我想在每次windbg启动时运行一个初始命令,然后我不得不一直使用windbg -c blabla
。
是否有要写入的配置文件/注册表项?因此windbg在启动时自动运行它们,既可以作为调试器,也可以由用户手动启动
答案 0 :(得分:2)
每次加载时都会加载一堆第三方扩展和补丁系统DLL
检验一些假设。为了反复这样做,我在c:\initwind.txt
之类的地方创建了一些文本文件,并将所有初始化内容放入此文本文件中。示例文件内容如下:
C:\>type initwind.txt
.echo windbg is starting
.echo loading extra extension sdbgext
.load sdbgext
.echo loading extra extension domdbg
.load domdbg
.echo patching ntdll for leet stuff
u 7c94b8a1 l1
eb 7c94b8a1+3 00
u 7c94b8a1 l1
为了利用这个文本文件,我在PATH
创建了一个bat文件,其内容粘贴在下面。
注意使用-cfr
用于cdb / kd和-c $$>a<
用于windbg以使用相同的文件。
此外,正如Ed Chum评论的那样,您可以将以下内容添加到AeDebug:
C:\>reg query "hklm\software\microsoft\windows nt\currentversion\aedebug" /v Debugger
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\aedebug
Debugger REG_SZ "windbg.exe" -p %ld -e %ld -g -c "$$>a< c:\initwind.txt"
bat文件的内容
C:\>type c:\WINDOWS\rundbg.bat
@ECHO OFF
IF "%1" == "windbg" goto windbg
IF "%1" == "cdb" goto cdb
IF "%1" == "lkd" goto lkd
IF "%1" == "" goto usage
:windbg
IF NOT "%2" == "" goto startwindapp
@call windbg.exe -c "$$>a< c:\initwind.txt"
goto exit
:startwindapp
@call windbg.exe -c "$$>a< c:\initwind.txt" %2
goto EXIT
:cdb
IF NOT "%2" == "" goto startcdbapp
@call cdb.exe -cfr "c:\initwind.txt"
goto exit
:startcdbapp
@call cdb.exe -cfr "c:\initwind.txt" %2
goto EXIT
:lkd
IF NOT "%2" == "" goto startkdapp
@call kd.exe -kl -cfr "c:\initwind.txt"
goto exit
:startkdapp
@call kd.exe -kl -cfr "c:\initwind.txt" %2
goto EXIT
:usage
echo runwind.bat ^<debugger viz windbg/cdb/kd^> ^<executable / other commands^>
goto exit
:exit
C:\>
我现在可以从任何命令提示符启动windbg / cdb / kd -kl等 甚至从开始 - &gt;运行,我可以重启目标n次,而不必担心一次又一次地执行初始化。
示例输出如下,显示calc.exe
下的cdb.exe
并使用calc
命令再次重新启动.restart
。
要更改init命令,您只需编辑c:\initwind.txt
。
C:\>rundbg cdb calc
CommandLine: calc
ntdll!DbgBreakPoint:
7c90120e cc int 3
0:000> .echo windbg is starting
windbg is starting
0:000> .echo loading extra extension sdbgext
loading extra extension sdbgext
0:000> .load sdbgext
0:000> .echo loading extra extension domdbg
loading extra extension domdbg
0:000> .load domdbg
dom WinDBG extension v0.3 loaded
0:000> .echo patching ntdll for leet stuff
patching ntdll for leet stuff
0:000> u 7c94b8a1 l1
ntdll!RtlAllocateHeapSlowly+0xde6:
7c94b8a1 81e3ff0fffff and ebx,0FFFF0FFFh
0:000> eb 7c94b8a1+3 00
0:000> u 7c94b8a1 l1
ntdll!RtlAllocateHeapSlowly+0xde6:
7c94b8a1 81e3ff00ffff and ebx,0FFFF00FFh
0:000> .echo checking the extension chain
checking the extension chain
0:000> .extcmds
.load ntsdexts
.load uext
.load exts
.load ext
.load dbghelp
.load sdbgext
.load domdbg
0:000> .restart
CommandLine: calc
ntdll!DbgBreakPoint:
7c90120e cc int 3
0:000> .echo windbg is starting
windbg is starting
0:000> .echo loading extra extension sdbgext
loading extra extension sdbgext
0:000> .load sdbgext
0:000> .echo loading extra extension domdbg
loading extra extension domdbg
0:000> .load domdbg
dom WinDBG extension v0.3 loaded
0:000> .echo patching ntdll for leet stuff
patching ntdll for leet stuff
0:000> u 7c94b8a1 l1
ntdll!RtlAllocateHeapSlowly+0xde6:
7c94b8a1 81e3ff0fffff and ebx,0FFFF0FFFh
0:000> eb 7c94b8a1+3 00
0:000> u 7c94b8a1 l1
ntdll!RtlAllocateHeapSlowly+0xde6:
7c94b8a1 81e3ff00ffff and ebx,0FFFF00FFh
0:000> .echo checking the extension chain
checking the extension chain
0:000> .extcmds
.load ntsdexts
.load uext
.load exts
.load ext
.load dbghelp
.load sdbgext
.load domdbg
0:000>
答案 1 :(得分:0)