windbg 学习指南<三>

WinDbug调试Debug和Release编译下的程序，要进行相关属性设置，否则默认Release下的程序是不能定位到 WinDbgTest!TTSS::XXXXX里面去的

VS2008的Release中要增加如下的设置：

C/C++->优化->优化：禁用(/0d)

C/C++->优化->全程序优化：否

C/C++->常规->调试信息格式:用于"编辑并继续"的程序数据库 /ZI

链接器->调试->生成程序数据库文件:$(TargetDir)$(TargetName).pdb

另外：先开启程序，并且保留程序生成的.pdb文件，然后将WInDbug Attach到指定的程序 

程序源码如下：

子类：

void TTSS::XXXXX(void)
{
char * temp = (char * )malloc(10000);//new char[20000];
}

父类：

BOOL CWinDbgTestDlg::OnInitDialog()
{
CDialog::OnInitDialog(); 
_ttss = new TTSS();
return TRUE; 
}

void CWinDbgTestDlg::OnBnClickedButton1()
{ 
_ttss->XXXXX(); 
}

先进行Gflags.exe的操作，使程序能够被跟踪操作，如下：

WinDBug调试信息如下：

 WARNING: Whitespace at start of path element
*** wait with pending attach
Symbol search path is: SRV*C:\Program Files\WINDOWS\symbols*http://msdl.microsoft.com/download/symbols;C:\Program Files\WINDOWS\symbols
Executable search path is: 
ModLoad: 00400000 0043a000   F:\Test\WinDbgTest\Debug\WinDbgTest.exe
ModLoad: 7c920000 7c9b6000   C:\WINDOWS\system32\ntdll.dll
ModLoad: 7c800000 7c91e000   C:\WINDOWS\system32\kernel32.dll
ModLoad: 785e0000 78b8f000   C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
ModLoad: 10200000 10323000   C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\MSVCR90D.dll
ModLoad: 77d10000 77da0000   C:\WINDOWS\system32\USER32.dll
ModLoad: 77ef0000 77f39000   C:\WINDOWS\system32\GDI32.dll
ModLoad: 77f40000 77fb6000   C:\WINDOWS\system32\SHLWAPI.dll
ModLoad: 77da0000 77e49000   C:\WINDOWS\system32\ADVAPI32.dll
ModLoad: 77e50000 77ee2000   C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 77fc0000 77fd1000   C:\WINDOWS\system32\Secur32.dll
ModLoad: 77be0000 77c38000   C:\WINDOWS\system32\msvcrt.dll
ModLoad: 5d170000 5d20a000   C:\WINDOWS\system32\COMCTL32.dll
ModLoad: 762f0000 762f5000   C:\WINDOWS\system32\MSIMG32.dll
ModLoad: 770f0000 7717b000   C:\WINDOWS\system32\OLEAUT32.dll
ModLoad: 76990000 76ace000   C:\WINDOWS\system32\ole32.dll
ModLoad: 76300000 7631d000   C:\WINDOWS\system32\IMM32.DLL
ModLoad: 62c20000 62c29000   C:\WINDOWS\system32\LPK.DLL
ModLoad: 73fa0000 7400b000   C:\WINDOWS\system32\USP10.dll
ModLoad: 5adc0000 5adf7000   C:\WINDOWS\system32\UxTheme.dll
ModLoad: 7d590000 7dd84000   C:\WINDOWS\system32\SHELL32.dll
ModLoad: 77180000 77283000   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
ModLoad: 5d360000 5d369000   C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4974_x-ww_19f00fd4\MFC90CHS.DLL
ModLoad: 67340000 6747e000   C:\Program Files\360\360Safe\safemon\safemon.dll
ModLoad: 76bc0000 76bcb000   C:\WINDOWS\system32\PSAPI.DLL
ModLoad: 3e410000 3e4e3000   C:\WINDOWS\system32\WININET.dll
ModLoad: 01eb0000 01eb9000   C:\WINDOWS\system32\Normaliz.dll
ModLoad: 3eab0000 3eaf5000   C:\WINDOWS\system32\iertutil.dll
ModLoad: 77bd0000 77bd8000   C:\WINDOWS\system32\VERSION.dll
ModLoad: 71a20000 71a37000   C:\WINDOWS\system32\WS2_32.dll
ModLoad: 71a10000 71a18000   C:\WINDOWS\system32\WS2HELP.dll
ModLoad: 5fdd0000 5fe25000   C:\WINDOWS\system32\NETAPI32.dll
ModLoad: 74680000 746cc000   C:\WINDOWS\system32\MSCTF.dll
ModLoad: 73640000 7366e000   C:\WINDOWS\system32\msctfime.ime
ModLoad: 02280000 02563000   C:\WINDOWS\system32\SOGOUPY.IME
