[英]How to use WinDbg to analyze the crash dump for VC++ application?
Here are some general steps that will get you on your way:以下是一些可助您顺利进行的一般步骤:
First, you must change your compiler's settings so that it creates PDB files, even for release builds.首先,您必须更改编译器的设置,以便它创建 PDB 文件,即使对于发布版本也是如此。 Later versions of the Visual C++ compiler do this by default, but in many versions of Visual C++ you must do this yourself.
更高版本的Visual C++编译器默认执行此操作,但在许多版本的 Visual C++ 中,您必须自己执行此操作。 Create program database files, and then keep an archive of those files along with each build of your application.
创建程序数据库文件,然后在每次构建应用程序时保存这些文件的存档。 It is critical that every build of your applications has its own set of PDBs.
应用程序的每个构建都有自己的一组 PDB,这一点至关重要。 You can't just reuse the same ones you made with build 10 to examining the dumps generated by build 15, for example.
例如,您不能仅重用与构建 10 相同的那些来检查构建 15 生成的转储。 Over the life of your project, you will end up with a ton of PDBs, so be prepared for that.
在项目的整个生命周期中,您最终会得到大量 PDB,因此请为此做好准备。
Next, you need to be able to identify the exact version of your application which generated the dump file.接下来,您需要能够识别生成转储文件的应用程序的确切版本。 If you are creating your own MiniDumps (by calling MiniDumpWriteDump() for example), probably the easiest way to do this is to simply make part of the filename of the MiniDump the complete version number of your application.
如果您正在创建自己的 MiniDump(例如通过调用MiniDumpWriteDump() ),可能最简单的方法是简单地将 MiniDump 的文件名的一部分作为应用程序的完整版本号。 You'll need to have a reasonable version numbering scheme in place for this to work.
您需要有一个合理的版本编号方案才能使其工作。 In my shop, we increment the build number across all branches by one every time the autobuilder creates a build.
在我的商店中,每次自动构建器创建构建时,我们都会将所有分支的构建号加一。
Now that you have received the dump file from the customer, you know the precise version of the application that created the dump, and you have found the PDB files for this build.现在您已经从客户那里收到转储文件,您知道创建转储的应用程序的准确版本,并且您已经找到了此构建的 PDB 文件。
Now you need to go through your source control's history and find the source code for this exact version of the software.现在,您需要查看源代码管理的历史记录并找到该软件的确切版本的源代码。 The best way to do this is to apply 'labels' to your branches every time you make a build.
最好的方法是在每次构建时将“标签”应用于分支。 Set the value of the label to the exact version number, and it becomes easy to find in the history.
将标签的值设置为确切的版本号,在历史记录中就变得容易了。
You're almost ready to fire up WinDbg/Visual C++:您几乎已准备好启动 WinDbg/Visual C++:
c:\\app_build_1.0.100
for application version 1.0 build #100.c:\\app_build_1.0.100
。 Now you have two options for viewing the dump file.现在您有两种查看转储文件的选项。 You can use Visual Studio or WinDbg.
您可以使用Visual Studio或 WinDbg。 Using Visual Studio is easier, but WinDbg is much more powerful.
使用 Visual Studio 更容易,但 WinDbg 更强大。 Most of the time the functionality in Visual Studio will suffice.
大多数情况下,Visual Studio 中的功能就足够了。
To use Visual Studio, all you have to do is open the dump file like it is a project.要使用 Visual Studio,您所要做的就是像打开项目一样打开转储文件。 Once opened, "run" the dump file ( F5 by default) and if all the paths are set correctly it will take you right to the code that crashed, give you a call stack, etc.
打开后,“运行”转储文件(默认为F5 ),如果所有路径都设置正确,它将带您直接进入崩溃的代码,为您提供调用堆栈等。
To use WinDbg, you have to jump through a couple of hoops:要使用 WinDbg,您必须跳过几个环节:
.symfix
. .symfix
。 This may take a few moments as it will pull a ton of stuff down from the Internet..sympath+ c:\\pdblocation
, substituting wherever you put the PDB files for the pathname..sympath+ c:\\pdblocation
,用您放置 PDB 文件的任何位置替换路径名。 Make sure you get the plus sign in there with no whitespace between .sympath
and the +
sign or else you'll screw up step 3..sympath
和+
号之间没有空格,否则你会搞砸第 3 步。.srcpath c:\\app_build_1.0.100
substituting the path where you got code from source control for this version of the software. .srcpath c:\\app_build_1.0.100
替换您从源代码管理中获取此版本软件的代码的路径。!analyze -v
!analyze -v
After a few moments, if everything is configured correctly, WinDbg will take you right to the location of your crash.片刻之后,如果一切配置正确,WinDbg 将带您到崩溃的位置。 At this point you have a million options for digging deep into your application's memory space, the state of critical sections, windows, etc. But that is way beyond the scope of this post.
