Debug tool 学习笔记

GDB调试命令大全

gdb --pid 1235

gdb core.1234

where (bt)    //where the segmentation fault occurred

f 1              //切换栈帧

info locals  //打印内存

WinDBG调试技巧 .     ybao@microsoft.com baoyunduan

.ecxr command displays the context record

kb    display call stack with first 3 params

.hh --help

.sympath+ srv*c:symsrv*http://msdl.microsoft.com/download/symbols

.sympath+ C: rainingLabfiles
.srcpath C: rainingLabfilesErrorCheckFileCopy

srv*c:symsrv*http://msdl.microsoft.com/download/symbols;C: rainingLabfiles
./realod /f
lm -----check the symbol file

Noninvasive -----only view, can't modify memory data

.detach

command line: c:/windbg /?
dash y == -y
slash ? == /?

process -p PID
service -pn name/global

k --- call stack
kn ---- show frame number
kf ---- show memory ocupy

~*k
~4k ---- show thread 4
~ --- show all thread
~S5 --- jump to thread 5
.frame 2 -- jump to frame

? --- convert hex to Decimal
.formats -- show all formats of a number

g --- continure run debugger
r --- list all the registers
rm ff

r@eax --- specific a registers

syspath
ft
tasklist svc

.hh ---help
.hh reload

.reload --- reload symboal
.reload /f

!chain

!ext analyze

c:/debuggers/winext
.load usbkd
unload usbkd

.kframes

logfile
logopen d:log.txt
logclose
logappend d:log.txt

d ---- display memory
dd* point ---- display data in the address store in the point
dv ----display local variable
dt ----display type
dt ps
dt ps -r1

e ---- edit data in memory

!grep

n 10
.formats -118

x---- list the function name/global variable
x notepad!*
x notepad!*file

------------------------mex debugging extension for windebug

c:/debugers/winext
!mex.help
.load mex
.unload mexextpath

!us

bl ----list break point
bp ----set break point
bm ----set multiple point
bm notepad!*file
bd ----disable break point
bc ----clear specific break point

|
||
vertarget ----Shows target computer version

? Evaluate expression
?? Evaluate an expression according to c++ expression rules

.dump
/f complete dump
/ma mini dump

.reload
/f
/u

lm ---- list all dlls, can be used to check if the symbol file was loaded
lmvm combase

.effmach x86 | amd64

t
p
pc
g
gu
gu; echo "hello"; gu; gu

u ---- show assembly code
u L30
uf ----The uf command displays an assembly translation of the specified function in memory

----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------

eventvwr

!analyze -v

!dh badapp

dps +image base address + offset address

!error errorcode
!error 3

!gle
----GetLastError() in code

!teb

.unload ext ---- Load Extension DLL
.load ext

BOOL SafeDiv(INT32 dividend, INT32 divisor, INT32 *pResult)
{
__try
{
*pResult = dividend / divisor;
}
__except(GetExceptionCode() == EXCEPTION_INT_DIVIDE_BY_ZERO ?
EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH)
{
return FALSE;
}
return TRUE;
}

sx ---set exception

prodump.exe -----create dump file when some rules was trigger
-ma --very important
-i
-e
-c
-cl
-h
-n

---- show dump info
!peb -- !peb extension displays a formatted view of the information in the process environment block (PEB).

!teb -- !teb extension displays a formatted view of the information in the thread environment block (TEB).

!runway ---- show run time of thread
!runway f

stack:

1M
two pages

c++函数调用方法
32 bit 4种不同的调用方法
64bit 只有一种调用方法

STDCALL 从右往左压栈，适用于有固定参数个数，由调用函数来处理
CDECL
THISCALL
FASTCALL

----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
E:Program Files (x86)Microsoft Visual Studio 14.0VCin
dumpbin
editbin /LARGEADORESSAWARE[:NO] 可在不重新编译的情况下，将用户可用内存空间大于2G

或者在VS--链接--系统--启用大地址中修改选项，然后重新编译

You can use /userva with /3Gb to further tune user VA space

!address -summary

Performance Monitor -- 1. 打开:Administrative Tools->Performance,或在运行中输入"perfmon"

C:Program Files (x86)Windows Kits10Windows Performance Toolkit
1. Windows Performance recorder
WPRUI.exe

2. Windows Performance Analyzer
wpa.exe

C:Program Files (x86)Windows Resource KitsToolsconsume 可以用来模拟系统资源占用比较严重的情况，我被弄死机了，差点笔记也没有了
consume -cpu-time

!address summary
!address analyze
!heap -s
!heap /?
!help -stat -h HANDLE
!heap -p -a ADDR

gflags -i heap_overrun_demo.exe +hpa

--------------------------------------------------------------------------------------------------------------------
check deadlock ----step
!locks, !cs, ~*k

children process -- command line

Semaphore -- multiple owner
CS/Mute -- One owner

WaitForMultipleObject() ---- 等多个条件齐了才能开始

!handle f

TLS 线程本地存储 ----- http://blog.csdn.net/xiaoliangsky/article/details/43158713

用ProcDump 来取dump是比较准确的

.reload /i C:UsersadminDownloadswme4train_x64mediaenginemapsx64Release
.reload /i wseclient.dll
.effmach x86
.load wow64exts
!analyze -v

!wow64exts k