ModLoad: 10000000 1008c000   C:\Program Files\SogouInput\Components\PicFace\1.0.0.730\PicFace.dll
ModLoad: 76cb0000 76cd0000   C:\WINDOWS\system32\NTMARTA.DLL
ModLoad: 71b70000 71b83000   C:\WINDOWS\system32\SAMLIB.dll
ModLoad: 76f30000 76f5c000   C:\WINDOWS\system32\WLDAP32.dll
ModLoad: 06490000 064df000   C:\Program Files\SogouInput\Components\AddressSearch\1.0.0.1158\AddressSearch.dll
(1d0.16f0): Break instruction exception - code 80000003 (first chance)
eax=7ffd5000 ebx=00000001 ecx=00000002 edx=00000003 esi=00000004 edi=00000005
eip=7c92120e esp=05daffcc ebp=05dafff4 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246
ntdll!DbgBreakPoint:
7c92120e cc              int     3
0:004> g
(1d0.f20): Break instruction exception - code 80000003 (first chance)
eax=7ffd5000 ebx=00000001 ecx=00000002 edx=00000003 esi=00000004 edi=00000005
eip=7c92120e esp=05daffcc ebp=05dafff4 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246
ntdll!DbgBreakPoint:
7c92120e cc              int     3
0:002> !heap -s    (*****多次执行此语句，找出内存占用在增长的那个堆 如此程序：0x0390000***)
NtGlobalFlag enables following debugging aids for new heaps:
    validate parameters
    stack back traces
  Heap     Flags   Reserv  Commit  Virt   Free  List   UCR  Virt  Lock  Fast 
                    (k)     (k)    (k)     (k) length      blocks cont. heap 
-----------------------------------------------------------------------------
00150000 58000062    1024     96     96     12     2     1    0      0   L  
00250000 58001062      64     24     24      8     1     1    0      0   L  
00260000 58008060      64     12     12     10     1     1    0      0      
00390000 58001062    1088    296    296     13     2     2    0      0      
003b0000 58001062    1088    544    544     26     2     2    0      0   L  
003e0000 58001062      64     24     24      2     1     1    0      0   L  
003f0000 58001062      64     20     20      4     1     1    0      0   L  
01ec0000 58000062    1024     24     24      3     1     1    0      0   L  
020d0000 58001062     256     12     12      4     1     1    0      0   L  
02110000 58001062    1088     56     56     37     2     2    0      0   L  
02580000 58001062    3136    796    852     59     5     5    0      0   L  
061c0000 58001062    1088    112    116     57     4     2    0      0   L  
064f0000 58001062      64     52     52      3     1     1    0      0   L  
-----------------------------------------------------------------------------
0:002> !heap -stat -h 0390000                 打开指定堆的信息
 heap @ 00390000
group-by: TOTSIZE max-display: 20
    size     #blocks     total     ( %) (percent of total busy bytes)
    4e44 c - 3ab30  (85.11)
    1035 2 - 206a  (2.94)
    1800 1 - 1800  (2.17)
    1528 1 - 1528  (1.92)
    824 2 - 1048  (1.48)
    238 4 - 8e0  (0.80)
    228 3 - 678  (0.59)
    37 1a - 596  (0.51)
    424 1 - 424  (0.38)
    385 1 - 385  (0.32)
    80 6 - 300  (0.27)
    a0 4 - 280  (0.23)
    244 1 - 244  (0.21)
    3a 9 - 20a  (0.18)
    40 8 - 200  (0.18)
    38 8 - 1c0  (0.16)
    58 5 - 1b8  (0.16)
    41 6 - 186  (0.14)
    44 4 - 110  (0.10)
    42 4 - 108  (0.09)
0:002> !heap -flt s 4e44显示指定大小区域的内存信息
    _HEAP @ 150000
    _HEAP @ 250000
    _HEAP @ 260000
    _HEAP @ 390000
