{"id":108,"date":"2009-08-24T02:52:28","date_gmt":"2009-08-24T02:52:28","guid":{"rendered":"http:\/\/www.houquner.com\/?p=397"},"modified":"2009-08-24T02:52:28","modified_gmt":"2009-08-24T02:52:28","slug":"%e7%94%a8%e6%88%b7%e5%bc%82%e5%b8%b8%e5%a4%84%e7%90%86%e7%9a%84%e4%b8%80%e4%ba%9b%e5%bf%83%e5%be%97-zz","status":"publish","type":"post","link":"https:\/\/www.houquner.com\/index.php\/archives\/108","title":{"rendered":"\u7528\u6237\u5f02\u5e38\u5904\u7406\u7684\u4e00\u4e9b\u5fc3\u5f97 ZZ"},"content":{"rendered":"<p>\u4ecealisdn\u4e0a\u8f6c\u8fc7\u6765\u7684\uff0c\u5f88\u5168\u9762\uff0c\u4e0d\u9519\u7684\u4e1c\u897f\u3002<\/p>\n<ol>\n<li>\u8bbe\u7f6ewindbg\u7684\u7b26\u53f7\u65b9\u5f0fsrv<em>d:symbols<\/em><a href=\"http:\/\/msdl.microsoft.com\/download\/symbols\">http:\/\/msdl.microsoft.com\/download\/symbols<\/a><\/li>\n<li>\u5982\u4f55\u8bbe\u7f6ewindbg\u7684\u8fdc\u7a0b\u8c03\u8bd5\u6a21\u5f0f\u3002<br \/>\n\u8fdc\u7a0b\u8c03\u8bd5\u6700\u597d\u7684\u662fdbgsvr\u6a21\u5f0f\uff0c\u5373\u7b26\u53f7\u53ef\u4ee5\u4f4d\u4e8e\u8c03\u8bd5\u673a\u7684\u6a21\u5f0f<br \/>\n1) \u5728\u76ee\u6807\u673a\u5668\u4e0aC:Program FilesDebugging Tools for Windows&gt;dbgsrv.exe -t tcp:port=1234,password=spat<br \/>\n2) \u5728\u4f60\u7684\u673a\u5668\u4e0a windbg.exe -premote tcp:server=192.168.1.102,port=1234,password=spat -p 596  \/\/where 596 = PID of target<br \/>\n3) \u6700\u540e\u53ea\u8981\u8bbe\u7f6e\u4f60\u81ea\u5df1\u7684\u7b26\u53f7\u5373\u53ef<\/li>\n<li>\u5982\u4f55\u8bbe\u7f6ewindbg \u53ef\u4ee5\u4f7f\u7528!address\u547d\u4ee4<br \/>\n\u53c2\u71671\u8bbe\u7f6e\u8def\u5f84\u5373\u53ef\u3002 <\/li>\n<li>sys\u7684\u6293\u53d6dump\u7684\u5de5\u5177\u6761 \/developer:thesys<br \/>\n1) sys\u7684\u5de5\u5177<br \/>\n2) windbg .dump \/ma c:mydump.dmp \u6216\u8005\u53c2\u8003windbg \u7684.dump\u547d\u4ee4<br \/>\n3) adplus \u65b9\u5f0f<br \/>\n  adplus -crash -pn test.exe -o c:mydumps<br \/>\n  adplus -hang -pn test.exe -o c:mydumps<\/li>\n<li>\n<p>\u8c03\u8bd5\u5668\u968f\u7a0b\u5e8f\u542f\u52a8\u8c03\u8bd5<br \/>\n1). \u4f7f\u7528\u5168\u5c40\u6807\u5fd7\u7f16\u8f91\u5668 (Gflags.exe)<br \/>\nHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options<br \/>\n\u8bf7\u6ce8\u610f Gflags.exe \u6587\u4ef6\u901a\u5e38\u4f4d\u4e8e\u4ee5\u4e0b\u76ee\u5f55\uff1a C:Program Files Debugging Tools for Windows\u3002<br \/>\n\u8fd0\u884c Gflags.exe \u6587\u4ef6\u4ee5\u542f\u52a8\u5168\u5c40\u6807\u5fd7\u7f16\u8f91\u5668\u3002<br \/>\n\u5728 \u56fe\u50cf\u6587\u4ef6\u540d\u79f0 \u6587\u672c\u6846\u4e2d\uff0c\u952e\u5165\u627f\u8f7d\u60a8\u8981\u8c03\u8bd5\u7684\u670d\u52a1\u7684\u8fdb\u7a0b\u7684\u6620\u50cf\u540d\u79f0\u3002 \u662f\u4f8b\u5982\u5982\u679c\u60a8\u8981\u8c03\u8bd5\u7531\u5177\u6709 MyService.exe \u4f5c\u4e3a\u56fe\u50cf\u540d\u79f0\u7684\u8fdb<br \/>\n\u7a0b\u627f\u8f7d\u7684\u670d\u52a1\uff0c\u952e\u5165 MyService.exe \u3002\u76ee\u6807 \u4e0b, \u5355\u51fb\u4ee5\u9009\u62e9 \u56fe\u50cf\u6587\u4ef6\u9009\u9879 \u9009\u9879\u3002\u56fe\u50cf\u8c03\u8bd5\u5668\u9009\u9879 \uff0c\u4e0b\u5355\u51fb\u4ee5\u9009\u4e2d \u8c03\u8bd5\u5668 \u590d\u9009\u6846\u3002<br \/>\n\u8c03\u8bd5\u5668 \u6587\u672c\u6846\u4e2d\u952e\u5165\u60a8\u8981\u4f7f\u7528\u7684\u8c03\u8bd5\u5668\u7684\u5b8c\u6574\u8def\u5f84\u3002 \u662f\u4f8b\u5982\u5982\u679c\u60a8\u8981\u4f7f\u7528 WinDbg \u8c03\u8bd5\u5668\u8c03\u8bd5\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u952e\u5165\u7c7b\u4f3c\u4e8e\u4ee5\u4e0b\u5185\u5bb9\u7684\u5b8c\u6574\u8def<br \/>\n\u5f84\uff1a C:Program Files Debugging Tools\uff0cfor Windowswindbg.exe \u5355\u51fb \u5e94\u7528 \uff0c\u7136\u540e\u5355\u51fb \u786e\u5b9a \u4ee5\u9000\u51fa\u5168\u5c40\u6807\u8bb0\u7f16\u8f91\u5668\u3002<\/p>\n<p>or <a href=\"http:\/\/support.microsoft.com\/?kbid=824344\">http:\/\/support.microsoft.com\/?kbid=824344<\/a><br \/>\n2) \u5728\u6b64\u952e\u503c\u4e0b\u5efa\u7acbDebugger=c:mydbgautodump.bat \u5185\u5bb9\u5982\u4e0b:<br \/>\n cscript.exe c:debuggersadplus.vbs -crash -o c:mydumps -sc %1<\/p>\n<\/li>\n<li>\n<p>\u66ff\u6362\u76ee\u6807\u673a\u5668\u4e0a\u7684\u9ed8\u8ba4\u8c03\u8bd5\u5668\u6bd4\u5982Dr. Watson<br \/>\n1) drwtsn32.exe \u80fd\u591f\u542f\u52a8\uff0c\u53e6\u5916\u6dfb\u52a0 -i \u53c2\u6570\u53ef\u4ee5\u6ce8\u518c\u5b83\u4f5c\u4e3a\u8c03\u8bd5\u5668<br \/>\n2) \u7f16\u8f91aedebug<br \/>\n  HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersion AeDebug<br \/>\n3) \u66ff\u6362Debugger \u4ecedrwtsn32.exe -p %ld -e %ld -g \u4e3a<br \/>\n  windbg.exe -p %ld -e %ld -c \u201c.dump \/mfh c:myfile.dmp;q\u201d<\/p>\n<\/li>\n<li>\n<p>\u5e38\u89c1windbg \u547d\u4ee4<br \/>\n1) r d e read\/dump\/edit registry<br \/>\n2) d \u53ef\u6269\u5c55\u4e3add dc db dw \u7b49<br \/>\n3) dds \u53ef\u4ee5\u67e5\u770besp\u4e0a\u7684stack\u7b26\u53f7\u5217\u8868 \uff0c \u4e5f\u53ef\u786e\u8ba4vtable\u662f\u5426\u5408\u6cd5<br \/>\n   dds esp<br \/>\n   x t2!A::<code>vftable<\/code> \u2026. , dds addr<br \/>\n4) s -a\/-u address length pattern   \u53ef\u4ee5\u67e5\u8be2asii\u6216\u8005unicode\u7684\u5b57\u7b26\u4e32\u5728\u8303\u56f4\u5185<br \/>\n    s -a 00400000 L?50000 \u201ctaobao.com\u201d<br \/>\n5) ba [r\/e][1\/2\/4] var\/address \u53ef\u4ee5\u8bbe\u5b9a\u6307\u5b9a\u5730\u5740\u7684\u8bbf\u95ee\u65ad\u70b9<br \/>\n6) !runaway \u53ef\u4ee5\u67e5\u770b\u7ebf\u7a0b\u5bf9\u65f6\u95f4\u7684\u5360\u7528<br \/>\n7) ~<em>kb \u53ef\u4ee5\u67e5\u770b\u6240\u6709\u7ebf\u7a0b\u7684\u5806\u6808<br \/>\nx var\/symbol \u53ef\u4ee5\u67e5\u770b\u5730\u5740\uff0c\u6bd4\u5982 x msvcrt!printf<br \/>\n9) u address , \u53ef\u4ee5\u53cd\u6c47\u7f16\u6307\u5b9a\u5730\u70b9\u7684\u4ee3\u7801<br \/>\n10) \u8d85\u8fc73\u4e2a\u53c2\u6570\u7684\u68c0\u67e5<br \/>\n  .frame \/r framen<br \/>\n  \u67e5\u770besp\uff0c\u7136\u540e\u627e\u5230\u60f3\u8981\u7684\u53c2\u6570<br \/>\n  dd\/du\/dc address \u5373\u53ef<br \/>\n11)dt \u663e\u793a\u6307\u5b9a\u5730\u5740\u5904\u7684\u5185\u5b58\u7ed3\u6784<br \/>\n  dt this \u2026 dt this CMyClass<br \/>\n12) wt \u9012\u5f52\u663e\u793a\u6240\u5728\u70b9\u4e4b\u540e\u7684\u8c03\u7528\u72b6\u51b5 , wt -l2 \u9012\u5f52\u5c55\u793a\u4e24\u7ea7<br \/>\n13) \u5f02\u5e38\u65ad\u70b9\u7684\u8bbe\u7f6e<br \/>\n   sxx\/sxn\/sdd \u542f\u7528<br \/>\n   sx{e|d|i|n} [-c &#8220;Cmd1&#8221;] [-c2 &#8220;Cmd2&#8221;] [-h] {Exception|Event|<\/em>}<br \/>\n   cmd1\u8868\u793a first change , cmd2 sencond change<br \/>\n   \u4e3e\u4f8b\u6765\u8bf4\uff0c\u67d0\u4e2a\u6a21\u5757\u52a0\u8f7d\u65f6\u5019:<br \/>\n   sxe ld:t2.dll<br \/>\n   \u8fd9\u6837\u5f53\u52a0\u8f7dt2.dll \u65f6\u5019\u5c06\u89e6\u53d1\u4e00\u4e2a\u65ad\u70b9<br \/>\n   av : Access violation<br \/>\n   eh: C++ EH exception<br \/>\n   \u2026.<br \/>\n14) \u4e00\u4e9b\u7a0d\u9ad8\u7ea7\u7684\u8c03\u8bd5\u7edf\u8ba1\u6307\u4ee4<br \/>\n   ba w4 t2!g_cnt \u201cj (poi(t2!g_1)  cmp12.log<br \/>\n  \u7acb\u523b\u80fd\u591f\u770b\u5230\u4ee5\u5185\u5b58\u589e\u91cf\u6392\u5e8f\u7684backtrace\u7684\u5217\u8868\uff0c\u7136\u540e\u53ef\u4ee5\u5177\u4f53\u67e5\u770b\u8fd9\u4e2abacktrace\u7136\u540e<br \/>\n  \u4f7f\u7528!heap -p -a addr \u6765\u770bcallstack<\/p>\n<\/li>\n<\/ol>\n<p>\u5c1d\u8bd5\u7684\u65b9\u5f0f\u548c\u624b\u6bb5<\/p>\n<ol>\n<li>vertarget \u770b\u770b\u7cfb\u7edf\u8fd0\u884c\u4e86\u591a\u4e45\u4e86<\/li>\n<li>!peb \u67e5\u770b\u73af\u5883\u4fe1\u606f<\/li>\n<li>\u67e5\u770b\u662f\u5426\u6709msvcrd.dll \u8fd9\u7c7bdebug\u7684dll\u52a0\u8f7d<\/li>\n<li>lmf \u67e5\u770b\u662f\u5426\u6709unload\u7684\u6a21\u5757\uff0c\u662f\u5426\u6b63\u5e38<\/li>\n<li>!analyze -v \u89c2\u5bdf\u95ee\u9898\u63cf\u8ff0<\/li>\n<\/ol>\n<p>\u8f6c\u8f7d\u8bf7\u6ce8\u660e\uff1a<a href=\"https:\/\/www.houquner.com\">Kermit\u7684\u7f51\u7ad9<\/a> &raquo; <a href=\"https:\/\/www.houquner.com\/index.php\/archives\/108\">\u7528\u6237\u5f02\u5e38\u5904\u7406\u7684\u4e00\u4e9b\u5fc3\u5f97 ZZ<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>\u4ecealisdn\u4e0a\u8f6c\u8fc7\u6765\u7684\uff0c\u5f88\u5168\u9762\uff0c\u4e0d\u9519\u7684\u4e1c\u897f\u3002 \u8bbe\u7f6ewindbg\u7684\u7b26\u53f7\u65b9\u5f0fsrvd:symbolshttp:\/\/msdl.microsoft.com\/download\/symbols \u5982\u4f55\u8bbe\u7f6ewindbg\u7684\u8fdc\u7a0b\u8c03\u8bd5\u6a21\u5f0f\u3002 \u8fdc\u7a0b\u8c03\u8bd5\u6700\u597d\u7684\u662fdbgsvr [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-108","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts\/108"}],"collection":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/comments?post=108"}],"version-history":[{"count":0,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts\/108\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/media?parent=108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/categories?post=108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/tags?post=108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}