堆栈内存溢出
  简体   繁体   English

在windbg中,如何在kernel32.dll中的所有函数上设置断点?

[英]In windbg, How to set breakpoint on all functions in kernel32.dll?

 原文  2009-12-04 17:31:13       c++/ windbg

问题描述

I want figure out the call sequence and functions to kernel32.dll in a function example() in example.DLL . 我想在example.DLL的函数example()中弄清楚调用序列和函数kernel32.dll。

In windbg, how to set breakpoint on all functions in kernel32.dll? 在windbg中,如何在kernel32.dll中的所有函数上设置断点?

I tried bm kernel32!* , but seems not work. 我试过bm kernel32!* ,但似乎不行。

3 个解决方案

解决方案1
 5 已采纳  2009-12-04 20:03:48

I would not do just as stated. 我不会像上述那样做。 Of course it is possible, but if done with bm /a kernel32!* you inadvertently set bps also on data symbols (as opposed to actual functions). 当然有可能,但如果用bm /a kernel32!*完成,你无意中也会在数据符号上设置bps(而不是实际函数)。 In your case wt - trace and watch data (you can look it up in the debugger.chm provided with your windbg package) might be what you're after. 在您的情况下, wt - trace和监视数据(您可以在随windbg包提供的debugger.chm中查找)可能就是您所追求的。

解决方案2
 5  2013-12-19 09:07:46

Setting breakpoints at some low level kernel service DLL call may cause application exceptions. 在某些低级内核服务DLL调用中设置断点可能会导致应用程序异常。

You may use rohitab's API monitor to observe its DLL calls and then set breakpoints on your interesting calls. 您可以使用rohitab的API监视器来观察其DLL调用,然后在您有趣的调用上设置断点。

解决方案3
 2  2009-12-04 18:06:49

Kernel32 is a heavily used DLL - you'll probably find that breaking on every function is way too noisy. Kernel32是一个使用频繁的DLL - 你可能会发现打破每个函数都太吵了。 You also don't need to break on every kernel32 function, just the ones it exports. 你也不需要打破每个kernel32函数,只需要输出它们。

If I were you, I'd run "link /dump /exports kernel32.dll", write the outputs to a file, then write a simple script that will grab the function name and write out "bp kernel32!" 如果我是你,我会运行“link / dump / exports kernel32.dll”,将输出写入文件,然后编写一个简单的脚本来获取函数名称并写出“bp kernel32!” + the function name to a new file. +新文件的函数名称。 Then, simply paste the contents of that file into the windbg command window. 然后,只需将该文件的内容粘贴到windbg命令窗口即可。

There is probably a straightforward way to do this with the scripting support in the debuggers, but you could hack the above script together in the time less time it'd take to learn how to do it via debugger scripting. 使用调试器中的脚本支持可能有一种简单的方法来执行此操作,但是您可以在更短的时间内通过调试器脚本来学习如何执行此操作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何获取kernel32.dll!BaseThreadStartThunk的内存地址? - how to get memory address of kernel32.dll!BaseThreadStartThunk? InitializeCriticalSectionEx 不在 KERNEL32.Dll 中 - InitializeCriticalSectionEx Not Located In KERNEL32.Dll Android NDK LoadLibrary(“ KERNEL32.DLL”) - Android NDK LoadLibrary(“KERNEL32.DLL”) Kernel32.dll标头信息 - Kernel32.dll Header information GetOverlappedResultEx找不到在kernel32.dll中 - GetOverlappedResultEx could not be located in kernel32.dll 如何包含非托管dll需要的dll(例如kernel32.dll) - how do I include dll's such as kernel32.dll which my unmanaged dll needs 如何在不链接kernel32.dll和ntdll.dll的情况下运行PE映像 - How to run a PE image without linking kernel32.dll and ntdll.dll 无法读取 kernel32.dll 基地址上的 memory - Unable to read memory on kernel32.dll base address C + +绕行挂钩kernel32.dll OpenProcess - C++ Hooking kernel32.dll OpenProcess with detours VS2008调试器和kernel32.dll - VS2008 debugger and kernel32.dll
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM