问题描述

我看到了一些有关WinDBG指令的参考和教程.其中有些像lm，.echo，!running和nt!_PDB.

I see some references and tutorials about the commnads of WinDBG.Some of them like this lm, this .echo, this !running, and this nt!_PDB.

这些类别之间有什么区别

What is difference between these categories

• xxx
• .xxx
• ！xxx
• xxx！yyy

?

他们看起来很困惑.

推荐答案

有内置命令，元命令(点命令)和扩展命令(爆炸命令).

There are built-in commands, meta commands (dot commands) and extension commands (bang commands).

我个人的观点是，与元命令相比，您不必太在意内置命令的区别，因为有足够的示例说明这些定义不正确.只需知道它们始终存在并且不需要加载扩展即可.

My personal opinion is that you needn't care too much about the difference of built-in commands compared to meta commands, since there are enough examples where those definitions do not match properly. It's sufficient to know that they are always there and don't need an extension to be loaded.

内置命令的好例子，主要是关于控制和从调试目标中获取信息:

Good examples for built-in commands, which are mainly about controlling and getting information from the debugging target:

g - go
k - call stack
~ - list threads

恕我直言，此定义与实际不符的示例:

Examples where IMHO this definition does not really match:

version    - show version of the debugger
vercommand - show command line that was used to start the debugger
n          - set number base

元命令的好例子，被认为仅影响调试器而不影响目标:

Good examples for meta commands, which are thought for only affecting the debugger but not the target:

.cls        - clear screen
.chain      - display loaded extensions
.effmach    - change behavior of the debugger regarding the architecture
.prefer_dml - change output format

恕我直言，此定义与实际不符的示例:

Example where IMHO this definition does not really match:

.lastevent  - show last exception or event that occurred (in the target)
.ttime      - display thread times (of the target)
.call       - call a function (in the target)
.dvalloc    - allocate memory (in the target)

但是，最好理解扩展命令是不同的，特别是因为同一命令可能导致不同的输出，具体取决于哪个扩展被加载或首先出现在扩展列表中，并且您可以影响顺序(例如，通过.load，.unload，.setdll).除了简单的格式!command，请注意，还有!extension.command语法可以明确指定扩展名.我将在下面的示例中使用它. (甚至还有!c:\path\to\extension.command)

However, it's good to understand that the extension commands are different, especially because the same command may result in different output, depending on which extension is loaded or appears first in the extension list and that you can affect the order (e.g. by .load, .unload, .setdll). Besides the simple form !command, note that there is also the !extension.command syntax to specify the extension explicitly. I'll use it in the example below. (There's even !c:\path\to\extension.command)

扩展命令冲突的示例是从内核调试会话中给出的，其中一个!heap不提供任何输出，而另一个显然需要一个参数才能工作.

The example of a collision of extension commands is given from a kernel debug session where one !heap does not give any output and the other obviously needs a parameter to work.

0: kd> !ext.heap
0: kd> !exts.heap
Invalid type information

问题(xxx!yyy)中提到的最后一种格式不是命令，而是方法或类型信息，其中xxx表示模块(DLL)，而yyy表示方法或类型名称.通常，在方法(xxx!yyy+0xhhh)

The last format mentioned in your question (xxx!yyy) is not a command, but a method or type information where xxx denotes the module (DLL) and yyy denotes the method or type name. Often, this is also seen with an additional offset in bytes for locations inside the method (xxx!yyy+0xhhh)

这篇关于WinDBG的命令类别?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！