让WinDBG显示自己的调试信息
WinDBG是个调试器,但其本身也是个软件,也有BUG,这就好像医生也会生病一样。如何调试WinDBG呢?WinDBG的设计者们早考虑到了。比如.dbgdbg命令就是启动一个调试器来调试当前的调试器。
再如,使用.outmask命令可以让WinDBG输出自己的调试信息。参数可以是下表中的各个标志位的组合。
| Value |
Default setting |
Description |
| 1 |
On |
Normal output |
| 2 |
On |
Error output |
| 4 |
On |
Warnings |
| 8 |
Off |
Additional output |
| 0x10 |
On |
Prompt output |
| 0x20 |
On |
Register dump before prompt |
| 0x40 |
On |
Warnings that are specific to extension operation |
| 0x80 |
On |
Debug output from the target (for example, OutputDebugString or DbgPrint) |
| 0x100 |
On |
Debug input expected by the target (for example, DbgPrompt) |
| 0x200 |
On |
Symbol messages (for example, !sym noisy) |
简单起见,使用0xFFFFFFFF作为参数,就是打开所有调试输出。输入8个F太麻烦了,那就使用/a开关吧:
0:000> .outmask /a
Client 007B5A60 mask is FFFFFFFF
执行以上命令后,恢复调试目标执行,就可以看到WinDBG工作的很多内部过程了。
0:000> g
Check event IP 7c901230 for hard break
InsertBreakpoints PC 7c901231
Process 0 with 0 bps
after insert udb 0, dbc 0
> Executing
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10001
>>> Debug event 6 for 1150.1208
ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.DLL
ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.DLL
OUTPUT_PROCESS: *** Load dll ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
hFile: 2c8 base: 10200000
hFile: 2c4 base: 5f400000
hFile: 2d4 base: 5f500000
hFile: 2d8 base: 76390000
hFile: 2cc base: 77f10000
hFile: 2bc base: 7c800000
hFile: 2b8 base: 7c900000
hFile: 2d0 base: 7e410000
>>> Event status 9
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10002
>>> Debug event 6 for 1150.1208
ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
OUTPUT_PROCESS: *** Load dll ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
hFile: 2c8 base: 10200000
hFile: 2c4 base: 5f400000
hFile: 2d4 base: 5f500000
hFile: 2d8 base: 76390000
hFile: 2e4 base: 77dd0000
hFile: 2cc base: 77f10000
hFile: 2bc base: 7c800000
hFile: 2b8 base: 7c900000
hFile: 2d0 base: 7e410000
>>> Event status 9
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10002
>>> Debug event 6 for 1150.1208
ModLoad: 77e70000 77f01000 C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 77e70000 77f01000 C:\WINDOWS\system32\RPCRT4.dll
OUTPUT_PROCESS: *** Load dll ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
hFile: 2c8 base: 10200000
hFile: 2c4 base: 5f400000
hFile: 2d4 base: 5f500000
hFile: 2d8 base: 76390000
hFile: 2e4 base: 77dd0000
hFile: 2e8 base: 77e70000
hFile: 2cc base: 77f10000
hFile: 2bc base: 7c800000
hFile: 2b8 base: 7c900000
hFile: 2d0 base: 7e410000
>>> Event status 9
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10002
>>> Debug event 6 for 1150.1208
ModLoad: 629c0000 629c9000 C:\WINDOWS\system32\LPK.DLL
ModLoad: 629c0000 629c9000 C:\WINDOWS\system32\LPK.DLL
OUTPUT_PROCESS: *** Load dll ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
hFile: 2c8 base: 10200000
hFile: 2c4 base: 5f400000
hFile: 2d4 base: 5f500000
hFile: 2ec base: 629c0000
hFile: 2d8 base: 76390000
hFile: 2e4 base: 77dd0000
hFile: 2e8 base: 77e70000
hFile: 2cc base: 77f10000
hFile: 2bc base: 7c800000
hFile: 2b8 base: 7c900000
hFile: 2d0 base: 7e410000
