drwtsn32.exe和adplus.vbs进行dump文件抓取

转自:http://hi.baidu.com/justin_wu2010/blog/item/cc31641fa8d84f0f314e15b1.html

 

   以前只在linux和unix下面才用过dump文件抓取的方式进行程序执行异常的分析。对windows却是没有用,因为windows下的调试工具实在是太方便了,基本可以不用其它的工具。其实在windows下对底层和无征兆性的异常很大程度上,dump可以帮忙我们确定问题所在。

    在windows下,进行dump文件获取,常用的工具为drwtsn32.exe和adplus.vbs。drwtsn32.exe是windows系统自带的,在命令行里输入即可调起,比较适合在没有开发环境下的截取;adplus.vbs是windbg带的一个小工具,功能比drwtsn32.exe强大,可以自由(任意时刻)对执行的进程进行dump文件的提取。
   
    drwtsn32.exe(dr.watson)(dr即doctor)界面比较简单,没多少内容,在命令行调起后进行一定的配置,再将它设置为默认调试工具就行了,那么执行程序异常时,就会生成dump文件。注册表中的位置可以进行开关:HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/CurrentVersion/AeDebug/Auto
drwtsn32 参数:
drwtsn32 [-i] [-g] [-p pid] [-e event] [-?]
-i 将 DrWtsn32 当作默认应用程序错误调试程序
-g 被忽略,但作为 WINDBG 和 NTSD 的兼容而被提供
-p pid 要调试的进程 id
-e event 表示进程附加完成的事件
-? 这个屏幕
   
    adplus.vbs参数:

ADPlus uses the following syntax:

adplus.vbs [-quiet] [-c ConfigurationFile] { -hang | -crash }
    { -iis | -pn Process | -p PID | -sc SpawningCommandLine }
    [-notify Name] [-o Directory] [-cdh] [-cdc]
    [-cdj] [-gs ScriptName] [ -ce CustomExceptionCode]
    [-bp BreakpointParameters] [-y SymbolPath]
    [-yp SymbolPathToAdd] [-FullOnFirst] [-MiniOnSecond]
    [-NoDumpOnFirst] [-NoDumpOnSecond] [-NoTlist]
    [-NoTsCheck] [-dbg Debugger]

adplus.vbs -Help

The command line is parsed from left to right. When a target is specified, ADPlus will use all the options it has parsed up to that point. This allows you to create a long command line with multiple targets, specifying different options for each target. One easy way to perform this task is to store options in configuration files and use the -c parameter to point to these files.

Parameters

-quiet
This option tells ADPlus to suppress all modal dialog boxes. This option is useful if you are running ADPlus from within a remote command shell where modal dialog boxes can cause ADPlus to wait indefinitely for a user to press OK.

For best results, make sure this is the first option passed to adplus.vbs.

-c ConfigurationFile
Allows you to provide an external configuration file with additional information. You can use more than one configuration file by using several -c switches. For example:

adplus -c c:/t/file1.cfg   -c c:/t/file2.cfg

You may omit a required switch if the equivalent setting is specified in the configuration file. For details, see ADPlus Configuration Files.

-hang
Configures ADPlus to run in hang mode. When ADPlus is running in hang mode, ADPlus must be started after the process hangs or is consuming high CPU utilization.
-crash
Configures ADPlus to run in crash mode. When ADPlus is running in crash mode, ADPlus must be started before the process crashes or becomes unstable.
-iis
Used to debug Internet Information Server (IIS) 4.0 or later. When you use ADPlus with the -iis option, ADPlus monitors all of the IIS in-process ( Inetinfo.exe) and out-of-process ( Mtx.exe and Dllhost.exe) applications. This option can be used in addition to the -pn or -p options, or it can be used by itself to analyze IIS and all running MTS/COM+ applications in either crash mode or hang mode.

If you are trying to analyze an IIS 3.0 (or earlier), you should use the -pn option and specify Inetinfo.exe as the process to monitor.

