<b>1、基本指令幫助</b>
(1)斷點指令B[C|D|E] [<bps>]
clear|disable|enable breakpoints
BL
list breakpoints
BP <address>
set soft breakpoints
BA <access> <size> <addr>
break on access
(2)資料檢視指令
D[type][<range>]
dump memory
DT [-n|y] [[mod!]name] [[-n|y]fields][address] [-l list] [-a[]|c|i|o|r[#]|v]
dump using type information
DV [<name>]
dump local variables
(3)資料修改指令
E[type] <address> [<values>]
enter memory values
(4)運作
G[H|N] [=<address> [<address>...]]
go
P [=<addr>] [<value>]
step over
(5)堆棧操作
K[b|p|P|v]
(6)顯示加載的子產品清單
LM
list modules
(7)寄存器操作
R [[<reg> [= <expr>]]]
view or set registers
(8)Search指令
S[<opts>] <range> <values>
search memory
(9)跟蹤指令T,TA,TB,TC,WT,P,PA,PC
(10)退出
Q
(11)反彙編
U [<range>]
unassemble
UF
(12)版本檢視
version
show debuggee and debugger version
(13)檢視符号
X [<*|module>!]<*|symbol>
view symbols
(14)檢視表達式
? <expr>
display expression
?? <expr>
display C++ expression
<b>2.擴充指令</b>
(1)!analyze
作用:該擴充指令執行大量分析,顯示出目前異常或bug的大量資訊
文法:
User-Mode
<b>!analyze</b> [<b>-v</b>] [<b>-f</b> | <b>-hang</b>] [<b>-D</b> BucketID]
<b>!analyze</b> <b>-c</b> [ <b>-load</b> KnownIssuesFile | <b>-unload</b> | <b>-help</b> ]
Kernel-Mode
<b>!analyze</b> [<b>-v</b>] [<b>-f</b> | <b>-hang</b>] [<b>-D</b> BucketID]
<b>!analyze</b> <b>-show</b> BugCheckCode [BugParameters]
(2)顯示臨界區
!locks 擴充、!critsec 擴充、!cs 擴充和 dt
<b>3.WinDBG快捷鍵</b>
ctrl+s: set symbol path
ctrl+i: set image path
ctrl+p: set source path
ctrl+d: load crash dump file
ctrl+e: load exe file
ctrl+o: open source file
ctrl+r: connect to remote session
ctrl+k: kernel debug
f6: attach to a process
f5: go
f10: step over
f11: step into
ctrl+shift+f5: restart
alt+1: command
alt+2: watch
alt+3: locals
alt+4: registers
alt+5: memoryalt+6: callstack
alt+7: disassambly
alt+8: stratch pad
alt+9: processes and threads
![Windbg檢視調用堆棧(k*)
1. 函數參數
2. Windbg堆棧指令
3. 執行個體分析[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)