windbg 和cdbg使用总结

背景

因为要批量分析dump文件。发现可以使用windbg来批量分析dump文件。

如何调用

网络上有很多关于windbg的介绍，但是却很少介绍cdbg，就是windbg的命令行模式 。

常用命令：

cdbg -help的方法
-z dump_path dump路径
-y pdbpath pdb路径
还有更多的详细的命令可以查看 -help

如果你有符号服务器那么你可以设置 环境变量。

常用环境变量

_NT_ALT_SYMBOL_PATH=[Drive:][Path]
    Specify an alternate symbol image path.

_NT_ALT_SYMBOL_PATH=[Drive:][Path]
    Specify an alternate symbol image path.

第一个可以设置远程共享符号器

环境名：_NT_SYMBOL_PATH

环境值： SRV* \192.168.7.4\symbols_release*http://msdl.microsoft.com/download/symbols

本地备份变量：
环境名：_NT_ALT_SYMBOL_PATH
环境值：cache*F:\Temp\symbols;\symbols_server\ReleaseSymbols;\symbols_server\TempSymbols;\symbols_server\WinSymbols

这样就可以了

下面这几个路径，可以看说明：

_NT_SYMBOL_PATH=[Drive:][Path]
        Specify symbol image path.

    _NT_ALT_SYMBOL_PATH=[Drive:][Path]
        Specify an alternate symbol image path.

    _NT_DEBUGGER_EXTENSION_PATH=[Drive:][Path]
        Specify a path which should be searched first for extensions dlls

    _NT_EXECUTABLE_IMAGE_PATH=[Drive:][Path]
        Specify executable image path.

    _NT_SOURCE_PATH=[Drive:][Path]
        Specify source file path.

    _NT_DEBUG_LOG_FILE_OPEN=filename
        If specified, all output will be written to this file from offset 0.

    _NT_DEBUG_LOG_FILE_APPEND=filename
        If specified, all output will be APPENDed to this file.

    _NT_DEBUG_HISTORY_SIZE=size
        Specifies the size of a server's output history in kilobytes

cdb: Invalid switch 'h'
cdb version 6.12.0002.633
usage: cdb [options]

Options:

