Every Wednesday I post a debug tip to our twitter page at www.twitter.com/ntdebugging. This blog is an archive of these tips to allow our readers to find this information easily. We will update this blog every few weeks with the new tips; follow us on twitter if you want to see the tips as I post them. The goal of these tips is to share debug commands, and forms of commands (parameters, flags, etc) that my colleagues and I find useful. I hope you can add these commands to your toolkit and they will help you debug more efficiently. Tips!thread/!process [address] e - on x64 will not show you the meaningless Args to Child information..frame /c [FrameNumber] - sets context to specified stack frame. Provides more reliable information than .trap on x64. kn - Dumps call stack with frame numbers, easier than counting stacks for .frame..frame /r [FrameNumber] - same as .frame /c, but shows registers without changing context.Note: With .frame /c or /r you can only trust the nonvolatile registers. See http://msdn.microsoft.com/en-us/library/9z1stfyw(VS.80).aspx for vol/nonvol regs. Read more: Ntdebugging Blog
Subscribe to:
Post Comments (Atom)
Posts
0 comments:
Post a Comment