Windbg 在文件打开时中断

发布于 2024-09-18 17:04:32 字数 180 浏览 8 评论 0原文

我有一个 .net 应用程序,但我也没有源代码。我有兴趣确定该应用程序正在访问哪些文件。我认为调试器是实现此目的的好方法。我只在 Linux 领域工作,对 Windows 调试器一无所知。我觉得应该有一种方法可以用 Windbg 来做到这一点,我知道我会如何用 gdb 来实现这一点,但不知道如何用 Windbg 来实现。非常感谢任何帮助或建议。

I have a .net application which I don't have source too. I'm interested in determining what files this application is accessing. I thought that a debugger would be a good way to do this. I work only in the linux world and know nothing about windows debuggers. I feel like there should be a way to do this with windbg, I know how I would go about it with gdb but not with windbg. Any help or advice is much appreciated.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

温馨耳语 2024-09-25 17:04:32

如果您只想监视给定进程的文件系统活动,那么您不会找到比 进程监视器。它还可以做更多的事情,并且是免费的,来自 Sysinternals(现在的 Microsoft)。

进程监视器是一种先进的
Windows 监控工具显示
实时文件系统、注册表和
进程/线程活动。它结合了
两个遗产的特点
Sysinternals 实用程序、Filemon 和
Regmon,并添加了一个广泛的列表
增强功能包括丰富和
无损过滤,
综合事件属性,例如
会话 ID 和用户名,可靠
进程信息,全线程
具有集成符号支持的堆栈
对于每个操作,同时进行
记录到文件等等。它是
独特的强大功能将使
进程监视器是您的核心实用程序
系统故障排除和恶意软件
狩猎工具包。

If you just want to monitor file system activity for a given process then you won't find anything better than Process Monitor. It does lots more too and it's free from Sysinternals (now Microsoft).

Process Monitor is an advanced
monitoring tool for Windows that shows
real-time file system, Registry and
process/thread activity. It combines
the features of two legacy
Sysinternals utilities, Filemon and
Regmon, and adds an extensive list of
enhancements including rich and
non-destructive filtering,
comprehensive event properties such
session IDs and user names, reliable
process information, full thread
stacks with integrated symbol support
for each operation, simultaneous
logging to a file, and much more. Its
uniquely powerful features will make
Process Monitor a core utility in your
system troubleshooting and malware
hunting toolkit.

沉默的熊 2024-09-25 17:04:32

如果您只想知道正在访问哪些文件,Stu 是对的。
但是,如果您想了解有关调试 .net 应用程序的更多信息,可以在将 SOS.dll 加载到 Windbg 中时在 .net 代码上放置断点。它比我在这里描述的要复杂得多,但您可以 Google Windbg 和 SOS.DLL 来查找更多信息。 Tess Ferrandez 有一个很棒的博客,您可能也会觉得有用:http://blogs.msdn.com /b/苔丝/

Stu is right if you just want to know what files are being accessed.
But if you want to know more about debugging .net apps, you can place break points on .net code when you have SOS.dll loaded into windbg. It's more involved than I can describe here, but you can Google windbg and SOS.DLL to find more info. Tess Ferrandez has a great blog that you may find useful, too: http://blogs.msdn.com/b/tess/

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文