当前位置:theitroad>C++ 如何使用 WinDbg 分析 VC++ 应用程序的故障转储?

C++ 如何使用 WinDbg 分析 VC++ 应用程序的故障转储?

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/734272/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-27 17:00:17  来源:igfitidea点击:

How to use WinDbg to analyze the crash dump for VC++ application?

c++visual-c++windbgcrash-dumps

提问by Haranadh

How do I use WinDbgfor analyzing a dump file?

如何使用WinDbg分析转储文件?

回答by John Dibling

Here are some general steps that will get you on your way:

以下是一些可助您顺利进行的一般步骤:

First, you must change your compiler's settings so that it creates PDB files, even for release builds. Later versions of the Visual C++compiler do this by default, but in many versions of Visual C++ you must do this yourself. Create program database files, and then keep an archive of those files along with each build of your application. It is critical that every build of your applications has its own set of PDBs. You can't just reuse the same ones you made with build 10 to examining the dumps generated by build 15, for example. Over the life of your project, you will end up with a ton of PDBs, so be prepared for that.

首先,您必须更改编译器的设置,以便它创建 PDB 文件,即使对于发布版本也是如此。更高版本的Visual C++编译器默认执行此操作,但在许多版本的 Visual C++ 中,您必须自己执行此操作。创建程序数据库文件,然后在每次构建应用程序时保存这些文件的存档。应用程序的每个构建都有自己的一组 PDB,这一点至关重要。例如,您不能仅重用与构建 10 相同的那些来检查构建 15 生成的转储。在项目的整个生命周期中,您最终会得到大量 PDB,因此请为此做好准备。

Next, you need to be able to identify the exact version of your application which generated the dump file. If you are creating your own MiniDumps (by calling MiniDumpWriteDump()for example), probably the easiest way to do this is to simply make part of the filename of the MiniDump the complete version number of your application. You'll need to have a reasonable version numbering scheme in place for this to work. In my shop, we increment the build number across all branches by one every time the autobuilder creates a build.

接下来,您需要能够识别生成转储文件的应用程序的确切版本。如果您正在创建自己的 MiniDump(例如通过调用MiniDumpWriteDump()),可能最简单的方法是简单地将 MiniDump 的文件名的一部分作为应用程序的完整版本号。您需要有一个合理的版本编号方案才能使其工作。在我的商店中,每次自动构建器创建构建时,我们都会将所有分支的构建号加一。

Now that you have received the dump file from the customer, you know the precise version of the application that created the dump, and you have found the PDB files for this build.

现在您已经从客户那里收到转储文件,您知道创建转储的应用程序的准确版本,并且您已经找到了此构建的 PDB 文件。

Now you need to go through your source control's history and find the source code for this exact version of the software. The best way to do this is to apply 'labels' to your branches every time you make a build. Set the value of the label to the exact version number, and it becomes easy to find in the history.

现在,您需要查看源代码管理的历史记录并找到该软件的确切版本的源代码。最好的方法是在每次构建时将“标签”应用于分支。将标签的值设置为确切的版本号,在历史记录中就变得容易了。

You're almost ready to fire up WinDbg/Visual C++:

您几乎已准备好启动 WinDbg/Visual C++:

  1. Get the complete source tree for that version of your application. Put it in a separate place on your hard drive, say c:\app_build_1.0.100for application version 1.0 build #100.
  2. Get the binaries for that exact version of your application and put them somewhere on your hard drive. It might be easiest simply to install that version of your application to get the binaries.
  3. Put the PDB files in the same location as the binaries in step 2.
  1. 获取该版本应用程序的完整源代码树。把它放在你硬盘上的一个单独的地方,比如c:\app_build_1.0.100应用程序版本 1.0 build #100。
  2. 获取该应用程序的确切版本的二进制文件,并将它们放在硬盘驱动器上的某个位置。简单地安装该版本的应用程序以获取二进制文件可能是最简单的。
  3. 将 PDB 文件放在与步骤 2 中的二进制文件相同的位置。

Now you have two options for viewing the dump file. You can use Visual Studioor WinDbg. Using Visual Studio is easier, but WinDbg is much more powerful. Most of the time the functionality in Visual Studio will suffice.

现在您有两种查看转储文件的选项。您可以使用Visual Studio或 WinDbg。使用 Visual Studio 更容易,但 WinDbg 更强大。大多数情况下,Visual Studio 中的功能就足够了。

To use Visual Studio, all you have to do is open the dump file like it is a project. Once opened, "run" the dump file (F5by default) and if all the paths are set correctly it will take you right to the code that crashed, give you a call stack, etc.

