日期:2014-05-16  浏览次数:20413 次

windbg dump分析之分析命令

1. 查看目标系统

vertarget 是version命令的一个功能子集

vertarget显示调试目标所在的操作系统版本

version则会显示调试环境的其它信息

eg:

0:000> version
Windows XP Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
kernel32.dll version: 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)
Machine Name:
Debug session time: Sat Jun 30 08:45:50.437 2012 (GMT+8)
System Uptime: 0 days 1:14:31.091
Process Uptime: 0 days 0:23:58.671
  Kernel time: 0 days 0:00:00.000
  User time: 0 days 0:00:00.015
Live user mode: <Local>


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


command line: '"C:\Program Files\Debugging Tools for Windows (x86)\windbg.exe" '  Debugger Process 0x12C 
dbgeng:  image 6.11.0001.404, built Thu Feb 26 09:55:43 2009
        [path: C:\Program Files\Debugging Tools for Windows (x86)\dbgeng.dll]
dbghelp: image 6.11.0001.404, built Thu Feb 26 09:55:30 2009
        [path: C:\Program Files\Debugging Tools for Windows (x86)\dbghelp.dll]
        DIA version: 11212
Extension DLL search Path:
    C:\Program Files\Debugging Tools for Windows (x86)\WINXP;C:\Program Files\Debugging Tools for Windows (x86)\winext;C:\Program Files\Debugging Tools for Windows (x86)\winext\arcade;C:\Program Files\Debugging Tools for Windows (x86)\pri;C:\Program Files\Debugging Tools for Windows (x86);C:\Program Files\Debugging Tools for Windows (x86)\winext\arcade;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\ThinkPad Wireless LAN Adapter Software;C:\Program Files\Common Files\Lenovo;D:\Program Files\TortoiseSVN\bin;d:\Program Files\T58KTV\9158VirtualCamera\Package\bpl;d:\Program Files\T58KTV\9158VirtualCamera\bin;C:\Program Files\QuickTime\QTSystem\;d:\Program Files\Lua\5.1;d:\Program Files\Lua\5.1\clibs;d:\Program Files\Tencent\QQPCMgr\6.6.2135.201;C:\Program Files\IDM Computer Solutions\UltraEdit\;d:\Program Files\Tencent\QQPCMgr\6.6.2135.201
Extension DLL chain:
    dbghelp: image 6.11.0001.404, API 6.1.6, built Thu Feb 26 09:55:30 2009
        [path: C:\Program Files\Debugging Tools for Windows (x86)\dbghelp.dll]
    ext: image 6.11.0001.404, API 1.0.0, built Thu Feb 26 09:55:30 2009
        [path: C:\Program Files\Debugging Tools for Windows (x86)\winext\ext.dll]
    exts: image 6.11.0001.404, API 1.0.0, built Thu Feb 26 09:55:24 2009
        [path: C:\Program Files\Debugging Tools for Windows (x86)\WINXP\exts.dll]
    uext: image 6.11.0001.404, API 1.0.0, built Thu Feb 26 09:55:26 2009
        [path: C:\Program Files\Debugging Tools for Windows (x86)\winext\uext.dll]
    ntsdexts: image 6.1.7015.0, API 1.0.0, built Thu Feb 26 09:54:43 2009
        [path: C:\Program Files\Debugging Tools for Windows (x86)\WINXP\ntsdexts.dll]


2.查看寄存器值

r

eg:

0:000> r
eax=00