Win Dbg

Win Dbg

Windows Driver Kit

http://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx

The Symbol Path can be set by: using the _NT_SYMBOL_PATH environment variable. using the -y argument when starting the debugger. using .sympath and .sympath+ .reload to refresh symbol locations.

Alt + 1 -> Command -> .hh

Debugging a User-Mode Process Using WinDbg

Attaching to a Running Process

使用WinDbg调试用户模式进程

附加到运行中的进程

(File -> Attach to Process) F6 ->

1.使用 -p 或 -pn windbg -p ProcessID windbg -pn ProcessName 2.

Shift + F5 停止调试 Ctrl + Shift + F5 Restart

设置WinDbg字体

在字体对话框中选用“@Fixedsys”,12号字体,如果,没有该字体,点击下面的“显示更多字体”链接,在控制面板中选择“@Fixedsys”并显示,再重新选择字体。 注:“@Fixedsys”的汉字是躺着的,还是选用Fixedsys吧。

符号(Symbols)

符号文件(Symbol Files)

Typically, symbol files might contain:
+ Global variables + Local variables + Function names and the addresses of their entry points + Frame pointer omission (FPO) records + Source-line numbers

符号路径(Symbol Path)

调试器的符号路径是一个包含多个目录路径,用分号分隔的字符串。

.sympath \\someshare

符号路径一般包括本地路径,缓存路径,服务器路径。

.sympath C:\MyLocalSymbols;cache*C:\MyCacheSymbols;srv*http://MyServerSymbols    

符号文件本地缓存(Caching Symbols Locally)

One way to cache symbols locally is to include cache; or cachelocalsymbolcache; in your symbol path.

The following command tells the debugger to get symbols from the network share \someshare and cache the symbols in the default location on the local computer.

.sympath cache*;\\someshare

the following command tells the debugger to obtain symbols from the network share \someshare and cache the symbols in the c:\MySymbols directory.

.sympath cache*c:\MySymbols;\\someshare

使用符号服务器(Using a Symbol Server)

The following command tells the debugger to use a symbol server to get symbols from the default symbol store. These symbols are not cached on the local computer.

.sympath srv*

The following command tells the debugger to use a symbol server to get symbols from the symbol store at http://msdl.microsoft.com/download/symbols. These symbols are not cached on the local computer.

.sympath srv*http://msdl.microsoft.com/download/symbols

The following command tells the debugger to use a symbol server to get symbols from the symbol store at http://msdl.microsoft.com/download/symbols and cache the symbols in c:\MyServerSymbols.

.sympath srv*c:\MyServerSymbols*http://msdl.microsoft.com/download/symbols

The following example shows how to specify both directories in your symbol path.

.sympath c:\MyRegularSymbols;srv*c:\MyServerSymbols*http://msdl.microsoft.com/download/symbols

合并本地缓存与服务器(Combining cache and srv)

The following command tells the debugger to use a symbol server to get symbols from the store at http://msdl.microsoft.com/download/symbols and cache them in the default symbol cache directory.

.sympath cache*;srv*http://msdl.microsoft.com/download/symbols

The following command tells the debugger to use a symbol server to get symbols from the store at http://msdl.microsoft.com/download/symbols and cache the symbols in the c:\MySymbols directory.

.sympath cache*c:\MySymbols;srv*http://msdl.microsoft.com/download/symbols

配置符号路径(Controlling the Symbol Path)

To control the symbol path, you can do one of the following:

1.Use the .sympath command to display, set, change, or append to the path. The .symfix (Set Symbol Store Path) command is similar to .sympath but saves you some typing. .sympath
把当前的符号路径设置为命令参数中的“new path”
.sympath+
将“new path”添加到现有符号路径之后
.symfix
srvdownstream folderhttp://msdl.microsoft.com/download/symbols

2.Before you start the debugger, use the NT_SYMBOL_PATH and NT_ALT_SYMBOL_PATH environment variables to set the path. The symbol path is created by appending NT_SYMBOL_PATH after NT_ALT_SYMBOL_PATH. (Typically, the path is set through the NT_SYMBOL_PATH. However, you might want to use NT_ALT_SYMBOL_PATH to override these settings in special cases, such as if you have private versions of shared symbol files.) If you try to add an invalid directory through these environment variables, the debugger ignores this directory.

3.When you start the debugger, use the -y command-line option to set the path.

4.(WinDbg only) Use the File | Symbol File Path command or press CTRL+S to display, set, change, or append to the path.

If you use the -sins command-line option, the debugger ignores the symbol path environment variable.

.symfix(Set Symbol Store Path)

The .symfix command automatically sets the symbol path to point to the Microsoft symbol store.

.symfix[+] [LocalSymbolCache]

Parameters

  • Causes the Microsoft symbol store path to be appended to the existing symbol path. If this is not included, the existing symbol path is replaced.

LocalSymbolCache Specifies the directory to be used as a local symbol cache. If this directory does not exist, it will be created when the symbol server begins copying files. If LocalSymbolCache is omitted, the sym subdirectory of the debugger installation directory will be used.

Example:

0:000> .sympath(显示当前符号路径)
Symbol search path is: cache*D:\MyRegularSymbols;D:\Symbol
Expanded Symbol search path is: cache*d:\myregularsymbols;d:\symbol
0:000> .symfix+(追加微软符号存储)
0:000> .sympath
Symbol search path is: cache*D:\MyRegularSymbols;D:\Symbol;srv*
Expanded Symbol search path is: cache*d:\myregularsymbols;d:\symbol;SRV*http://msdl.microsoft.com/download/symbols
0:000> .symfix(设置微软符号存储)
0:000> .sympath
Symbol search path is: srv*
Expanded Symbol search path is: cache*;SRV*http://msdl.microsoft.com/download/symbols
0:000> .symfix+ E:\tmp(追加自定义符号路径)
0:000> .sympath
Symbol search path is: srv*
Expanded Symbol search path is: SRV*E:\tmp*http://msdl.microsoft.com/download/symbols

Best Practices:

1.设置本地符号路径,缓存路径,服务器路径

.sympath C:\MyLocalSymbols;cache*C:\MyCacheSymbols;srv*http://MyServerSymbols

2.追加微软符号存储

.symfix+

1.WinDbg Symbols Path 设置

F:\Symbols\WindowsSymbols;CACHE*F:\Symbols\CacheSymbols;SRV*http://msdl.microsoft.com/download/symbols  

2.使用symchk下载Windows对应符号文件

symchk /r C:\windows\system32 /s CACHE*F:\Symbols\WindowsSymbols;SRV*http://msdl.microsoft.com/download/symbols

源代码(Source Code)

源代码路径(Source Path)

The source path specifies the directories where the C and C++ source files are located.

.srcfix .srcpath