>>> Event status 9
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10002
>>> Debug event 6 for 1150.1208
ModLoad: 74d90000 74dfb000 C:\WINDOWS\system32\USP10.dll
ModLoad: 74d90000 74dfb000 C:\WINDOWS\system32\USP10.dll
OUTPUT_PROCESS: *** Load dll ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
hFile: 2c8 base: 10200000
hFile: 2c4 base: 5f400000
hFile: 2d4 base: 5f500000
hFile: 2ec base: 629c0000
hFile: 2f0 base: 74d90000
hFile: 2d8 base: 76390000
hFile: 2e4 base: 77dd0000
hFile: 2e8 base: 77e70000
hFile: 2cc base: 77f10000
hFile: 2bc base: 7c800000
hFile: 2b8 base: 7c900000
hFile: 2d0 base: 7e410000
>>> Event status 9
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10002
>>> Debug event 6 for 1150.1208
ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll
ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll
OUTPUT_PROCESS: *** Load dll ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
hFile: 2c8 base: 10200000
hFile: 2c4 base: 5f400000
hFile: 2d4 base: 5f500000
hFile: 2ec base: 629c0000
hFile: 2f0 base: 74d90000
hFile: 2d8 base: 76390000
hFile: 2f4 base: 77c10000
hFile: 2e4 base: 77dd0000
hFile: 2e8 base: 77e70000
hFile: 2cc base: 77f10000
hFile: 2bc base: 7c800000
hFile: 2b8 base: 7c900000
hFile: 2d0 base: 7e410000
>>> Event status 9
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10002
>>> Debug event 6 for 1150.1208
ModLoad: 5fd00000 5fd09000 C:\WINDOWS\system32\MFC42LOC.DLL
ModLoad: 5fd00000 5fd09000 C:\WINDOWS\system32\MFC42LOC.DLL
OUTPUT_PROCESS: *** Load dll ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
hFile: 2c8 base: 10200000
hFile: 2c4 base: 5f400000
hFile: 2d4 base: 5f500000
hFile: 2f8 base: 5fd00000
hFile: 2ec base: 629c0000
hFile: 2f0 base: 74d90000
hFile: 2d8 base: 76390000
hFile: 2f4 base: 77c10000
hFile: 2e4 base: 77dd0000
hFile: 2e8 base: 77e70000
hFile: 2cc base: 77f10000
hFile: 2bc base: 7c800000
hFile: 2b8 base: 7c900000
hFile: 2d0 base: 7e410000
>>> Event status 9
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10002
>>> Debug event 6 for 1150.1208
ModLoad: 5d090000 5d12a000 C:\WINDOWS\system32\COMCTL32.DLL
ModLoad: 5d090000 5d12a000 C:\WINDOWS\system32\COMCTL32.DLL
OUTPUT_PROCESS: *** Load dll ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
hFile: 2c8 base: 10200000
hFile: 2fc base: 5d090000
hFile: 2c4 base: 5f400000
hFile: 2d4 base: 5f500000
hFile: 2f8 base: 5fd00000
hFile: 2ec base: 629c0000
hFile: 2f0 base: 74d90000
hFile: 2d8 base: 76390000
hFile: 2f4 base: 77c10000
hFile: 2e4 base: 77dd0000
hFile: 2e8 base: 77e70000
hFile: 2cc base: 77f10000
hFile: 2bc base: 7c800000
hFile: 2b8 base: 7c900000
hFile: 2d0 base: 7e410000
>>> Event status 9
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10002
>>> Debug event 6 for 1150.1208
ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\uxtheme.dll
ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\uxtheme.dll
OUTPUT_PROCESS: *** Load dll ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
hFile: 2c8 base: 10200000
hFile: 300 base: 5ad70000
hFile: 2fc base: 5d090000
hFile: 2c4 base: 5f400000
hFile: 2d4 base: 5f500000
hFile: 2f8 base: 5fd00000
