windows 如何在 WinDbg 中列出线程(内核调试)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8623169/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to list threads in WinDbg (kernel debugging)
提问by user963228
Does anyone know how I can list all threads in WinDbg while kernel debugging. I have found older references that say '~' but that does not work.
有谁知道我如何在内核调试时列出 WinDbg 中的所有线程。我发现较旧的参考文献说“〜”,但这不起作用。
Specifically I am looking to the find the ID of a thread that caused an event, namely a breakpoint.
具体来说,我正在寻找导致事件的线程的 ID,即断点。
Thanks.
谢谢。
回答by Ana Betts
~only works in user mode. To list all threads on the system, it's !process 0 1as I recall (it's been awhile).
~仅适用于用户模式。!process 0 1我记得要列出系统上的所有线程(已经有一段时间了)。
"Specifically I am looking to the find the ID of a thread that caused an event, namely a breakpoint."
“具体来说,我正在寻找引起事件的线程的 ID,即断点。”
This statement doesn't make much sense to do from kernel mode. Can you descrive more about what your scenario is?
这个语句在内核模式下没有多大意义。你能详细描述一下你的场景是什么吗?
Edit:Ah, now I get it. You want to know which thread you're currently in right now. Give !threada go.
编辑:啊,现在我明白了。您想知道您目前在哪个线程中。试一试!thread。
回答by snoone
You can always use the @$thread pseudo register to reference the current thread object:
您始终可以使用 @$thread 伪寄存器来引用当前线程对象:
0: kd> r @$thread
$thread=fffff80002c02cc0
If you want the ID of the thread, you'll need to dig it out of the ETHREAD. Luckily, the @$thread is typed as a pointer to an ETHREAD if you're using the C++ evaluator:
如果您想要线程的 ID,则需要将其从 ETHREAD 中挖掘出来。幸运的是,如果您使用 C++ 评估器,@$thread 被输入为指向 ETHREAD 的指针:
0: kd> ?? @$thread->Cid
struct _CLIENT_ID
+0x000 UniqueProcess : 0x00000000`00001408 Void
+0x008 UniqueThread : 0x00000000`0000144c Void
-scott
-斯科特
