WinDBG is a great, free tool. It is more powerful than Visual Studio's built-in debugger, but is harder to use (kind of like gdb on Linux). You can retrieve the latest version from Microsoft's web site. You should end up with two versions of the tool: the 32-bit debugger and the 64-bit debugger.

Initial setup

Once you're started, you may wish to fix a few things. If you have run WinDbg before and saved any workspaces, you may wish to start with a clean slate by deleting the key HKCU\Software\Microsoft\Windbg using your favorite registry editor.
  1. Set the environment variable _NT_SYMBOL_PATH, as per Symbol path for Windows debuggers (e.g., File -> Symbol Search Path), to:

    SRV*c:\code\symbols*https://msdl.microsoft.com/download/symbols;SRV*c:\code\symbols*https://chromium-browser-symsrv.commondatastorage.googleapis.com

  2. Configure WinDbg to use a sensible window layout by navigating explorer to "C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\themes" and double-clicking on standard.reg.
  3. Launch windbg.exe and:
    1. In the menu File, Source File Path..., set the path to srv*.
      • If you have a local checkout of the source, you can just point Source Path to the root of your code (src). Multiple paths are separated by semicolons.
      • If you want to download the individual source files to a given directory, add the destination to the path like so: srv*c:\path\to\downloaded\sources;c:\my\checkout\src
    2. In the menu ViewSource language file extensions..., add cc=C++ to have automatic source colors.
    3. Optionally, customize the window layout as desired via the View menu, and dock the windows as you want them to be. Note that the UI allows multiple "Docks" and each Dock can have multiple tiled panels in it, and each panel can have multiple tabbed windows. You may want to have source files to be tabbed on the same panel, and visible at the same time as local variables and the stack and command windows. It is useful to realize that by default windbg creates a workspace per debugged executable or minidump, so each target can have its own configuration. The "default" workspace is applied to new targets.
    4. Optionally, run additional customization commands such as:
      1. .asm no_code_bytes
        • disables display of opcodes
      2. .prompt_allow -sym -dis -ea -reg -src
        • Disables display of symbol for the current instruction, disassembled instructions, effective address of current instruction, current state of registers and source line for the current instruction
      3. .srcfix
        • Enables source server. This tells the debugger to use information in the Chrome PDBs to download the correct version of all necessary source files.
    5. Use File, Save Workspace to make this new configuration the default for all future execution.
    6. Exit windbg.
  4. In Windows Explorer, associate .dmp extension with windbg.exe. You may have to manually add -z to the open command like so: "...\windbg.exe" -z "%1" to make this work properly. Alternatively, run windbg.exe -IA
  5. Register as the default just in time debugger: windbg.exe -I

To set your symbol and source environment variables permanently, you can run the following commands:

 
setx _NT_SYMBOL_PATH SRV*c:\code\symbols*https://msdl.microsoft.com/download/symbols;SRV*c:\code\symbols*https://chromium-browser-symsrv.commondatastorage.googleapis.com
setx _NT_SOURCE_PATH SRV*c:\code\source;c:\my\checkout\src
 

Common commands

  • dt this->member_
    • Displays the data
  • x chrome*!*function_name
    • Finds a symbol.
  • .open -a [symbol address or complete symbol name found by using x]
    • Opens the source file containing the specified symbol. Pretty neat.
  • k
    • Displays the stack.
    • kP: Show all parameters.
    • kM: Show links to each stack frame.
    • Clicking on the links shifts into the other stack frame, allowing you to browse locals, etc.
  • ?? [data name]
    • Quick evaluation of a C++ symbol (local variable, etc). You don't need to specify this-> for member variables but it's slower if you don't.
  • dv [/V]
    • Displays local variables
  • dt varname
    • Displays a variable.
  • dd address
    • Displays the contents of memory at the given address (as doubles... dc, dw, dq etc)
  • dt -r1 type address
    • Displays an object of the given type stored at the given address, using 1 level of recursion.
  • uf symbol
    • Disassembles a function showing source line number.
  • !stl
    • Displays some stl structures (visualizer)
  • dt -n <type>
    • Displays a type forcing the name to the supplied type (when there are problematic characters in the name)
  • ~*n
    • Freezes all threads
  • ~4m
    • Thaws thread number 4
  • Ctrl-Shift-I
    • Sets the selected source line to be the next line to be executed
  • F5, Ctrl-Shift-F5, F9, F10, F11
    • Run, restart, toggle breakpoint, step over, step into.