hFile: 2ec base: 629c0000
hFile: 2f0 base: 74d90000
hFile: 2d8 base: 76390000
hFile: 2f4 base: 77c10000
hFile: 2e4 base: 77dd0000
hFile: 2e8 base: 77e70000
hFile: 2cc base: 77f10000
hFile: 2bc base: 7c800000
hFile: 2b8 base: 7c900000
hFile: 2d0 base: 7e410000
>>> Event status 9
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10002
>>> Debug event 6 for 1150.1208
ModLoad: 74720000 7476b000 C:\WINDOWS\system32\MSCTF.dll
ModLoad: 74720000 7476b000 C:\WINDOWS\system32\MSCTF.dll
OUTPUT_PROCESS: *** Load dll ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
hFile: 2c8 base: 10200000
hFile: 300 base: 5ad70000
hFile: 2fc base: 5d090000
hFile: 2c4 base: 5f400000
hFile: 2d4 base: 5f500000
hFile: 2f8 base: 5fd00000
hFile: 2ec base: 629c0000
hFile: 304 base: 74720000
hFile: 2f0 base: 74d90000
hFile: 2d8 base: 76390000
hFile: 2f4 base: 77c10000
hFile: 2e4 base: 77dd0000
hFile: 2e8 base: 77e70000
hFile: 2cc base: 77f10000
hFile: 2bc base: 7c800000
hFile: 2b8 base: 7c900000
hFile: 2d0 base: 7e410000
>>> Event status 9
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10002
>>> Debug event 6 for 1150.1208
ModLoad: 37f00000 37f16000 C:\Program Files\kingsoft\XDict\Cjktl32.dll
ModLoad: 37f00000 37f16000 C:\Program Files\kingsoft\XDict\Cjktl32.dll
OUTPUT_PROCESS: *** Load dll ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
hFile: 2c8 base: 10200000
hFile: 308 base: 37f00000
hFile: 300 base: 5ad70000
hFile: 2fc base: 5d090000
hFile: 2c4 base: 5f400000
hFile: 2d4 base: 5f500000
hFile: 2f8 base: 5fd00000
hFile: 2ec base: 629c0000
hFile: 304 base: 74720000
hFile: 2f0 base: 74d90000
hFile: 2d8 base: 76390000
hFile: 2f4 base: 77c10000
hFile: 2e4 base: 77dd0000
hFile: 2e8 base: 77e70000
hFile: 2cc base: 77f10000
hFile: 2bc base: 7c800000
hFile: 2b8 base: 7c900000
hFile: 2d0 base: 7e410000
>>> Event status 9
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10002
>>> Debug event 6 for 1150.1208
ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\version.dll
ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\version.dll
OUTPUT_PROCESS: *** Load dll ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
hFile: 2c8 base: 10200000
hFile: 308 base: 37f00000
hFile: 300 base: 5ad70000
hFile: 2fc base: 5d090000
hFile: 2c4 base: 5f400000
hFile: 2d4 base: 5f500000
hFile: 2f8 base: 5fd00000
hFile: 2ec base: 629c0000
hFile: 304 base: 74720000
hFile: 2f0 base: 74d90000
hFile: 2d8 base: 76390000
hFile: 30c base: 77c00000
hFile: 2f4 base: 77c10000
hFile: 2e4 base: 77dd0000
hFile: 2e8 base: 77e70000
hFile: 2cc base: 77f10000
hFile: 2bc base: 7c800000
hFile: 2b8 base: 7c900000
hFile: 2d0 base: 7e410000
>>> Event status 9
>> Waiting, 0 elapsed, -1 timeout
>> Continue with 10002
>>> Debug event 7 for 1150.1208
InitializeContext eip 0
Live user clear trace mode
RemoveBreakpoints
Process 0 with 0 bps
>>> Event status 9
Check event IP 7c90eb94 for hard break
InsertBreakpoints PC 7c90eb94
Process 0 with 0 bps
after insert udb 0, dbc 0
OUTPUT_PROCESS: *** exit cleanup ***
id: 1150 Handle: 2b4 index: 0
id: 1208 hThread: 2b0 index: 0 addr: 00402540
hFile: 2c0 base: 00400000
.......