WinDBG is a great, free tool. It is more powerful than Visual Studio's built-in debugger, but is harder to use (kind of like gdb on Linux). You can retrieve the latest version from Microsoft's web site. You should end up with two versions of the tool: the 32-bit debugger and the 64-bit debugger.

Initial setup

Once you're started, you may wish to fix a few things. If you have run WinDbg before and saved any workspaces, you may wish to start with a clean slate by deleting the key HKCU\Software\Microsoft\Windbg using your favorite registry editor.
  1. Set the environment variable _NT_SYMBOL_PATH, as per Symbol path for Windows debuggers (e.g., File -> Symbol Search Path), to:

    SRV*c:\code\symbols*https://msdl.microsoft.com/download/symbols;SRV*c:\code\symbols*https://chromium-browser-symsrv.commondatastorage.googleapis.com

  2. Configure WinDbg to use a sensible window layout by navigating explorer to "C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\themes" and double-clicking on standard.reg.
  3. Launch windbg.exe and:
    1. In the menu File, Source File Path..., set the path to srv*.
      • If you have a local checkout of the source, you can just point Source Path to the root of your code (src). Multiple paths are separated by semicolons.
      • If you want to download the individual source files to a given directory, add the destination to the path like so: srv*c:\path\to\downloaded\sources;c:\my\checkout\src
    2. In the menu ViewSource language file extensions..., add cc=C++ to have automatic source colors.
    3. Optionally, customize the window layout as desired via the View menu, and dock the windows as you want them to be. Note that the UI allows multiple "Docks" and each Dock can have multiple tiled panels in it, and each panel can have multiple tabbed windows. You may want to have source files to be tabbed on the same panel, and visible at the same time as local variables and the stack and command windows. It is useful to realize that by default windbg creates a workspace per debugged executable or minidump, so each target can have its own configuration. The "default" workspace is applied to new targets.
    4. Optionally, run additional customization commands such as:
      1. .asm no_code_bytes
        • disables display of opcodes
      2. .prompt_allow -sym -dis -ea -reg -src
        • Disables display of symbol for the current instruction, disassembled instructions, effective address of current instruction, current state of registers and source line for the current instruction
      3. .srcfix
        • Enables source server. This tells the debugger to use information in the Chrome PDBs to download the correct version of all necessary source files.
    5. Use File, Save Workspace to make this new configuration the default for all future execution.
    6. Exit windbg.
  4. In Windows Explorer, associate .dmp extension with windbg.exe. You may have to manually add -z to the open command like so: "...\windbg.exe" -z "%1" to make this work properly. Alternatively, run windbg.exe -IA
  5. Register as the default just in time debugger: windbg.exe -I

To set your symbol and source environment variables permanently, you can run the following commands:

 
setx _NT_SYMBOL_PATH SRV*c:\code\symbols*https://msdl.microsoft.com/download/symbols;SRV*c:\code\symbols*https://chromium-browser-symsrv.commondatastorage.googleapis.com
setx _NT_SOURCE_PATH SRV*c:\code\source;c:\my\checkout\src
 

Common commands

  • dt this->member_
    • Displays the data
  • x chrome*!*function_name
    • Finds a symbol.
  • .open -a [symbol address or complete symbol name found by using x]
    • Opens the source file containing the specified symbol. Pretty neat.
  • k
    • Displays the stack.
    • kP: Show all parameters.
    • kM: Show links to each stack frame.
    • Clicking on the links shifts into the other stack frame, allowing you to browse locals, etc.
  • ?? [data name]
    • Quick evaluation of a C++ symbol (local variable, etc). You don't need to specify this-> for member variables but it's slower if you don't.
  • dv [/V]
    • Displays local variables
  • dt varname
    • Displays a variable.
  • dd address
    • Displays the contents of memory at the given address (as doubles... dc, dw, dq etc)
  • dt -r1 type address
    • Displays an object of the given type stored at the given address, using 1 level of recursion.
  • uf symbol
    • Disassembles a function showing source line number.
  • !stl
    • Displays some stl structures (visualizer)
  • dt -n <type>
    • Displays a type forcing the name to the supplied type (when there are problematic characters in the name)
  • ~*n
    • Freezes all threads
  • ~4m
    • Thaws thread number 4
  • Ctrl-Shift-I
    • Sets the selected source line to be the next line to be executed
  • F5, Ctrl-Shift-F5, F9, F10, F11
    • Run, restart, toggle breakpoint, step over, step into.