One of the major benefits of WinDBG for debugging Chromium is its ability to automatically debug child processes. This allows you to skip all the complicated instructions above. The easiest way to enable this is to check "Debug child processes also" in the "Open Executable" dialog box when you start debugging or start "windbg.exe -o".  NOTE that on 64-bit Windows you may need to use the 64-bit WinDbg for this to work. You can switch dynamically the setting on and off at will with the .childdbg 1|0 command, to follow a particular renderer creation. You can also attach to a running process (F6) and even detach without crashing the process (.detach)

 

Common commands when working with a crash

  • !analyze -v
    • Displays a basic crash analysis report.
  • .ecxr
    • Switch the context to the exception record.
  • dds address
    • Displays symbols following address (as in a stack or vtable)
  • k = address address address
    • Rebuilds a call stack assuming that address is a valid stack frame.
  • lm vmchr*
    • Lists verbose information about all modules with a name that starts with ch
  • ln address
    • Lists all symbols that match a given address (dedups a symbol).
  • .load wow64exts
    • On a 64-bit debugger, load the 32-bit extensions so that the current architecture can be switched
  • .effmach x86
    • Switches the current architecture to 32-bit.
  • .effmach x86; k = @ebp @ebp @ebp
    • Shows the 32-bit call stack from a 64-bit dump
For more info, see this example of working with a crash dump, consult the program help (really, it's exhaustive!), see Common windbg commands or use your favorite search engine.
 

Random handy hints

To set attach to child processes, and also skip the first breakpoint and the extra breakpoint on process exit (this gives you a pretty responsive Chrome you can debug):
 
sxn ibp
sxn epr
.childdbg 1
g
 
You can also get this effect by using the -g -G -o options when launching windbg, as in:
 
windbg -g -G -o chrome.exe
 
To automatically attach to processes you want to run over and over with complex command lines, just attach WinDBG to your command prompt and then .childdbg 1 the command prompt - any processes launched from there will automatically be debugged. H/T pennymac@
 
To set a breakpoint in the current process you can use this module/function syntax, among others:
 
bp msvcrt!invalid_parameter
 
To apply this to future processes that are created (assuming child process debugging is enabled) you can use this syntax, which says to run the bp command whenever a new process is created:
 
sxe -c "bp msvcrt!invalid_parameter" cpr
 
If you want a chance to do this when you first launch the browser process then you need to launch it without -g (so that the first breakpoint will be hit). You will probably then want to disable the "Create process" breakpoint and "Initial breakpoint" with these commands:
 
sxn ibp; sxn epr;
 
These are equivalent to going to Debug-> Event Filters and setting "Create process" and "Initial breakpoint" to "Ignore".
 
Always use --user-data-dir when starting Chrome built with branding=Chrome or else you're going to have a bad time.

Resources

WinDBG help的更多相关文章

  1. 透过WinDBG的视角看String

    摘要 : 最近在博客园里面看到有人在讨论 C# String的一些特性. 大部分情况下是从CODING的角度来讨论String. 本人觉得非常好奇, 在运行时态, String是如何与这些特性联系上的 ...

  2. Windbg Extension NetExt 使用指南 【3】 ---- 挖掘你想要的数据 Managed Heap

    摘要 : NetExt中有两个比较常用的命令可以用来分析heap上面的对象. 一个是!wheap, 另外一个是!windex. !wheap 这个命令可以用于打印出heap structure信息. ...

  3. Windbg Extension NetExt 使用指南 【2】 ---- NetExt 的基本命令介绍

    摘要 : 本章节介绍NetExt常用的命令. 并且对SOS进行一些对比. NetExt的帮助 要想玩好NetExt, 入门就得看帮助. 看NetExt的帮助可以调用!whelp 命令. 这样hi列举出 ...

  4. Windbg Extension NetExt 使用指南 【1】 ---- NetExt 介绍

    摘要 : 在使用WINDBG做debugging的时候,需要一个好的工具帮助进行数据分析. 最常见的extension包括SOS, PSSCOR.  NetExt则是另外一种提供了丰富命令功能的deb ...