      HEAP_ENTRY Size Prev Flags    UserPtr UserSize - state
        05e30040 09cc 0000  [07]   05e30048    04e44 - (busy)
        05e34ea0 09cc 09cc  [07]   05e34ea8    04e44 - (busy)
        05e39d00 09cc 09cc  [07]   05e39d08    04e44 - (busy)
        05e3eb60 09cc 09cc  [07]   05e3eb68    04e44 - (busy)
        05e439c0 09cc 09cc  [07]   05e439c8    04e44 - (busy)
        05e48820 09cc 09cc  [07]   05e48828    04e44 - (busy)
        05e4d680 09cc 09cc  [07]   05e4d688    04e44 - (busy)
        05e524e0 09cc 09cc  [07]   05e524e8    04e44 - (busy)
        05e57340 09cc 09cc  [07]   05e57348    04e44 - (busy)
        05e5c1a0 09cc 09cc  [07]   05e5c1a8    04e44 - (busy)
        05e61000 09cc 09cc  [07]   05e61008    04e44 - (busy)
        05e65e60 09cc 09cc  [07]   05e65e68    04e44 - (busy)
    _HEAP @ 3b0000
    _HEAP @ 3e0000
    _HEAP @ 3f0000
    _HEAP @ 1ec0000
    _HEAP @ 20d0000
    _HEAP @ 2110000
    _HEAP @ 2580000
    _HEAP @ 61c0000
    _HEAP @ 64f0000
0:002> !heap -p -a 05e57348  显示指定内存地址相关的页堆信息（此处任何一个UserPtr都可以，随便选取） 
    address 05e57348 found in
    _HEAP @ 390000
      HEAP_ENTRY Size Prev Flags    UserPtr UserSize - state
        05e57340 09cc 0000  [07]   05e57348    04e44 - (busy)
        Trace: 0852
        7c98fbca ntdll!RtlDebugAllocateHeap+0x000000e1
        7c96b244 ntdll!RtlAllocateHeapSlowly+0x00000044
        7c939c0c ntdll!RtlAllocateHeap+0x00000e64
        102c103e MSVCR90D!_heap_alloc_base+0x0000005e
        102cfd76 MSVCR90D!_heap_alloc_dbg_impl+0x000001f6
        102cfb2f MSVCR90D!_nh_malloc_dbg_impl+0x0000001f
        102cfadc MSVCR90D!_nh_malloc_dbg+0x0000002c
        102cfa91 MSVCR90D!_malloc_dbg+0x00000021
        78651520 mfc90d!operator new+0x00000020
        7865158e mfc90d!operator new[]+0x0000000e 
        4122cd WinDbgTest!TTSS::XXXXX+0x0000002d
        41323e WinDbgTest!CWinDbgTestDlg::OnBnClickedButton1+0x0000002e
        786d7072 mfc90d!_AfxDispatchCmdMsg+0x000000b2
        786d77ba mfc90d!CCmdTarget::OnCmdMsg+0x000002ea
        786ad5f3 mfc90d!CDialog::OnCmdMsg+0x00000023
        786709d4 mfc90d!CWnd::OnCommand+0x00000174
        7866f649 mfc90d!CWnd::OnWndMsg+0x00000079
        7866f592 mfc90d!CWnd::WindowProc+0x00000032
        7866ca10 mfc90d!AfxCallWndProc+0x000000f0
        7866cfd6 mfc90d!AfxWndProc+0x000000a6
        7866879b mfc90d!AfxWndProcBase+0x0000005b
        77d18734 USER32!InternalCallWinProc+0x00000028
        77d18816 USER32!UserCallWinProcCheckWow+0x00000150
        77d2927b USER32!SendMessageWorker+0x000004a5
        77d292e3 USER32!SendMessageW+0x0000007f
        77d4ff7d USER32!xxxButtonNotifyParent+0x00000041
        77d465d2 USER32!xxxBNReleaseCapture+0x000000f8
        77d25e94 USER32!ButtonWndProcWorker+0x000006df
        77d3b082 USER32!ButtonWndProcA+0x0000005d
        77d18734 USER32!InternalCallWinProc+0x00000028
        77d18816 USER32!UserCallWinProcCheckWow+0x00000150
        77d189cd USER32!DispatchMessageWorker+0x00000306


 

Debug和Release编译下的程序，要尽心相关属性设置，否则默认Release下的程序是不能定位到 WinDbgTest!TTSS::XXXXX里面去的

VS2008的Release中要增加如下的设置：

C/C++->优化->优化：禁用(/0d)

C/C++->优化->全程序优化：否

C/C++->常规->调试信息格式:用于"编辑并继续"的程序数据库 /ZI

链接器->调试->生成程序数据库文件:$(TargetDir)$(TargetName).pdb