One of the major benefits of WinDBG for debugging Chromium is its ability to automatically debug child processes. This allows you to skip all the complicated instructions above. The easiest way to enable this is to check "Debug child processes also" in the "Open Executable" dialog box when you start debugging or start "windbg.exe -o".  NOTE that on 64-bit Windows you may need to use the 64-bit WinDbg for this to work. You can switch dynamically the setting on and off at will with the .childdbg 1|0 command, to follow a particular renderer creation. You can also attach to a running process (F6) and even detach without crashing the process (.detach)

 

Common commands when working with a crash

  • !analyze -v
    • Displays a basic crash analysis report.
  • .ecxr
    • Switch the context to the exception record.
  • dds address
    • Displays symbols following address (as in a stack or vtable)
  • k = address address address
    • Rebuilds a call stack assuming that address is a valid stack frame.
  • lm vmchr*
    • Lists verbose information about all modules with a name that starts with ch
  • ln address
    • Lists all symbols that match a given address (dedups a symbol).
  • .load wow64exts
    • On a 64-bit debugger, load the 32-bit extensions so that the current architecture can be switched
  • .effmach x86
    • Switches the current architecture to 32-bit.
  • .effmach x86; k = @ebp @ebp @ebp
    • Shows the 32-bit call stack from a 64-bit dump
For more info, see this example of working with a crash dump, consult the program help (really, it's exhaustive!), see Common windbg commands or use your favorite search engine.
 

Random handy hints

To set attach to child processes, and also skip the first breakpoint and the extra breakpoint on process exit (this gives you a pretty responsive Chrome you can debug):
 
sxn ibp
sxn epr
.childdbg 1
g
 
You can also get this effect by using the -g -G -o options when launching windbg, as in:
 
windbg -g -G -o chrome.exe
 
To automatically attach to processes you want to run over and over with complex command lines, just attach WinDBG to your command prompt and then .childdbg 1 the command prompt - any processes launched from there will automatically be debugged. H/T pennymac@
 
To set a breakpoint in the current process you can use this module/function syntax, among others:
 
bp msvcrt!invalid_parameter
 
To apply this to future processes that are created (assuming child process debugging is enabled) you can use this syntax, which says to run the bp command whenever a new process is created:
 
sxe -c "bp msvcrt!invalid_parameter" cpr
 
If you want a chance to do this when you first launch the browser process then you need to launch it without -g (so that the first breakpoint will be hit). You will probably then want to disable the "Create process" breakpoint and "Initial breakpoint" with these commands:
 
sxn ibp; sxn epr;
 
These are equivalent to going to Debug-> Event Filters and setting "Create process" and "Initial breakpoint" to "Ignore".
 
Always use --user-data-dir when starting Chrome built with branding=Chrome or else you're going to have a bad time.

Resources

WinDBG help的更多相关文章

  1. 透过WinDBG的视角看String

    摘要 : 最近在博客园里面看到有人在讨论 C# String的一些特性. 大部分情况下是从CODING的角度来讨论String. 本人觉得非常好奇, 在运行时态, String是如何与这些特性联系上的 ...

  2. Windbg Extension NetExt 使用指南 【3】 ---- 挖掘你想要的数据 Managed Heap

    摘要 : NetExt中有两个比较常用的命令可以用来分析heap上面的对象. 一个是!wheap, 另外一个是!windex. !wheap 这个命令可以用于打印出heap structure信息. ...

  3. Windbg Extension NetExt 使用指南 【2】 ---- NetExt 的基本命令介绍

    摘要 : 本章节介绍NetExt常用的命令. 并且对SOS进行一些对比. NetExt的帮助 要想玩好NetExt, 入门就得看帮助. 看NetExt的帮助可以调用!whelp 命令. 这样hi列举出 ...

  4. Windbg Extension NetExt 使用指南 【1】 ---- NetExt 介绍

    摘要 : 在使用WINDBG做debugging的时候,需要一个好的工具帮助进行数据分析. 最常见的extension包括SOS, PSSCOR.  NetExt则是另外一种提供了丰富命令功能的deb ...

