本文共 1894 字,大约阅读时间需要 6 分钟。
32bit和64bit切换:!wow64exts.sw
查看进程运行的时间:vertarget
查看依赖的动态库(包含dll的路径):lmf
查看pdb文件:lm
查看所有的线程堆栈:~*kbn
切换线程:~20s
切换线程上的栈信息:.frame x (x代表的堆栈)
输出信息到日志:.logopen c:text.log &&.logclose
自动分析:!analyze -v
查看所有线程的优先级:~* (Priority)
显示锁信息:!lcoks
列出CriticalSection的详细信息:!cs
保存dmp信息:.dump /ma C:\dumps\myapp.dmp
查看某个handle的具体信息:!handle xxx f
设置远程symbol位置:SRV*D:\SymbolLocal*http://msdl.microsoft.com/download/symbols
重新加载所有的符号表:.reload /f
每个线程消费的时间:!runaway 0x1(0x1代表的是线程消耗的用户模式时间,0x2代表消耗的内核时间,0x4每个线程从插件经历了多少时间)
显示当前作用域的所有局部变量的名字和值:dv
查看内存地址上的数据:db xxx (字节值和ASCII字符)
!heap相关介绍:
| Option | Effect |
|---|---|
| -v | Causes the debugger to validate the specified heap. |
| -a | Causes the display to include all information for the specifiedheap. Size, in this case, is rounded up to theheap granularity. (Running!heap with the-a option is equivalent to running it with the three options-h -f -m, which can take a long time.) |
| -h | Causes the display to include all entries for the specifiedheap. |
| -f | Causes the display to include all the free list entries for the specifiedheap. |
| -m | Causes the display to include all the segment entries for the specifiedheap. |
| -t | Causes the display to include the tag information for the specifiedheap. |
| -T | Causes the display to include the pseudo-tag entries for the specifiedheap. |
| -g | Causes the display to include the global tag information. Global tags are associated with each untagged allocation. |
| -s | Causes the display to include summary information for the specifiedheap. |
| -k | (x86-based targets only) Causes the display to include the stack backtrace associated with each entry. |
!heap -s 查看地址上的堆信息
!heap -stat -h 04920000 去观察这段内存(04920000)的详细情况,可以看到这地址上的内存分布
!heap -flt s 4 去查进程中size=4的所有内存
!heap -p -a 0365e8f0查看堆上的调用堆栈
u 相关介绍
如果要反汇编某一个地址,直接用u命令加地址,如果存在符号文件,也可以这样直接加函数名。
ub 指示要反汇编的区域是向后计算的,如果使用了ubAddress ,反汇编区域是以Address结束的8或9条指令。如果用ubAddressLLength语法指定区域,则反汇编以Address结尾的指定长度的内容。
uf 命令显示内存中指定函数的反汇编代码。
转载地址:http://vtqxi.baihongyu.com/