10.windbg-r

r

r 命令显示或修改寄存器、浮点寄存器、标志位、伪寄存器和预定义别名。

0:000> r   ///<直接用r，会显示当前线程的寄存器状态
eax=00000000 ebx=00000000 ecx=a5cd0000 edx=0011e128 esi=fffffffe edi=00000000
eip=77e7129b esp=0022f740 ebp=0022f76c iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246

0:002> ~0s  ///< 切换到0号线程
eax=00000000 ebx=003bf8ec ecx=00000006 edx=00000000 esi=00000003 edi=552a6740
eip=76c07cb0 esp=003bf79c ebp=003bf824 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
kernel32!VDMConsoleOperation+0x1c8:
76c07cb0 83c404          add     esp,4
0:000> r  ///<<span style="font-family: Arial, Helvetica, sans-serif;">直接用r，会显示当前线程的寄存器状态</span><span style="font-family: Arial, Helvetica, sans-serif;"> </span>
eax=00000000 ebx=003bf8ec ecx=00000006 edx=00000000 esi=00000003 edi=552a6740
eip=76c07cb0 esp=003bf79c ebp=003bf824 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
kernel32!VDMConsoleOperation+0x1c8:
76c07cb0 83c404          add     esp,4
0:000> ~0 r ///< 显示0号线程
eax=00000000 ebx=003bf8ec ecx=00000006 edx=00000000 esi=00000003 edi=552a6740
eip=76c07cb0 esp=003bf79c ebp=003bf824 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
kernel32!VDMConsoleOperation+0x1c8:
76c07cb0 83c404          add     esp,4
0:000> ~* r  ///< 显示所有线程
eax=00000000 ebx=003bf8ec ecx=00000006 edx=00000000 esi=00000003 edi=552a6740
eip=76c07cb0 esp=003bf79c ebp=003bf824 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
kernel32!VDMConsoleOperation+0x1c8:
76c07cb0 83c404          add     esp,4
eax=00000001 ebx=00000000 ecx=00000000 edx=01121028 esi=00000000 edi=006cfeb0
eip=011213de esp=006cfde4 ebp=006cfeb0 iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
test1!ThreadProc+0x1e:
011213de b801000000      mov     eax,1
eax=7efd7000 ebx=00000000 ecx=00000000 edx=77e6fb5a esi=00000000 edi=00000000
eip=77de000c esp=0092fb8c ebp=0092fbb8 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000244
ntdll!DbgBreakPoint:
77de000c cc              int     3

 改变0号线程寄存器的值

0:000> ~0 r eax=0x12345
0:000> ~0 r
eax=00012345 ebx=003bf8ec ecx=00000006 edx=00000000 esi=00000003 edi=552a6740

0:000> ~0 r eax
eax=00012345

改变所有线程寄存器的值

0:000> ~* r eax=0x11111
0:000> ~* r eax
eax=00011111
eax=00011111
eax=00011111

0x10

显示MMX寄存器。

0:000> ~0 rM 10 
mm0=0000000000000000  mm1=0000000000000000
mm2=0000000000000000  mm3=0000000000000000
mm4=0000000000000000  mm5=0000000000000000
mm6=0000000000000000  mm7=0000000000000000