最近开始看一些针对非托管进程的WinDBG的使用了, Tess推荐去看Debugging Toolbox. 其第一篇就把我难住了, 脚本看不懂.
动手实践了一下, 发现下面的文章所讲的内容特别有帮助, 于是转载在这里.
原文地址
First steps with WinDBG scripting… (Memento)
http://www.msuiche.net/2007/08/03/first-steps-with-windbg-scripting-memento/
Here is a sample of script for Windbg for people who doesn’t want to waste time because they don’t find any document.
Firstly, to declare a variable you must use the prefix “r”. Moreover, the name must be $t[0..n]
Secondly, if you use the flag “/D” after “.printf” you can use pseudo-html code inside.
Thirdly, to read the value of an address you have to use “poi()” with the prefix “@” like : poi(@$t0)
To write byte or dword, you should use “eb” or “ed”.
And… the most fun is that you can create links like the following scheme :
.printf /D “<link cmd=\”COMMAND_TO_EXECUTE\”>DISPLAY_TEXT</link>\\n”;
To execute a script use
kd> $$>< "FULL_SCRIPT_PATH"
References:
http://blogs.msdn.com/debuggingtoolbox/archive/tags/Windbg+Scripts/default.aspx
http://www.dumpanalysis.org/blog/index.php/category/windbg-scripts/