在这一点上你有深挖应用程序的内存空间,关键部分,Windows等的状态万股期权但是,这远远超出了职位的范围。
Good luck!祝你好运!
(see the "Dump" sections below) (请参阅下面的“转储”部分)
Understanding how Workspaces work...了解工作区的工作原理...
A "cmdtree" allows you to define a "menu" of debugger commands for easy access to frequently used commands without having to remember the terse command names. “cmdtree”允许您定义调试器命令的“菜单”,以便轻松访问常用命令,而无需记住简洁的命令名称。
You don't have to put all the command definitions into the same cmdtree text file....you can keep them separate and load multiple ones if you wish (they then get their own window).您不必将所有命令定义放入同一个 cmdtree 文本文件中……如果您愿意,您可以将它们分开并加载多个(然后它们会获得自己的窗口)。
You can use the -c option on the command line to automatically run a WinDBG script when you start WinDBG.您可以在命令行上使用 -c 选项在启动 WinDBG 时自动运行 WinDBG 脚本。
Gives opportunity to turn on DML (Debugger markup language) mode, load particular extensions, set .NET exception breakpoints, set kernel flags (eg when kernel debugging you might need to change the DbgPrint mask so you see tracing information....ed nt!Kd_DEFAULT_Mask 0xffffffff), load cmdtrees, etc.提供机会打开 DML(调试器标记语言)模式、加载特定扩展、设置 .NET 异常断点、设置内核标志(例如,在内核调试时您可能需要更改 DbgPrint 掩码以便您看到跟踪信息....ed nt !Kd_DEFAULT_Mask 0xffffffff),加载 cmdtrees 等。
An example script:一个示例脚本:
$$ Include a directory to search for extensions
$$ (point to a source controlled or UNC common directory so that all developers get access)
.extpath+"c:\svn\DevTools\WinDBG\Extensions"
$$ When debugging a driver written with the Windows Driver Framework/KMDF
$$ load this extension that comes from the WinDDK.
!load C:\WinDDK\7600.16385.1\bin\x86\wdfkd.dll
!wdftmffile C:\WinDDK\7600.16385.1\tools\tracing\i386\wdf01009.tmf
$$ load some extensions
.load msec.dll
.load byakugan.dll
.load odbgext.dll
.load sosex
.load psscor4
$$ Make commands that support DML (Debugger Markup Language) use it
.prefer_dml 1
.dml_start
$$ Show NTSTATUS codes in hex by default
.enable_long_status 1
$$ Set default extension
.setdll psscor4
$$ Show all loaded extensions
.chain /D
$$ Load some command trees
.cmdtree c:\svn\DevTools\WinDBG\cmdtree\cmdtree1.txt
.cmdtree c:\svn\DevTools\WinDBG\cmdtree\cmdtree2.txt
$$ Show some help for the extensions
!wdfkd.help
!psscor4.help
.help /D
"Extensions" allow you to extend the range of commands/features supported inside WinDBG. “扩展”允许您扩展 WinDBG 内支持的命令/功能的范围。
Some blogs (mixture of native and managed code debugging).一些博客(本机和托管代码调试的混合)。
This is a really broad question.这是一个非常广泛的问题。
!analyze -v
to get a basic analysis performed on it.!analyze -v
对其进行基本分析。 You need to have symbol information available for your code to make dump files worthwhile. The website Memory Dump, Software Trace, Debugging, Malware, Victimware and Intelligence Analysis Portal has been very informative for me.网站内存转储、软件跟踪、调试、恶意软件、受害者软件和情报分析门户对我来说非常有用。 I also really enjoyed the book, Advanced Windows Debugging by Mario Hewardt and Daniel Pravat.
我也很喜欢这本书,Mario Hewardt 和 Daniel Pravat 所著的Advanced Windows Debugging 。
Tess Ferrandez has a great set of basic tutorials and labs to get started with Windbg. Tess Ferrandez 有一套很棒的基础教程和实验室,可以帮助您开始使用 Windbg。 I highly recommend them.
我强烈推荐他们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.