[ WinDbg 명령어 요약 ]
- Debugger Commands : 일반적인 디버거 명령
A (Assemble), U (Unassemble)
BL (Breakpoint List), BC (Breakpoint clear)
BD (Breakpoint Disable), BE (Breakpoint Enable)
BA (Break on Access)
BP, BU (Set Breakpoint) // BU : (unresolved - bp유지)
D, DA, DB, DW, DD (Display Memory)
Dds (Display words and Symbols)
DL (Display Linked List) LIST_ENTRY or SINGLE_LIST_ ...
DS, Ds (Display String)
DT (Display Type)
DV (Display Local Variable)
K, KB, KD, KP KV (Display Stack Backtrace)
E, EA, EB, Ed, EW, EU (Enter Values)
S (Search Memory)
R (Register)
LD (Load Symbol)
LM (List Loaded Symbols)
LN (List Nearest Symbols)
G (Go), P(Step), PC(Step to Next Call)
T (Trace), TB (Trace to next Branch), TC (Trace to Next Call)
WT (Trace and Watch Data)
- Meta Commands : 대부분 디버거 자체를 제어하는 명령 ( .으로 시작 )
.bugcheck (Display Bug Check Data)
.cls (Clear Screen)
.ofilter (Filter Target Output)
.enable_unicode (Enable Unicode Display)
.crash (force System Crash)
.dump (Create Dump File)
.reboot (Reboot Target Computer)
.cxr (Display Context Record)
.exr (Display Exception Record)
.ecxr (Display Exception Context Record)
.trap (Display Trap Frame)
.exepath (Set Executable Path)
.srcpath (Set Source Path)
.sympath (Set Symbol Path)
.symfix (Set Symbol Store Path)
.reload (Reload Module)
.context (Set User-Mode Address Context)
.process (Set Process Context)
.thread (Set Register Context)
.tss (Display Task State Segment)
.load (Load Extension DLL)
- Extension Commands : 윈도우 운영체제에 종속적인 정보를 다루는 명령 ( !으로 시작, 별도의 DLL로 만들어짐 )
!analyze : displays information about the current bug check
!cpuid : displays information about the processors on the system
!error : decodes and displays information about an error value
!gle : displays the last error value for the current thread
!obja : displays the attributes of an object in the object manager
!peb : displays a formatted view of the information in the process environment block(PEB)
!teb : displays a formatted view of the information in the thread environment block (TEB)
!token : displays a formatted view of a security token object
!process : displays information about the specified process or all
!stacks : displays information about the current kernel stacks
!thread : displays summary information about a thread
!zombies : displays all dead ("zombie") processes or threads
!drivers : displays a list of all drivers loaded
!devnode : displays information about a node in the device tree
!devobj : displays detailed information about a DEVICE_OBJECT
!devstack : displays a formatted view of the device stack
!drvobj : displays detailed information about a DRIVER_OBJECT
출처
'IT 그리고 정보보안 > Knowledge base' 카테고리의 다른 글
윈도우 LSA Security Policy Database (0) | 2021.04.13 |
---|---|
윈도우 LSA, SRM (0) | 2021.04.13 |
윈도우 로그인 관리자 (Winlogon.exe) (0) | 2021.04.13 |
윈도우 클라이언트-서버 런타임 서브시스템 (csrss.exe) (0) | 2021.04.13 |
윈도우 세션 관리자 (smss.exe) (0) | 2021.04.13 |