windows系统下主要的调试器:
CDB ,只能调试用户程序,没有控制台界面,以命令行形式工作,因为MSVC用的调试器是C:WindowsSystem32vsjitdebugger.exe,所以安装Visual Studio是没有cdb的。必须从WDK里面安装Debugging Tools for Windows。CDB是windbg的小兄弟 NTSD, 只能调试用户程序,没有控制台界面,以命令行形式工作 KD,主要用于内核调试,有时候也用于用户态调试,没有控制台界面,以命令行形式工作 WinDbg,在用户态、内核态下都能够发挥调试功能,采用了可视化的用户界面。
这些调试器需要从sdk中安装,安装完在这里X:Windows Kits10Debuggersx86。
除了windows编译器,还有其他编译器,比如GNU的gdb。
象GDB,CDB这些工具,命令都很多,但是我们只要熟记最常用的"三板斧"就可以工作了。 1.启动 1)直接调试: gdb program [core] cdb program or cdb -z DumpFile 2)attach方式 gdb attach pid cdb -pn ExeName or cdb -p pid 2.显示堆栈 GDB: bt CDB: k 3. 设置断点 GDB: b [file:]line CDB: bp file:line 4. 运行/继续运行 GDB: run [arglist] c 继续运行 CDB: g 5. 单步 GDB : n (step over) s (step into) CDB : p 6. 打印变量的值 GDB : p expr CDB: ? expr 说老实话,CDB过于复杂,学起来比GDB难.用CDB之前设置一下symbol的path set _NT_SYMBOL_PATH=srv*c:symbols*http://msdl.microsoft.com/download/symbols
Action WinDbg GDB
Set breakpoint bp [addr] bp [name] b[reak] *[addr] b[reak] [name]
List breakpoints bl i[nfo] b[reakpoints]
Enable breakpoint be [n] en[able] [n]
Disable breakpoint bd [n] dis[able] [n]
Clear one breakpoint bc [n] d[elete] [n]
Clear all breakpoints bc * d[elete]
Disassemble u u [addr] disas[semble] /r disas[semble] /r [addr]
Run g g [addr] r[un] sta[rt]
Continue g gc c[ontinue]
Restart .restart r[un]
Trace (into calls) t s[tep]
Step (over calls) p n[ext]
Trace (into calls) by machine instruction t s[tep]i
Step (over calls) by machine instruction p n[ext]i
Toggle source mode for stepping l+t l-t n/a - See above. (use si and ni)
List modules lm i[nfo] sh[aredlibrary]
View registers r r [name] i[nfo] r i[nfo] r [name]
View call stack k[b|v|p] i s[tack] bt f[ull]
View threads ~ i[nfo] th[reads]
Switch thread ~[n]s thr[ead] [n]
View all thread stacks ~*k thread apply all bt
Switch frame .frame [n] f[rame] [n]
View memory (8 bytes) dq [addr] L[n] x/[n]xg [addr]
View memory (4 bytes) dd [addr] L[n] x/[n]xw [addr]
View memory (2 bytes) dw [addr] L[n] x/[n]xh [addr]
View memory (1 byte) db [addr] L[n] x/[n]xb [addr]
View memory (ascii) da [addr] L[n] p[rint] (char*)[addr] x/s [addr] x/20c [addr]
View memory (stacked) dds [addr] L[n] x/xw [addr] repeat Enter key
View local variables dv /v x i[nfo] lo[cals] print [var_name] x &[var_name]
View global variables x [mod]!* i[nfo] va[riables] info address [g_name] print [g_name] x &[g_name]
View frame args x kP L1 i[nfo] ar[gs]
View type dt [type] explore [type]
Break on syscall catch syscall [i] catch syscall [name]
Set register r [name]=[value] set $[name]=[value]
Evaluate ? [expr] e.g. ? rax+5 p [expr] e.g. p $r11+5
Quit q q
Notes:
GDB: Prefix breakpoint memory addresses with * GDB: "set disassembly-flavor intel" for disassembly more like WinDbg GDB: "start" runs to the entry point (if named "main") In the View memory commands, "n" represents the number of values For viewing local variables, be sure to compile with symbolic information: gcc -g cl /Zi
