WinDbg is a powerful debug tool whichcan help programmer to locate the issues in a short time, especially incase there is no development environment. If the software product hasbeen deployed to the customers' workstation and an issue occurred, canyou ask your customer to install a visual studio for you to diagnosticit? Ofcourse not. Thus, WinDbg can help you in this situation. Thisarticle is to introduce how to start your trip on WinDbg. Hope it ishelpful for you, enjoy it!
1.Download andinstall Debugging Tools for Windows
http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx
2.Setup environmentvariables to point to Microsoft Symbol server
_NT_SYMBOL_PATH = http://msdl.microsoft.com/download/symbols
OR
Specify it from[File]->[Symbol File Path...] in the menu of WinDbg UI
3.Start to debug theprogram you want to debug
a. start the programfrom windbg :[File]->[Open Executable...]
b. attach windbg toan existing process:[File]->[Attach to a process...]
c. automaticallyattach a debugger to an application when it starts to run:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options
Create a newregistry key with the name of the process you want todebug, add an stringvalue "Debugger", set the data to the full path ofntsd.exe. It willuse ntsd.exe to debug the process you specified here.
4.Use command todebug the program
| Category | Command | Description | Example |
| RUN | F10/p | Step over |
|
|
| F11/t | Step into |
|
|
| Shift+F11/gu | Step out |
|
|
| F5/g | Go |
|
|
| F9 | Insert/Remove breakpoint |
|
| Display | dv | Display local variable |
|
|
| R | Display register | R ecx |
|
| U | Show usassemble | U WindbgEx1!Example2 |
|
| kb | Display stack trace |
|
|
| .lastevent | Last exception record |
|
|
| bl | List all of the breakpoints |
|
|
| lm | List all of the loaded modules |
|
|
| ~ | Display all threads |
|
|
| .hh | help | .hh dbgerr005 |
| QUIT | Q |
|
|
5.Example
First of all, startthe process you want to debug:[File]->[Open Executable...].
Click [Call stack]icon in UI or Alt+6 to sett the call stack, Alt+2 to show the Watch window...
Add breakpoint insource code, and F5 to run into the breakpoint, see the illustration below:
Now, it is the sameas the Visual Studio platform. F10 to step over, and F11 to step into.
Press F5 to run intothe breakpoint, the variable is displayed in Locals window.
Press F5 to continuethe process, an exception raised anddisplayed in Command window:
0:000> g
(1668.1920): Integerdivide-by-zero - code c0000094 (first chance)
First chance exceptions arereported before any exception handling.
This exception may be expectedand handled.
WindbgEx1!Example2+0x2d:
00000001`3f27117d f7f9 idiv eax,ecx
We can display theregister using the "r" command:
0:000> r ecx
ecx=0
0:000> r eax
eax=47
From the assemblyand register value, we can find the reason of the exception.
Note: First chanceexceptions are thrown from the application, whichgets a change to handle theexception, if the application does not handlethe exception, the debugger willcatch it and has another change, we canit second change exception, to handle it.
联系客服