  5. Windbg跟踪临界区的BUG

    最近跟踪了一个程序的界面卡死问题,该卡死偶尔出现,在抓到一次dump后用windbg载入分析,打印出函数调用堆栈后,一眼可以看出是临界区死锁了. 代码: 0:000:x86> kb ChildE ...

  6. 使用Windbg在XP下Heap追踪失败的原因

    1.故事背景      最近同事的代码中碰到一个bug会导致奔溃的bug,从dump上看是由于某个对象的堆内存指针被释放了,但代码仍调用了该对象指针的虚函数,从而引起内存访问违法崩溃,由于该类被大量使 ...

  7. Windbg调试命令详解

    作者:张佩][原文:http://www.yiiyee.cn/Blog] 1. 概述 用户成功安装微软Windows调试工具集后,能够在安装目录下发现四个调试器程序,分别是:cdb.exe.ntsd. ...

  8. windbg运行

    运行起来会提示windbg is running. BUSY 这个是正常运行的状态,只有发生异常,或者被指定断点,才会中断.

  9. Windbg使用简明指南

    第一章 准备 1.1.    环境配置 _NT_DEBUGGER_EXTENSION_PATH=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 _NT_SY ...

  10. WinDbg 蓝屏dump分析教程

    一.WinDbg是什么?它能做什么? WinDbg是在windows平台下,强大的用户态和内核态调试工具.它能够通过dmp文件轻松的定位到问题根源,可用于分析蓝屏.程序崩溃(IE崩溃)原因,是我们日常 ...

随机推荐

  1. Testbench的编写

    Testbench的作用,在于给我们编写的可综合代码的模块送入激励.即在我们波形仿真中用编写testbench来代替拖拽波形.其中还包括了我们硬件仿真与matlab仿真的联调建立(将matlab产生的 ...

  2. ThinkPHP5.0框架开发--第8章 TP5.0 模型

    ThinkPHP5.0框架开发--第8章 TP5.0 模型 第8章 TP5.0 模型 ================================================= 今日学习 1. ...

  3. 微信重排版 URL

    http://qbview.url.cn/getResourceInfo?appid=62&url=https%3A%2F%2Fcodepen.io%2Fbenjamminf%2Ffull%2 ...

  4. SpringCloud学习笔记(11)----Spring Cloud Netflix之Hystrix断路器的使用

    为什么会有断路器? 在微服务架构中,系 是拆分成 一个的服务单元各间通过注册与发现 的方式互相依 赖.每个单元都在不同的进程中运行, 都是通过远程调用的方式进行信 ,这样就有可能因为网络原或 是依赖服 ...

  5. java中,length,length(),size()区别

    length——数组的属性: length()——String的方法: size()——集合的方法:

  6. [agc004d]salvage robot

    题意: 别问我谁翻译的 虫合虫莫国的领土我们可以抽象为H*W的笼子,在这虫合土上,有若干个机器人和一个出口,其余都是空地,每次虫合虫莫会要求让所有的机器人向某个方向移动一步,当机器人移动到出口时会被虫 ...

  7. IFC2x3标准阅读

    参考地址:西北逍遥-IFC数据模式架构的四个概念层详解说明 1.架构图 IFC模型体系结构由四个层次构成,从下到上依次是 资源层(Resource Layer).核心层(Core Layer).交互层 ...

  8. POJ-1276 Cash Machine 多重背包 二进制优化

    题目链接:https://cn.vjudge.net/problem/POJ-1276 题意 懒得写了自己去看好了,困了赶紧写完这个回宿舍睡觉,明早还要考试. 思路 多重背包的二进制优化. 思路是将n ...

  9. Linux一些简单命令

    1.安装gvim:sudo apt-get install vim-gtk vim和gvim相同,只是后者比前者多了一个界面,此界面可以用来保存.新建.查找等. 三种模式,insert(i),norm ...

  10. 紫书 习题 11-16 UVa 1669(树形dp)

    想了很久, 以为是网络流最大流, 后来建模建不出来, 无奈. 后来看了 https://blog.csdn.net/hao_zong_yin/article/details/79441180 感觉思路 ...