   command to run under the debugger
  -? displays command line help text
  -- equivalent to -G -g -o -p -1 -d -pd
  -2 creates a separate console window for debuggee
  -a adds a default extension DLL
  -bonc request break in after session started
  -c "" executes the given debugger command at the first debugger
                 prompt
  -cf  specifies a script file to be processed at the first debugger
             prompt
  -cfr  specifies a script file to be processed at the beginning of a
              session (including after .restart)
  -cimp uses implicit create command line from a process server
  -clines <#> number of lines of output history retrieved by a remote client
  -d sends all debugger output to kernel debugger via DbgPrint
     input is requested from the kernel debugger via DbgPrompt
     -d cannot be used with debugger remoting
     -d can only be used when the kernel debugger is enabled
  -ddefer sends all debugger output to kernel debugger via DbgPrint
          input is requested from the kernel debugger via DbgPrompt unless
          there are remote clients that can provide input
          -ddefer can only be used when the kernel debugger is enabled
          -ddefer should be used with -server
  -ee  set default expression evaluator
              can be MASM or C++
  -failinc causes incomplete symbol and module loads to fail
  -g ignores initial breakpoint in debuggee
  -G ignores final breakpoint at process termination
  -hd specifies that the debug heap should not be used for created processes.
      This only works on Windows XP and later
  -i  specifies the location of the executables that generated the
                 fault (see _NT_EXECUTABLE_IMAGE_PATH)
  -iae install as AeDebug debugger
  -iaec  install as AeDebug debugger with given command tail
  -isd sets the CREATE_IGNORE_SYSTEM_DEFAULT flag in STARTUPINFO.dwFlags
       during CreateProcess
  -iu install dbgeng URL protocols
  -kqm turns on kd quiet mode (equivalent to KDQUIET)
  -lines requests that line number information be used if present
  -loga  appends to a log file
  -logau  appends to an Unicode log file
  -logo  opens a new log file
  -logou  opens a new Unicode log file
  -myob ignores version mismatches in DBGHELP.DLL
  -n enables verbose output from symbol handler
  -noinh disables handle inheritance for created processes
  -noio disables all I/O
  -noshell disables the .shell (!!) command
  -o debugs all processes launched by debuggee
  -p  specifies the decimal process ID to attach to
  -pb specifies that the debugger should not break in at attach
  -pd specifies that the debugger should automatically detach
  -pe specifies that any attach should be to an existing debug port
  -pn  specifies the name of the process to attach to
  -pr specifies that the debugger should resume on attach
  -psn  specifies the process to attach to by service name
  -premote :server=,
    specifies the process server to connect to
    transport arguments are given as with remoting
  -pt <#> specifies the interrupt timeout
  -pv specifies that any attach should be noninvasive
  -pvr specifies that any attach should be noninvasive and nonsuspending
  -QR \\ queries for remote servers
  -r  specifies the (0-3) error level to break on (see
                       SetErrorLevel)
  -remote :server=,
    lets you connect to a debugger session started with -server
    must be the first argument if present
      transport: tcp | npipe | ssl | spipe | 1394 | com
      name: machine name on which the debug server was created
      params: parameters the debugger server was created with
        for tcp use:  port=
        for npipe use:  pipe=
        for 1394 use:  channel=
        for com use:  port=,baud=,
                      channel=
        for ssl and spipe see the documentation
      example: ... -remote npipe:server=yourmachine,pipe=foobar
  -robp allows breakpoints to be set in read-only memory
  -s disables lazy symbol loading
  -sdce pops up dialogs for critical errors
  -server :
    creates a debugger session other people can connect to
    must be the first argument if present
      transport: tcp | npipe | ssl | spipe | 1394 | com
      params: connection parameterization
        for tcp use:  port=
        for npipe use:  pipe=
        for 1394 use:  channel=
        for com use:  port=,baud=,
                      channel=
        for ssl and spipe see the documentation
      example: ... -server npipe:pipe=foobar
  -ses enables strict symbol loading
  -sflags  sets symbol flags from a numeric argument
  -sicv ignores the CV record when symbol loading
  -sins ignores the symbol path environment variables
  -snc converts :: to __ in symbol names
  -snul disables automatic symbol loading for unqualified names
  -srcpath  specifies the source search path
  -sup enables full public symbol searches
  -t  specifies the (0-3) error level to display (see
                       SetErrorLevel)
  -v enables verbose output from debugger
  -version shows the build version
  -vf enables default ApplicationVerifier settings
  -vf: enables given ApplicationVerifier settings
  -w specifies to debug 16 bit applications in a separate VDM
  -wake  wakes up a sleeping debugger and exits
  -x sets second-chance break on AV exceptions
  -x{e|d|n|i}  sets the break status for the specified event
  -y  specifies the symbol search path (see _NT_SYMBOL_PATH)
  -z  specifies the name of a crash dump file to debug
  -zp  specifies the name of a page.dmp file to use with a
                      crash dump

Environment Variables:

    _NT_SYMBOL_PATH=[Drive:][Path]
        Specify symbol image path.

    _NT_ALT_SYMBOL_PATH=[Drive:][Path]
        Specify an alternate symbol image path.

    _NT_DEBUGGER_EXTENSION_PATH=[Drive:][Path]
        Specify a path which should be searched first for extensions dlls

    _NT_EXECUTABLE_IMAGE_PATH=[Drive:][Path]
        Specify executable image path.

    _NT_SOURCE_PATH=[Drive:][Path]
        Specify source file path.

    _NT_DEBUG_LOG_FILE_OPEN=filename
        If specified, all output will be written to this file from offset 0.

    _NT_DEBUG_LOG_FILE_APPEND=filename
        If specified, all output will be APPENDed to this file.

    _NT_DEBUG_HISTORY_SIZE=size
        Specifies the size of a server's output history in kilobytes

Control Keys:

      Quit debugger
             Break into Target
      Force a break into debuggee (same as Ctrl-C)
      Debug Current debugger
      Toggle Verbose mode
      Print version information