| Debugger |
| Inspect and Monitor Execution of Program |
| Such as cdb.exe, windbg.exe etc. |
| How To |
| List Debugger Usage | CMD@ cdb.exe -? |
cdb.exe : Program, CUI Symbolic Debugger
-? : Switch, Help Message |
| Alternatively, RUN@ windbg.exe → DBG@ → Help → Contents → Debugging Tools for Windows (WinDbg, KD, CDB, NTSD) → Debugger Reference → Command-Line Options → WinDbg Command-Line Options |
|
| Debugger Engine |
| Examine and Manipulate Debugging Target |
| Windows Symbolic Debugger Engine |
| Application Extension |
| dbgeng.dll | | x86 C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\dbgeng.dll | | x64 C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbgeng.dll |
|
| Dbg Eng : API |
| Exported Functions like DebugConnect, DebugCreate, DebugCreateEx etc. |
|
| Debugger Command |
| Instructions to Perform Task and Operation |
| Such as Standard, Meta, Extension etc. |
| Usage |
| Standard Command | g (Go) etc. |
| Meta Command (Starts with .) | .cls (Clear Screen) etc. |
| Extension Command (Starts with !) | !peb (Process Environment Block) etc. |
. : Period Character
! : Exclamation Character |
| Standard aka Regular Command, Meta aka Dot Command and Extension aka Bang Command |
|
| Debugger Extension |
| Additional Commands and Features |
| Such as exts.dll, uext.dll etc. |
| How To |
| List Debugger Extension | CDB@ .chain |
| .chain : Meta Command, Display Loaded Debugger Extension |
| Alternatively, RUN@ windbg.exe → DBG@ → View → Command (Alt+1) → .chain |
|
| Debugging Symbol |
| Instructions to Map Address to Name |
| Such as *.dbg, *.pdb etc. |
| How To |
| Load Debugging Symbol | CDB@ .reload |
| .reload : Meta Command, Reload Module Symbol |
| Alternatively, RUN@ windbg.exe → DBG@ → View → Command (Alt+1) → .reload |
|
| User Mode |
| Run in Applications, Application Extensions and Subsystems |
| Thread Access Restricted Mode |
| How To |
| Access User Mode | CMD@ cdb.exe -p {PId}
CMD@ cdb.exe -o {Exe} [Args] |
cdb.exe : Program, CUI Symbolic Debugger
-p : Switch, Process Identifier
{PId} : Parameter, Process Identifier
-o : Switch, Target Executable
{Exe} : Parameter, Executable File Name
[Args] : Optional Parameter, Command Line Arguments |
Alternatively, RUN@ windbg.exe → DBG@ → File → Attach to a Process... (F6) → Process Identifier
Alternatively, RUN@ windbg.exe → DBG@ → File → Open Executables... (Ctrl+E) → Executable File Name |
|
| Kernel Mode |
| Run in Operating System, Privileged Programs and Device Drivers |
| Processor Access Privileged Mode |
| How To |
| Access Kernel Mode | CMD@ kd.exe -kl |
kd.exe : Program, Kernel Debugger
-kl : Switch, Local Machine |
| Alternatively, RUN@ windbg.exe → DBG@ → File → Kernel Debug... (Ctrl+K) → Local |
|
| Live Debugging |
| Analyze State of Running Process |
| Such as Attaching, Spawning etc. |
| How To |
| Attach to Process | CMD@ cdb.exe -p {PId} |
| Spawn New Process | CMD@ cdb.exe -o {Exe} [Args] |
cdb.exe : Program, CUI Symbolic Debugger
-p : Switch, Process Identifier
{PId} : Parameter, Process Identifier
-o : Switch, Target Executable
{Exe} : Parameter, Executable File Name
[Args] : Optional Parameter, Command Line Arguments |
Alternatively, RUN@ windbg.exe → DBG@ → File → Attach to a Process... (F6) → Process Identifier
Alternatively, RUN@ windbg.exe → DBG@ → File → Open Executables... (Ctrl+E) → Executable File Name |
|
| Postmortem Debugging |
| Analyze Memory Dump of Process |
| Also Known As Dump Analysis |
| How To |
| Analyze Dump File | CMD@ cdb.exe -z {Dump} |
cdb.exe : Program, CUI Symbolic Debugger
-z : Switch, Dump File
{Dump} : Parameter, Dump File Name |
| Alternatively, RUN@ windbg.exe → DBG@ → File → Open Crash Dump... (Ctrl+D) → Dump File Name |
|