WinDbg?? - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

WinDbg??

Description:

Title: 1 Author: hbh Last modified by: hbh Created Date: 8/11/2006 9:40:16 AM Document presentation format: Company: 317lab – PowerPoint PPT presentation

Number of Views:398
Avg rating:3.0/5.0
Slides: 21
Provided by: hbh
Category:
Tags: windbg | debug | windows

less

Transcript and Presenter's Notes

Title: WinDbg??


1
WinDbg??
  • ???????

2
????
  • WinDbg???
  • User Mode??
  • Kernel Mode??
  • Kernel Mode????
  • ??kernel mode??
  • WinDbg??
  • WinDbg??

3
WinDbg???
  • Microsoft Windows Debugger(WinDbg)
  • WinDbg is a powerful Windows-based debugging
    tool. It
  • Has the capability of both user-mode and
    kernel-mode debugging.
  • Provide full source-level debugging for the
    Windows kernel, kernel-mode drivers, and system
    services, as well as user-mode applications and
    drivers.
  • Can view source code, set breakpoints, view
    variables (including C objects), stack traces,
    and memory. Its Debugger Command window allows
    the user to issue a wide variety of commands.
  • Supports various remote debugging options for
    both user-mode and kernel-mode targets.
  • Is the graphical-interface counterpart to CDB /
    NTSD and to KD.

4
User Mode??
  • User-mode debugging
  • Is a debugger session in which the target is
    running in user mode.
  • User mode
  • In user mode, processes that run in user mode do
    so within their own virtual address spaces. They
    are restricted from gaining direct access to many
    parts of the system, including system hardware,
    memory that was not allocated for their use, and
    other portions of the system that might
    compromise system integrity.
  • Categories of User-mode processes
  • System Processes.
  • Server Processes.
  • Environment Subsystems.
  • User Applications.

5
Kernel Mode??
  • Kernel-mode debugging
  • A debugger session in which the target is running
    in kernel mode.
  • Kernel-mode
  • Kernel-mode code has permission to access any
    part of the system, and is not restricted like
    user-mode code. It can gain access to any part of
    any other process running in either user mode or
    kernel mode.
  • Kernel-mode components
  • Executive (???)
  • Kernel(??)
  • Hardware Abstraction Layer (HAL,?????)
  • Window and Graphics Subsystem(????????)

6
Kernel Mode????
  • ??????

??????(Host computer, ??WinDbg)?
???????(Target computer, ??kernel-mode program),
Null-modem cable
7
Kernel Mode????
  • ???????

8
??kernel mode??
  • ????
  • ???(Host computer)?????????(???????,??cmd,????
    ),??????
  • set _NT_SYMBOL_PATHD\WRK-v1.2\base\ntos\BUILD\EX
    ED\WRK-v1.2\WS03SP1HALS\x86\halacpim
  • path D\WRK-v1.2\DebugTools
  • windbg -k compipe,port\\.\pipe\debug,resets0,re
    connect

9
??kernel mode??
???? set _NT_SYMBOL_PATHD\WRK-v1.2\base\ntos\BU
ILD\EXED\WRK-v1.2\WS03SP1HALS\x86\halacpim
  • Symbol file
  • ??????????,??????(link)?,?????.exe,
    .dll??,??????????????,?????symbol files.
  • Symbol files??????Global variables, Local
    variables, Function names and the addresses of
    their entry points, FPO data, Source-line
    numbers??????????????,??????????????
  • ?Windows xp???????,symbol files?????.pdb

10
??kernel mode??
???? windbg -k compipe,port\\.\pipe\debug,reset
s0,reconnect
-k //Kernel mode debugging?? compipe
//WinDbg?????????????? port\\.\pipe\debug
//??????,??VMHost\pipe\PipeName
resets0 //??????????????? reconnect //?WinDbg?
???????????????
11
??kernel mode??
?????,?????
12
??kernel mode??
????Debug?Break,????????
?????kd???Kernel Debug
13
WinDbg??
  • ??????(Debugging Information Windows)

14
WinDbg??
  • ????
  • Debugger Commands
  • Commands
  • Meta-Commands
  • //??.????,?.cls (Clear Screen),.echo (Echo
    Comment),.help
  • Command Tokens
  • //.block .break .catch .continue .do .else
    .elsif .for .foreach .if .leave .printf .while
  • Debugger Extension Commands
  • General Extensions
  • Kernel-Mode Extensions
  • User-Mode Extensions
  • Specialized Extensions

?!???,? !peb !process !dt
15
WinDbg??
  • ????
  • Controlling the Target
  • Execution halts
  • Target executes freely
  • Target executes one instruction
  • //If this is a function call, debugger traces
    into that call.

16
WinDbg??
  • Target executes one instruction
  • //If this is a function call, that function is
    executed as a single step.
  • Halts all debugging and terminates the target


17
WinDbg??
  • Other commands
  • .cls (Clear Screen)
  • //clears the Debugger Command window display.
  • !process
  • //displays information about the specified
    process, or about all processes, including the
    EPROCESS block.
  • ??
  • !process 0 0 //??????????????????,???????????07?
    ????,???????????
  • !process ProcessAddress 0
  • !process 0 0 ProcessImageFileName
  • //???????????

18
WinDbg??
  • !thread
  • //displays summary information about a thread on
    the target system, including the ETHREAD block.
  • ??
  • !thread Address 0 //????????????????,?????????07?
    ????,???????????
  • !thread p Address //????????????????,???????????
  • dt
  • //displays information about a local variable,
    global variable or data type.
  • ??
  • dt eprocess //?????????
  • dt eprocess ProcessAddrss //???????????

?????????WinDbg???? Debugger Reference?
19
Homework
  • ??WRK????,??WinDbg?????

20
References
  • 1 WinDbg, Debugging Help
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "WinDbg??" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!