  5. Windbg跟踪临界区的BUG

    最近跟踪了一个程序的界面卡死问题,该卡死偶尔出现,在抓到一次dump后用windbg载入分析,打印出函数调用堆栈后,一眼可以看出是临界区死锁了. 代码: 0:000:x86> kb ChildE ...

  6. 使用Windbg在XP下Heap追踪失败的原因

    1.故事背景      最近同事的代码中碰到一个bug会导致奔溃的bug,从dump上看是由于某个对象的堆内存指针被释放了,但代码仍调用了该对象指针的虚函数,从而引起内存访问违法崩溃,由于该类被大量使 ...

  7. Windbg调试命令详解

    作者:张佩][原文:http://www.yiiyee.cn/Blog] 1. 概述 用户成功安装微软Windows调试工具集后,能够在安装目录下发现四个调试器程序,分别是:cdb.exe.ntsd. ...

  8. windbg运行

    运行起来会提示windbg is running. BUSY 这个是正常运行的状态,只有发生异常,或者被指定断点,才会中断.

  9. Windbg使用简明指南

    第一章 准备 1.1.    环境配置 _NT_DEBUGGER_EXTENSION_PATH=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 _NT_SY ...

  10. WinDbg 蓝屏dump分析教程

    一.WinDbg是什么?它能做什么? WinDbg是在windows平台下,强大的用户态和内核态调试工具.它能够通过dmp文件轻松的定位到问题根源,可用于分析蓝屏.程序崩溃(IE崩溃)原因,是我们日常 ...

随机推荐

  1. nyoj--586--疯牛(二分&&枚举)

    疯牛 时间限制:1000 ms  |  内存限制:65535 KB 难度:4 描述 农夫 John 建造了一座很长的畜栏,它包括N (2 <= N <= 100,000)个隔间,这些小隔间 ...

  2. [codeforces 894 E] Ralph and Mushrooms 解题报告 (SCC+拓扑排序+DP)

    题目链接:http://codeforces.com/problemset/problem/894/E 题目大意: $n$个点$m$条边的有向图,每条边有一个权值,可以重复走. 第$i$次走过某条边权 ...

  3. AOJ GRL_1_B: Shortest Path - Single Source Shortest Path (Negative Edges) (Bellman-Frod算法求负圈和单源最短路径)

    题目链接: http://judge.u-aizu.ac.jp/onlinejudge/description.jsp?id=GRL_1_B   Single Source Shortest Path ...

  4. lua-C++ userdata使用

    lua-C++ userdata使用 所负责的产品使用非常灵活,可设置的参数上千个,而且还支持用户用lua进行流程控制,所以开发中要用到很多lua.C++混合编程.之前对这些也还是一知半解,只会依葫芦 ...

  5. 优动漫PAINT-朱槿花的画法

    火红夺目的朱槿花,绝对是烘托画面的绝佳布景!画法发非常简单,毫无绘画基础的人也能够将它很好的呈现出来哟~ 教程是简单,呃.... 没有优动漫PAINT软件肿么办? 别着急,╭(╯^╰)╮ 小编给你送来 ...

  6. Dapper基础知识一

    在下刚毕业工作,之前实习有用到Dapper?这几天新项目想用上Dapper,在下比较菜鸟,这块只是个人对Dapper的一种总结. 1,什么是Dapper?     Dapper,.NET下的一种ORM ...

  7. Collections库使用

    Date: 2019-05-27 Author: Sun Collections库 ​ Python拥有一些内置的数据类型,比如str, int, list, tuple, dict等, collec ...

  8. 管理windows自启动程序

    1. 点击开始,在运行程序框中输入msconfig,然后回车. 在弹出的对话框中,点击”启动“选项卡,在启动项目列表中,把不需要的启动项目前面的对号去掉. 然后切换到”服务“选项卡,这里的服务项目列表 ...

  9. [terry笔记]11gR2_DataGuard搭建_primary零停机

    11gR2搭建dataguard环境,此篇文章是利用rman搭建dataguard,这样的好处是primary不用停机,当然,前提条件是primary已经开启归档. 相对于可以停机,零停机传送数据文件 ...

  10. [MST] Derive Information from Models Using Views

    Redundant data or caching data is a constant source of bugs. MST adheres to the philosophy that no d ...