核心调试工具介绍

发表于:2007-07-01来源:作者:点击数: 标签:
很多研究win2000核心的人,都介绍使用soft-ice,可很少介绍microsoft自己的核心调试工具。 小弟写篇i386kd.exe的介绍,意在抛转引玉,供大家参考! 而且这段时间,csdn 上关于内核类的文章好象以绝迹那,大虾大虾快回来,你的fans在呼唤你! usage: i386kd [

很多研究win2000核心的人,都介绍使用soft-ice,可很少介绍microsoft自己的核心调试工具。
小弟写篇i386kd.exe的介绍,意在抛转引玉,供大家参考!
而且这段时间,csdn 上关于内核类的文章好象以绝迹那,大虾大虾快回来,你的fans在呼唤你!

usage: i386kd [-?] [-v] [-m] [-r] [-s] [-b] [-x] [-m] [-myob]
              [-y SymbolsPath] [-z CrashDmpFile]

where: -v Verbose mode
       -? Display this help
       -r Display registers
       -s No Lazy symbol loading
       -m Use modem controls
       -b Break into kernel
       -x Same as -b, except uses an initial command of eb NtGlobalFlag 1;g
       -m Serial port is a modem, watch for carrier detect
       -myob ignores version mismatches in DBGHELP.DLL
       -y SymbolsPath specifies the symbol search path
       -z CrashDmpFile specifies the name of a crash dump file to debug

Environment Variables:

    _NT_DEBUG_PORT=com[1|2|...]
        Specify which com port to use. (Default = com1)

    _NT_DEBUG_BAUD_RATE=baud rate
        Specify the baud rate used by debugging serial port. (Default = 19200)

    _NT_SYMBOL_PATH=[Drive:][Path]
        Specify symbol image path. (Default = %SystemRoot%)

    _NT_ALT_SYMBOL_PATH=[Drive:][Path]
        Specify an alternate symbol image path.

    _NT_DEBUG_EXTENSIONS=dllname(s)
        If specified, it is a semi-colon separated list of debugger extension DLL names
        This specifies the search order when resolving debugger extension commands
    _NT_DEBUG_LOG_FILE_OPEN=filename
        If specified, all output will be written to this file from offset 0.

    _NT_DEBUG_LOG_FILE_APPEND=filename
        If specified, all output will be APPENDed to this file.

    _NT_DEBUG_CACHE_SIZE=x
        If specified, gives the number of bytes cached on debugger side
        of kernel debugger serial connection (default is 102400).

    KDQUIET=anything
        If defined, disables obnoxious warning message displayed when user
        presses Ctrl-C


Control Keys:

     <Ctrl-C> Break into kernel
     <Ctrl-B><Enter> Quit debugger
     <Ctrl-R><Enter> Resynchronize target and host
     <Ctrl-K><Enter> Toggle Initial Breakpoint
     <Ctrl-V><Enter> Toggle Verbose mode
     <Ctrl-D><Enter> Display debugger debugging information
                                     流浪的小狗,没有家呀!
                                       没有一个家!


原文转自:http://www.ltesting.net