given the option of creating a new workspace with this name or abandoning the load attempt. For details, see Using Workspaces.

-WF Filename

Loads the workspace from the given file. Filename should include the file and the extension (usually .wew). If the workspace name contains spaces, enclose it in quotation marks. If no workspace file with this name exists, you will be given the option of creating a new workspace file with this name or abandoning the load attempt. For details, see Using Workspaces.

-WX

Disables automatic workspace loading. For details, see Using Workspaces.

-y SymbolPath

Specifies the symbol search path. Separate multiple paths with a semicolon (;). If the path contains spaces, it should be enclosed in quotation marks. For details, and for other ways to change this path, see Symbol Path.

-z DumpFile

Specifies the name of a crash dump file to debug. If the path and file name contain spaces, this must be surrounded by quotation marks. It is possible to open several dump files at once by including multiple -z options, each followed by a different DumpFile value. For details, see Analyzing a User-Mode Dump File with WinDbg or Analyzing a Kernel-Mode Dump File with WinDbg.

-zp PageFile

Specifies the name of a modified page file. This is useful if you are debugging a dump file and want to use the .pagein (Page In Memory) command. You cannot use -zp with a standard Windows page file — only specially-modified page files can be used.

executable

Specifies the command line of an executable process. This is used to launch a new process and debug it. This has to be the final item on the command line. All text after the executable name is passed to the executable as its argument string. For details, see Spawning a New Process (User Mode).

-?

Pops up this HTML Help window.

When you are running the debugger from the command line, specify arguments for the target application after application's file name. For instance:

windbg myexe arg1 arg2

~ - 列举出当前进程上下文中的所有线程
~* - 列举出当前进程上下文中的所有线程的详细信息
lm - 列举出所有加载的模块
!sym noice/quiet - 代码提示开关
.srcpath -设置源码路径
k - 显示当前堆栈
~*kb -显示出所有线程占用的堆栈
dv - 显示出本地变量(使用ctrl + alt + v切换模式)
.Frame - 调用堆栈
dt xxx - 显示出诸如PEB等的数据结构
!gle/!error - 显示出最新线程错误
!teb - 显示出当前线程执行块
!peb - 显示出当前进程执行块
r [@register] - 显示所有注册的值
ln [Address] - 显示地址类型
x [] -查询全局变量和全局函数
!locks - 显示所有死锁
!handle - 获取当前活动句柄
!htrace [enable] - 显示并跟踪所有句柄
u - 反汇编
bp [Kernel!SetLastError] [value] - 设置断点
bl - 显示断点信息
ba - 数据断点
ba w4 0x4000000 "kb;g" - 显示出地址0x40000调用的所有堆栈
p,pa,t,ta - 控制命令