windows系统下主要的调试器:
CDB ,只能调试用户程序,没有控制台界面,以命令行形式工作,因为MSVC用的调试器是C:\Windows\System32\vsjitdebugger.exe,所以安装Visual Studio是没有cdb的。必须从WDK里面安装Debugging Tools for Windows。CDB是windbg的小兄弟 NTSD, 只能调试用户程序,没有控制台界面,以命令行形式工作 KD,主要用于内核调试,有时候也用于用户态调试,没有控制台界面,以命令行形式工作 WinDbg,在用户态、内核态下都能够发挥调试功能,采用了可视化的用户界面。
这些调试器需要从sdk中安装,安装完在这里X:\Windows Kits\10\Debuggers\x86。
除了windows编译器,还有其他编译器,比如GNU的gdb。
象GDB,CDB这些工具,命令都很多,但是我们只要熟记最常用的"三板斧"就可以工作了。 1.启动 1)直接调试: gdb program [core] cdb program or cdb -z DumpFile 2)attach方式 gdb attach pid cdb -pn ExeName or cdb -p pid 2.显示堆栈 GDB: bt CDB: k 3. 设置断点 GDB: b [file:]line CDB: bp 'file:line' 4. 运行/继续运行 GDB: run [arglist] c 继续运行 CDB: g 5. 单步 GDB : n (step over) s (step into) CDB : p 6. 打印变量的值 GDB : p expr CDB: ? expr 说老实话,CDB过于复杂,学起来比GDB难.用CDB之前设置一下symbol的path set _NT_SYMBOL_PATH=srv*c:\symbols*http://msdl.microsoft.com/download/symbols
ActionWinDbgGDBSet breakpointbp [addr] bp [name]b[reak] *[addr] b[reak] [name]List breakpointsbli[nfo] b[reakpoints]Enable breakpointbe [n]en[able] [n] Disable breakpointbd [n] dis[able] [n] Clear one breakpointbc [n]d[elete] [n]Clear all breakpointsbc *d[elete]Disassembleu u [addr]disas[semble] /r disas[semble] /r [addr]Rung g [addr]r[un] sta[rt]Continueg gcc[ontinue]Restart.restartr[un]Trace (into calls)ts[tep]Step (over calls)pn[ext]Trace (into calls) by machine instructionts[tep]iStep (over calls) by machine instructionpn[ext]iToggle source mode for steppingl+t l-tn/a - See above. (use si and ni)List moduleslmi[nfo] sh[aredlibrary]View registersr r [name]i[nfo] r i[nfo] r [name]View call stackk[b|v|p]i s[tack] bt f[ull]View threads~i[nfo] th[reads]Switch thread~[n]sthr[ead] [n]View all thread stacks~*kthread apply all btSwitch frame.frame [n]f[rame] [n]View memory (8 bytes)dq [addr] L[n]x/[n]xg [addr]View memory (4 bytes)dd [addr] L[n]x/[n]xw [addr]View memory (2 bytes)dw [addr] L[n]x/[n]xh [addr]View memory (1 byte)db [addr] L[n]x/[n]xb [addr]View memory (ascii)da [addr] L[n]p[rint] (char*)[addr] x/s [addr] x/20c [addr]View memory (stacked)dds [addr] L[n]x/xw [addr] repeat Enter keyView local variablesdv /v xi[nfo] lo[cals] print [var_name] x &[var_name]View global variablesx [mod]!*i[nfo] va[riables] info address [g_name] print [g_name] x &[g_name]View frame argsx kP L1i[nfo] ar[gs]View typedt [type]explore [type]Break on syscall catch syscall [i] catch syscall [name]Set registerr [name]=[value]set $[name]=[value]Evaluate? [expr] e.g. ? rax+5p [expr] e.g. p $r11+5Quitqq
Notes:
GDB: Prefix breakpoint memory addresses with *GDB: "set disassembly-flavor intel" for disassembly more like WinDbgGDB: "start" runs to the entry point (if named "main")In the View memory commands, "n" represents the number of valuesFor viewing local variables, be sure to compile with symbolic information: gcc -gcl /Zi