WinDbg:如何知道WinDbg发生了中断?

发布于 2024-08-30 06:07:40 字数 132 浏览 4 评论 0原文

如何自动化调试过程?

我有一个 WinDbg 脚本,其中包含一些基本命令,当我附加到 WinDbg 的进程/应用程序中发生中断时,我想运行这些命令。 如何知道WinDbg中有中断,以及如何自动启动脚本

How can I automate the debugging process?

I have a WinDbg script with some basic commands which I want to run when a break occurred in the process/application that I attached to WinDbg. How can I know that there is break in WinDbg, and how to launch the script automatically?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

铁憨憨 2024-09-06 06:07:40

设置断点时可以使用命令字符串选项来运行任何 Windbg 命令。让其运行您的脚本。

例如:

bp  <address to set break> "$><c:\\temp\\dbgscript.txt;g"

我相信如果您的意思是“当进程中发生中断时”“当抛出异常时”,您应该能够使用 sx 命令执行相同的操作。

You can use the command string option when setting the breakpoint to run any windbg command. Have this run your script.

Something like:

bp  <address to set break> "$><c:\\temp\\dbgscript.txt;g"

I believe you should be able to do the same thing with the sx command if you mean "when an exception is thrown" by "when there is a break occurred in the process".

dawn曙光 2024-09-06 06:07:40

Python 示例:

from pykd import *

def bpCallback():

    if is64bitSystem():
        objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", reg("r8") ) 
    else:
        objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", ptrPtr(reg("esp") + 0xC) )  

    name = loadUnicodeString( objAttr.ObjectName )

    dprintln( "NtCreateFile: " + name )

    return DEBUG_STATUS_GO_HANDLED


if not isWindbgExt():
    startProcess("notepad.exe")


if not isDumpAnalyzing() and not isKernelDebugging():
    
    nt = loadModule("ntdll")

    b1 = bp( nt.NtCreateFile, bpCallback )

    # wait for user break, exceptions or process exit
    go()

    dprintln( "stopped" )    

else:

    dprintln( "The debugger must be connected to live usermode process" )    

windbg 的 Python 扩展可在此处获取:
pykd.codeplex.com

Python sample:

from pykd import *

def bpCallback():

    if is64bitSystem():
        objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", reg("r8") ) 
    else:
        objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", ptrPtr(reg("esp") + 0xC) )  

    name = loadUnicodeString( objAttr.ObjectName )

    dprintln( "NtCreateFile: " + name )

    return DEBUG_STATUS_GO_HANDLED


if not isWindbgExt():
    startProcess("notepad.exe")


if not isDumpAnalyzing() and not isKernelDebugging():
    
    nt = loadModule("ntdll")

    b1 = bp( nt.NtCreateFile, bpCallback )

    # wait for user break, exceptions or process exit
    go()

    dprintln( "stopped" )    

else:

    dprintln( "The debugger must be connected to live usermode process" )    

Python extension for windbg abailable here:
pykd.codeplex.com

千纸鹤 2024-09-06 06:07:40

您运行的应用程序是否已附加了 Windbg,还是正在进行 JIT 调试?如果是后者(即,您依赖于 HKLM\Softare\Microsoft\Windows NT\AEDebug\Debugger 中的设置),则只需修改 Debugger 键的值即可使用“-c”命令在之后运行命令调试器附加。

假设是前者,那么您可以尝试使用命名管道或 tcp(使用 .server 命令)启动调试服务器。然后,您可以编写一个控制台应用程序来启动 cdb 实例作为客户端,以连接到前面提到的 Windbg 服务器,并让应用程序解析标准输出,直到看到调试器提示符。然后,您可以从那时起有效地自动化调试会话。因此,它减少了解析练习,可能会包含在 FSM 中,具体取决于您想要的复杂程度。

Are you running the application with windbg already attached, or are you JIT debugging? If the latter (i.e., you're relying on the setting in HKLM\Softare\Microsoft\Windows NT\AEDebug\Debugger), then simply modify the value of the Debugger key to use the "-c" command to run a command after the debugger attaches.

Assuming the former, then you could try starting the debugging server using a named pipe or tcp (with the .server command). You can then write a console app to start an instance of cdb as a client to connect to the aforementioned windbg server and have the app parse stdout until you see the debugger prompt. You can then effectively automate the debugging session from that point on. Thus, it gets reduced a parsing exercise, possibly wrapped in an FSM depending on how complex you want to get.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文