要使用 Visual Studio,您所要做的就是像打开项目一样打开转储文件。打开后,“运行”转储文件(F5默认情况下),如果所有路径都设置正确,它会将您带到崩溃的代码,给您一个调用堆栈等。

To use WinDbg, you have to jump through a couple of hoops:

要使用 WinDbg,您必须跳过几个环节:

  1. Start WinDbg
  2. Open the dump file. (Ctrl+ Dby default)
  3. Tell WinDbg to go get the correct MicroSoft symbol files. Type .symfix. This may take a few moments as it will pull a ton of stuff down from the Internet.
  4. Tell WinDbg where the symbols (PDB files) are. Type .sympath+ c:\pdblocation, substituting wherever you put the PDB files for the pathname. Make sure you get the plus sign in there with no whitespace between .sympathand the +sign or else you'll screw up step 3.
  5. Tell WinDbg where the source code is. Type .srcpath c:\app_build_1.0.100substituting the path where you got code from source control for this version of the software.
  6. Tell WinDbg to analyze the dump file. Type !analyze -v
  1. 启动 WinDbg
  2. 打开转储文件。( Ctrl+D默认)
  3. 告诉 WinDbg 去获取正确的 MicroSoft 符号文件。键入.symfix。这可能需要一些时间,因为它会从 Internet 上下载大量内容。
  4. 告诉 WinDbg 符号(PDB 文件)在哪里。键入.sympath+ c:\pdblocation,用您放置 PDB 文件的任何位置替换路径名。确保你在那里得到加号,.sympath并且和+符号之间没有空格,否则你会搞砸第 3 步。
  5. 告诉 WinDbg 源代码在哪里。键入.srcpath c:\app_build_1.0.100代你得到了从源头控制代码,这个版本的软件的路径。
  6. 告诉 WinDbg 分析转储文件。类型!analyze -v

After a few moments, if everything is configured correctly, WinDbg will take you right to the location of your crash. At this point you have a million options for digging deep into your application's memory space, the state of critical sections, windows, etc. But that is waybeyond the scope of this post.

片刻之后,如果一切配置正确,WinDbg 将带您到崩溃的位置。在这一点上你有深挖应用程序的内存空间,关键部分,Windows等的状态万股期权但是,这是方法超出了本文的范围。

Good luck!

祝你好运!

回答by Colin Smith

(see the "Dump" sections below)

(请参阅下面的“转储”部分)

Basic Tutorials and Demonstrations of Using WinDbg

使用WinDbg的基本教程和演示

Different Ways to "Start"/Attach WinDBG

“启动”/附加 WinDBG 的不同方式

Workspaces

工作区

Understanding how Workspaces work...

了解工作区的工作原理...

Cmdtree

命令树

A "cmdtree" allows you to define a "menu" of debugger commands for easy access to frequently used commands without having to remember the terse command names.

“cmdtree”允许您定义调试器命令的“菜单”,以便轻松访问常用命令,而无需记住简洁的命令名称。

You don't have to put all the command definitions into the same cmdtree text file....you can keep them separate and load multiple ones if you wish (they then get their own window).

您不必将所有命令定义放入同一个 cmdtree 文本文件中……如果您愿意,您可以将它们分开并加载多个(然后它们会获得自己的窗口)。

Startup Script

启动脚本

You can use the -c option on the command line to automatically run a WinDBG script when you start WinDBG.

您可以在命令行上使用 -c 选项在启动 WinDBG 时自动运行 WinDBG 脚本。

Gives opportunity to turn on DML (Debugger markup language) mode, load particular extensions, set .NET exception breakpoints, set kernel flags (e.g. when kernel debugging you might need to change the DbgPrint mask so you see tracing information....ed nt!Kd_DEFAULT_Mask 0xffffffff), load cmdtrees, etc.

提供机会打开 DML(调试器标记语言)模式、加载特定扩展、设置 .NET 异常断点、设置内核标志(例如,在内核调试时您可能需要更改 DbgPrint 掩码以便您看到跟踪信息....ed nt !Kd_DEFAULT_Mask 0xffffffff),加载 cmdtrees 等。

An example script:

一个示例脚本:

$$ Include a directory to search for extensions
$$ (point to a source controlled or UNC common directory so that all developers get access)
.extpath+"c:\svn\DevTools\WinDBG\Extensions"
$$ When debugging a driver written with the Windows Driver Framework/KMDF
$$ load this extension that comes from the WinDDK.
!load C:\WinDDK00.16385.1\bin\x86\wdfkd.dll
!wdftmffile C:\WinDDK00.16385.1\tools\tracing\i386\wdf01009.tmf
$$ load some extensions
.load msec.dll
.load byakugan.dll
.load odbgext.dll
.load sosex
.load psscor4
$$ Make commands that support DML (Debugger Markup Language) use it
.prefer_dml 1
.dml_start
$$ Show NTSTATUS codes in hex by default
.enable_long_status 1
$$ Set default extension
.setdll psscor4
$$ Show all loaded extensions
.chain /D
$$ Load some command trees
.cmdtree c:\svn\DevTools\WinDBG\cmdtree\cmdtree1.txt
.cmdtree c:\svn\DevTools\WinDBG\cmdtree\cmdtree2.txt
$$ Show some help for the extensions
!wdfkd.help
!psscor4.help
.help /D

Command Cheat Sheets

命令备忘单

Extensions

扩展

"Extensions" allow you to extend the range of commands/features supported inside WinDBG.

