| Installation/Initializing |
| Linux / Mac OS X(gdb) |
NA
|
| Windows(windbg) |
1. Download WDK 7.1/ 8
2. Sysinternals tools especially procmon(which I use regularly)
3. Set _NT_SYMBOL_PATH = SRV*C:\symcache32*http://msdl.microsoft.com/download/symbols
When we are in a debugging session without setting the _NT_SYMBOL_PATH.
For example we are debugging the notepad.exe and we want to know all the symbols in notepad.exe using x notepad.exe!*
we get an error message similar to this "ERROR: module load completed but symbols could not be loaded for c:\windows\system32\notepad.exe"
This can be avoided by using .symfix which set the default path to "cache*;SRV*http://msdl.microsoft.com/download/symbols".
Here the default directory would be the windbg directory.
Let us say we we want our own symbol cache then we can use .sympath as shown below.
.sympath SRV*c:\Symcache*http://msdl.microsoft.com/download/symbols
|
|
| exit |
| Linux / Mac OS X(gdb) |
quit: this stops the debugging session along with the debuggee.
detach: without killing the debuggee.
|
| Windows(windbg) |
q : this will stop the debugging session along with the debuggee.
qd : this will stop the debugging session without killing the debuggee.(detach)
|
|
| Threads |
| Linux / Mac OS X(gdb) |
|
| Windows(windbg)
|
- ~ : list all the threads in the process
- ~ns : switch to thread (n=0,1,2,3........) ex: ~2s will switch to thread id 2.
- k : call stack of the current thread.
- ~*k : call stack of all threads
|
|
| Stack |
| Linux / Mac OS X(gdb) |
|
| Windows(windbg)
|
- kP : list the call stack with parameters
- dv : dump variables in the stack(runs in the context of the frame)
- dt : dump type of the variable(runs in the context of the frame)
- .frame <num> : switch the frame and then use dv,dt etc...
|
|
No comments:
Post a Comment