 |
| Debugger |
| Program - To Debug/Test Executable Programs |
| Such as cdb.exe, windbg.exe etc. | |
| How To | |
| List Debugger Usage | 1) RUN@ cmd.exe Microsoft Windows [Version 10.0.22631.5984] ... 2) CMD@ cdb.exe -? |
| cmd.exe : Program, Windows Command Processor cdb.exe : Program, CUI Symbolic Debugger -? : Switch, Help Message | |
| Alternatively, RUN@ windbg.exe → DBG@ → Help → Contents → Debugging Tools for Windows (WinDbg, KD, CDB, NTSD) → Debugger Reference → Command-Line Options → WinDbg Command-Line Options | |
| Debugger Engine |
| Library - To Examine/Manipulate Debugging Targets |
| Windows Symbolic Debugger Engine | |||
| Application Extension | |||
| dbgeng.dll |
| ||
| Dbg Eng : API | |||
| Exported Functions like DebugConnect, DebugCreate, DebugCreateEx etc. | |||
| Debugger Command |
| Instruction - To Perform Specific Tasks/Operations |
| Such as Standard Command, Meta Command etc. | |
| Usage | |
| Standard Command | g (Go) etc. |
| Meta Command (Starts with .) | .cls (Clear Screen) etc. |
| Extension Command (Starts with !) | !peb (Process Environment Block) etc. |
| . : Period Character ! : Exclamation Character | |
| Standard aka Regular Command, Meta aka Dot Command and Extension aka Bang Command | |
| Debugger Extension |
| Library - To Provide Additional Commands/Features |
| Such as exts.dll, uext.dll etc. | |
| How To | |
| List Debugger Extension | CDB@ .chain |
| .chain : Meta Command, Display Loaded Debugger Extension | |
| Alternatively, RUN@ windbg.exe → DBG@ → View → Command (Alt+1) → .chain | |
| Debugging Symbol |
| Instructions to Map Address to Name |
| Such as *.dbg, *.pdb etc. | |
| How To | |
| Load Debugging Symbol | CDB@ .reload |
| .reload : Meta Command, Reload Module Symbol | |
| Alternatively, RUN@ windbg.exe → DBG@ → View → Command (Alt+1) → .reload | |
| User-Mode |
| Run in Applications, Application Extensions and Subsystems |
| Thread Access Restricted Mode | |
| How To | |
| Access User Mode | CMD@ cdb.exe -p {PId} CMD@ cdb.exe -o {Exe} [Args] |
| cdb.exe : Program, CUI Symbolic Debugger -p : Switch, Process Identifier {PId} : Parameter, Process Identifier -o : Switch, Target Executable {Exe} : Parameter, Executable File Name [Args] : Optional Parameter, Command Line Arguments | |
| Alternatively, RUN@ windbg.exe → DBG@ → File → Attach to a Process... (F6) → Process Identifier Alternatively, RUN@ windbg.exe → DBG@ → File → Open Executables... (Ctrl+E) → Executable File Name | |
| Kernel-Mode |
| Run in Operating System, Privileged Programs and Device Drivers |
| Processor Access Privileged Mode | |
| How To | |
| Access Kernel Mode | CMD@ kd.exe -kl |
| kd.exe : Program, Kernel Debugger -kl : Switch, Local Machine | |
| Alternatively, RUN@ windbg.exe → DBG@ → File → Kernel Debug... (Ctrl+K) → Local | |
| Live Debugging |
| Technique - To Analyze State of Running Process |
| Such as Attaching, Spawning etc. | |
| How To | |
| Attach to Process | CMD@ cdb.exe -p {PId} |
| Spawn New Process | CMD@ cdb.exe -o {Exe} [Args] |
| cdb.exe : Program, CUI Symbolic Debugger -p : Switch, Process Identifier {PId} : Parameter, Process Identifier -o : Switch, Target Executable {Exe} : Parameter, Executable File Name [Args] : Optional Parameter, Command Line Arguments | |
| Alternatively, RUN@ windbg.exe → DBG@ → File → Attach to a Process... (F6) → Process Identifier Alternatively, RUN@ windbg.exe → DBG@ → File → Open Executables... (Ctrl+E) → Executable File Name | |
| Postmortem Debugging |
| Technique - To Analyze Memory Dump of Process |
| Also Known As Dump Analysis | |
| How To | |
| Analyze Dump File | CMD@ cdb.exe -z {Dump} |
| cdb.exe : Program, CUI Symbolic Debugger -z : Switch, Dump File {Dump} : Parameter, Dump File Name | |
| Alternatively, RUN@ windbg.exe → DBG@ → File → Open Crash Dump... (Ctrl+D) → Dump File Name | |