“扩展”允许您扩展 WinDBG 内支持的命令/功能的范围。

Write your own extension

编写自己的扩展

Using WinDBG to Debug Managed Code

使用 WinDBG 调试托管代码

Scripting (C#, PS, Python, WinDBG)

脚本(C#、PS、Python、WinDBG)

Debuggers/Tools that use the dbgeng.dll API/WinDBG Tools

使用 dbgen.dll API/WinDBG 工具的调试器/工具

Different Ways to Generate Crash Dump Files for Post-Mortem Analysis

为事后分析生成故障转储文件的不同方法

Dump Analysis Tools

转储分析工具

Dump related Tools

转储相关工具

  • Citrix dumpcheck - checks consistency of dump file (looks like it's been abandoned link+ link)
  • dumpchk(part of Debugging Tools) - checks consistency of a Dump file
  • MoonSols Windows Memory Toolkit(formerly windd) - converts various raw memory dump files into WinDBG compatible dmp files
  • vm2dmp- Microsoft Hyper-V VM State to Memory Dump Converter
  • vmss2core- converts VMWare snapshot file into a core dump file (download), (instructions)
  • Citrix dumpcheck - 检查转储文件的一致性(看起来它已被放弃link+ link
  • dumpchk(调试工具的一部分) - 检查转储文件的一致性
  • MoonSols Windows Memory Toolkit(以前称为windd) - 将各种原始内存转储文件转换为与 WinDBG 兼容的 dmp 文件
  • vm2dmp- Microsoft Hyper-V VM 状态到内存转储转换器
  • vmss2core- 将 VMWare 快照文件转换为核心转储文件(下载),(说明

Kernel Debugging Virtual Machines

内核调试虚拟机

  • VMKD- Virtual Machine KD Extensions
  • VirtualKD- (kernel debugger support for OS's hosted in VMWare/VirtualBox)
  • VMKD- 虚拟机 KD 扩展
  • VirtualKD-(内核调试器支持托管在 VMWare/VirtualBox 中的操作系统)

Videos

视频

Blogs

博客

Some blogs (mixture of native and managed code debugging).

一些博客(本机和托管代码调试的混合)。

Advanced Articles and Tutorial Resources

高级文章和教程资源

Alternative Debuggers

替代调试器

Other Links

其他链接

回答by LanceSc

This is a really broad question.

这是一个非常广泛的问题。

  1. The first step is to load the dump file into a WinDbg instance.
  2. Next, you need to make sure you have a symbols setup.
  3. Finally, you can run the command !analyze -vto get a basic analysis performed on it. You need to have symbol information available for your code to make dump files worthwhile.
  1. 第一步是将转储文件加载到 WinDbg 实例中。
  2. 接下来,您需要确保您有一个符号设置。
  3. 最后,您可以运行该命令!analyze -v以对其执行基本分析。您需要为代码提供可用的符号信息,以使转储文件有价值。

The website Memory Dump, Software Trace, Debugging, Malware, Victimware and Intelligence Analysis Portalhas been very informative for me. I also really enjoyed the book, Advanced Windows Debuggingby Mario Hewardt and Daniel Pravat.

网站内存转储、软件跟踪、调试、恶意软件、受害者软件和情报分析门户对我来说非常有用。我也很喜欢这本书,Mario Hewardt 和 Daniel Pravat所著的Advanced Windows Debugging

回答by womp

Tess Ferrandez has a great set of basic tutorials and labsto get started with Windbg. I highly recommend them.

Tess Ferrandez 有一套很棒的基础教程和实验室,可以帮助您开始使用 Windbg。我强烈推荐他们。

相关推荐

C++ 引用计数智能指针的引用计数是如何工作的?

C++ 引用计数智能指针的引用计数是如何工作的?

C++ Array 类的运算符重载

C++ Array 类的运算符重载

C++ 制表符(\t)有多少个空格?

C++ 制表符(\t)有多少个空格?

在 C++ 中枚举的字符串

在 C++ 中枚举的字符串

相关推荐
最近更新
标签