-pn Process
Specifies a process name that ADPlus should analyze. Process should include the file extension. To specify more than one process, use multiple -pn options. For example, "-pn process1.exe -pn process2.exe".
-p PID
The -p option is used to specify the process ID (PID) of a process that ADPlus should analyze. To specify more than one process, use multiple -p options. For example, "-p 1896 -p 1702".
-sc SpawningCommandLine
Allows you to provide a command line. The debugger will spawn the process inside the debugger and start monitoring it. This is only allowed in crash mode, and the -sc switch must be the last one to be provided, as everything that is provided after it is considered the command line to be used to spawn the selected process. If you want to spawn more than one process use the -c switch and a configuration file.
-notify Name
This option is only valid when ADPlus is running in crash mode. This option tells ADPlus to send an alert if a crash occurs. Name is the computer or user that will receive the alert. Whenever the debugger detaches from the process due to a second chance exception, or whenever a user presses CTRL+C to stop debugging, a notification will be sent to this computer or remote user or computer through the local messenger service. The local messenger service must be running on the target computer for this to work.
-o Directory
This option tells ADPlus where to place the debug output files. Long file names and file names containing spaces should be placed within double quotation marks. If a UNC path ( //server/share) is used, ADPlus creates a new folder immediately below the UNC path that is specified with the name of the server on which ADPlus is running (for example, //server/share/Web1 or //server/share/Web2). This option is useful if ADPlus is running on multiple computers in a Web farm that are all placing their output on the same network share.
-cdh
Signals ADPlus to use the default configuration file for hang mode. The default configuration file should be called ADP_Default_Hang.cfg and must be stored in the same directory of adplus.vbs.
-cdc
Signals ADPlus to use the default configuration file for crash mode. The default configuration file should be called ADP_Default_Crash.cfg and must be stored in the same directory as adplus.vbs.
-cdj
Signals ADPlus to use the default configuration file for postmortem debugging mode. The default configuration file should be called ADP_Default_JIT.cfg and must be stored in the same directory of adplus.vbs. This is normally used if you decide to use ADPlus as the default postmortem debugger, and the configuration should be similar to hang mode.
-gs ScriptName
When you use this switch, ADPlus will create the script to be used with the debugger with the given name, and will save it to a file. When you use this switch there is no need to select any process to debug.
-ce CustomExceptionCode
Allows you to add custom exceptions to be monitored by the debugger.
-bp BreakpointParameters
Allows you to define breakpoints to be monitored by the debugger. BreakpointParameters has the syntax address ; parameters. The additional parameters must be separated by semicolons and contain no spaces. They can be any of the following:
MiniDump, FullDump or NoDump
Indicates whether you want a dump. The default is no dump.
Integer
Indicates the number of passes to ignore.
Q or QD or G
Indicates whether you want to quit, quit and detach, or go after the action. The default is G.
BP or BU or BM
Indicates the type of debugger command used to create the breakpoint. The default is BP. If you use BM then you can define multiple breakpoints using wildcards in the address.

If you do not include any optional parameters, the default behavior is to create a log, list the call stack, and then let the target run.

-y SymbolPath
Alows you to define the symbol path. This accepts multiple folders separated by semicolons, including references to symbol servers.
-yp SymbolPathToAdd
Allows you to add a symbol path to the path already defined in the debugger . This accepts multiple folders separated by semicolons, including references to symbol servers.
-FullOnFirst
Chooses to have full dumps created on first chance for all defined exceptions. The default behavior is to have minidumps created on first chance. If several first-chance exceptions of the same type happens, the dump files will be overwritten. If you desire another type of behavior you can use the configuration file for additional options.
-MiniOnSecond
Chooses to have mini dumps created on second chance for all defined exceptions. The default behavior is to have full-dumps created on second chance.
-NoDumpOnFirst
Chooses to have no dumps created on first chance for all defined exceptions. The default behavior is to have mini-dumps created on first chance.
-NoDumpOnSecond
Chooses to have no dumps created on second chance for all defined exceptions. The default behavior is to have full-dumps created on second chance.
-NoTlist
If used, ADPlus will not use the TList tool to get the list of running processes. This option should be used only if you are experiencing problems with ADPlus that are related to the TList tool.

If -NoTlist is used, you cannot use the -pn switch. In addition, the dump file names will not include the package name for COM+ applications.

-NoTsCheck
Allows ADPlus to attach to a target in a Terminal Server session, as long as the target was started in the same session as ADPlus. This switch is only needed in Windows 2000 and earlier; if it is not included in those operating systems ADPlus will not be able to use ADPlus in a Terminal Server session. In Windows XP and later versions of Windows, ADPlus can freely attach to targets in Terminal Server, regardless of what session they were started on, and this switch is not needed.
-dbg Debugger
Allows you to select the debugger to be used. The default is CDB, but you can select WinDbg or NTSD instead. Debugger should include the debugger name and the .exe extension.
-Help
Displays help text for ADPlus.

可参考:support.microsoft.com/kb/286350/zh-cn

你可能感兴趣的:(windows,command,File,Crash,Terminal,behavior)