IT 그리고 정보보안/Knowledge base

Windbg 명령어 정리

plummmm 2021. 4. 13. 06:55
반응형

 

 

 

 

 

 

[ WinDbg 명령어 요약 ] 

- Debugger Commands : 일반적인 디버거 명령

A (Assemble), U (Unassemble)

BL (Breakpoint List), BC (Breakpoint clear)
BD (Breakpoint Disable), BE (Breakpoint Enable)

BA (Break on Access)

BP, BU (Set Breakpoint) // BU : (unresolved - bp유지)

D, DA, DB, DW, DD (Display Memory)

Dds (Display words and Symbols)

DL (Display Linked List) LIST_ENTRY or SINGLE_LIST_ ...

DS, Ds (Display String)

DT (Display Type)

DV (Display Local Variable)

K, KB, KD, KP KV (Display Stack Backtrace)

E, EA, EB, Ed, EW, EU (Enter Values)

S (Search Memory)

R (Register)

LD (Load Symbol)

LM (List Loaded Symbols)

LN (List Nearest Symbols)

G (Go), P(Step), PC(Step to Next Call)

T (Trace), TB (Trace to next Branch), TC (Trace to Next Call)

WT (Trace and Watch Data)

 

- Meta Commands : 대부분 디버거 자체를 제어하는 명령 ( .으로 시작 )

.bugcheck (Display Bug Check Data)

.cls (Clear Screen)

.ofilter (Filter Target Output)

.enable_unicode (Enable Unicode Display)

.crash (force System Crash)

.dump (Create Dump File)

.reboot (Reboot Target Computer)

.cxr (Display Context Record)

.exr (Display Exception Record)

.ecxr (Display Exception Context Record)

.trap (Display Trap Frame)

.exepath (Set Executable Path)

.srcpath (Set Source Path)

.sympath (Set Symbol Path)

.symfix (Set Symbol Store Path)

.reload (Reload Module)

.context (Set User-Mode Address Context)

.process (Set Process Context)

.thread (Set Register Context)

.tss (Display Task State Segment)

.load (Load Extension DLL)

 

- Extension Commands : 윈도우 운영체제에 종속적인 정보를 다루는 명령 ( !으로 시작, 별도의 DLL로 만들어짐 )

!analyze : displays information about the current bug check
!cpuid : displays information about the processors on the system
!error : decodes and displays information about an error value
!gle : displays the last error value for the current thread
!obja : displays the attributes of an object in the object manager
!peb : displays a formatted view of the information in the process environment block(PEB)
!teb : displays a formatted view of the information in the thread environment block (TEB)
!token : displays a formatted view of a security token object
!process : displays information about the specified process or all
!stacks : displays information about the current kernel stacks
!thread : displays summary information about a thread
!zombies : displays all dead ("zombie") processes or threads
!drivers : displays a list of all drivers loaded
!devnode : displays information about a node in the device tree

!devobj : displays detailed information about a DEVICE_OBJECT
!devstack : displays a formatted view of the device stack
!drvobj : displays detailed information about a DRIVER_OBJECT 

 

 

출처

http://bbolmin.tistory.com/86

http://thepassion.tistory.com/114

반응형