MSDN上关于WinDbg的手册

参考:http://msdn.microsoft.com/en-us/library/windows/hardware/ff540507(v=vs.85).aspx

这是最靠谱的参考了,比.hh要直观。

 

在Linux上稍作编辑

daniel@daniel-mint ~/windbg $ awk 'BEGIN{maxIndex=0}{idx = index($0, "("); if (idx > maxIndex) maxIndex = idx;}END{print maxIndex}' commands 
57
daniel@daniel-mint ~/windbg $ awk 'FS="[()]"{printf("%60s\t%s\n", $1, $2)}' commands > commands_formated

  

Basic Commands

daniel@daniel-mint ~/windbg $ awk 'FS="[()]"{printf("%60s\t%s\n", $1, $2)}' commands 
                                                       ENTER	(Repeat
                                  $<, $><, $$<, $$><, $$>a< 	Run Script File
                                                          ? 	Command Help
                                                          ? 	Evaluate Expression
                                                         ?? 	Evaluate C++ Expression
                                                          # 	Search for Disassembly Pattern
                                                         || 	System Status
                                                        ||s 	Set Current System
                                                          | 	Process Status
                                                         |s 	Set Current Process
                                                          ~ 	Thread Status
                                                         ~e 	Thread-Specific Command
                                                         ~f 	Freeze Thread
                                                         ~u 	Unfreeze Thread
                                                         ~n 	Suspend Thread
                                                         ~m 	Resume Thread
                                                         ~s 	Set Current Thread
                                                         ~s 	Change Current Processor
                                                          a 	Assemble
                                                         ad 	Delete Alias
                                                         ah 	Assertion Handling
                                                         al 	List Aliases
                                                     as, aS 	Set Alias
                                                         ba 	Break on Access
                                                         bc 	Breakpoint Clear
                                                         bd 	Breakpoint Disable
                                                         be 	Breakpoint Enable
                                                         bl 	Breakpoint List
                                                 bp, bu, bm 	Set Breakpoint
                                                         br 	Breakpoint Renumber
                                                         bs 	Update Breakpoint Command
                                                        bsc 	Update Conditional Breakpoint
                                                          c 	Compare Memory
    d, da, db, dc, dd, dD, df, dp, dq, du, dw, dW, dyb, dyd 	Display Memory
                dda, ddp, ddu, dpa, dpp, dpu, dqa, dqp, dqu 	Display Referenced Memory
                                              dds, dps, dqs 	Display Words and Symbols
                                                         dg 	Display Selector
                                                         dl 	Display Linked List
                                                     ds, dS 	Display String
                                                         dt 	Display Type
                                                         dv 	Display Local Variables
            e, ea, eb, ed, eD, ef, ep, eq, eu, ew, eza, ezu 	Enter Values
                                                      f, fp 	Fill Memory
                                                          g 	Go
                                                         gc 	Go from Conditional Breakpoint
                                                         gh 	Go with Exception Handled
                                                     gn, gN 	Go with Exception Not Handled
                                                         gu 	Go Up
                                                 ib, iw, id 	Input from Port
                                                          j 	Execute If - Else
                                  k, kb, kc, kd, kp, kP, kv 	Display Stack Backtrace
                                                     l+, l- 	Set Source Options
                                                         ld 	Load Symbols
                                                         lm 	List Loaded Modules
                                                         ln 	List Nearest Symbols
                                                    ls, lsa 	List Source Lines
                                                        lsc 	List Current Source
                                                        lse 	Launch Source Editor
                                                  lsf, lsf- 	Load or Unload Source File
                                                        lsp 	Set Number of Source Lines
                                                          m 	Move Memory
                                                          n 	Set Number Base
                                                 ob, ow, od 	Output to Port
                                                          p 	Step
                                                         pa 	Step to Address
                                                         pc 	Step to Next Call
                                                        pct 	Step to Next Call or Return
                                                         ph 	Step to Next Branching Instruction
                                                         pt 	Step to Next Return
                                                      q, qq 	Quit
                                                         qd 	Quit and Detach
                                                          r 	Registers
                                                      rdmsr 	Read MSR
                                                         rm 	Register Mask
                                                          s 	Search Memory
                                                         so 	Set Kernel Debugging Options
                                                         sq 	Set Quiet Mode
                                                         ss 	Set Symbol Suffix
                           sx, sxd, sxe, sxi, sxn, sxr, sx- 	Set Exceptions
                                                          t 	Trace
                                                         ta 	Trace to Address
                                                         tb 	Trace to Next Branch
                                                         tc 	Trace to Next Call
                                                        tct 	Trace to Next Call or Return
                                                         th 	Trace to Next Branching Instruction
                                                         tt 	Trace to Next Return
                                                          u 	Unassemble
                                                         uf 	Unassemble Function
                                                         up 	Unassemble from Physical Memory
                                                         ur 	Unassemble Real Mode BIOS
                                                         ux 	Unassemble x86 BIOS
                                                 vercommand 	Show Debugger Command Line
                                                    version 	Show Debugger Version
                                                  vertarget 	Show Target Computer Version
                                                      wrmsr 	Write MSR
                                                         wt 	Trace and Watch Data
                                                          x 	Examine Symbols
                                                          z 	Execute While

  

 meta commands

daniel@daniel-mint ~/windbg $ awk 'FS="[()]"{printf("%30s\t%s\n", $1, $2)}' meta_commands 
                      .abandon	(Abandon
             .allow_exec_cmds 	Allow Execution Commands
         .allow_image_mapping 	Allow Image Mapping
                   .apply_dbp 	Apply Data Breakpoint to Context
                         .asm 	Change Disassembly Options
                      .attach 	Attach to Process
                        .beep 	Speaker Beep
                      .bpcmds 	Display Breakpoint Commands
                      .bpsync 	Synchronize Threads at Breakpoint
                     .breakin 	Break to the Kernel Debugger
                      .browse 	Display Command in Browser
                    .bugcheck 	Display Bug Check Data
                       .cache 	Set Cache Size
                        .call 	Call Function
                       .chain 	List Debugger Extensions
                    .childdbg 	Debug Child Processes
                     .clients 	List Debugging Clients
                 .closehandle 	Close Handle
                         .cls 	Clear Screen
                     .context 	Set User-Mode Address Context
                     .copysym 	Copy Symbol Files
                      .cordll 	Control CLR Debugging
                       .crash 	Force System Crash
                      .create 	Create Process
                   .createdir 	Set Created Process Directory
                         .cxr 	Display Context Record
                      .dbgdbg 	Debug Current Debugger
                      .detach 	Detach from Process
                    .dml_flow 	Unassemble with Links
                   .dml_start 	Display DML Starting Point
                        .dump 	Create Dump File
                     .dumpcab 	Create Dump File CAB
                     .dvalloc 	Allocate Memory
                      .dvfree 	Free Memory
                        .echo 	Echo Comment
                  .echocpunum 	Show CPU Number
                    .echotime 	Show Current Time
              .echotimestamps 	Show Time Stamps
                        .ecxr 	Display Exception Context Record
                     .effmach 	Effective Machine
          .enable_long_status 	Enable Long Integer Display
              .enable_unicode 	Enable Unicode Display
                     .endpsrv 	End Process Server
                      .endsrv 	End Debugging Server
                     .enumtag 	Enumerate Secondary Callback Data
                  .event_code 	Display Event Code
                    .eventlog 	Display Recent Events
                     .exepath 	Set Executable Path
                        .expr 	Choose Expression Evaluator
                       .exptr 	Display Exception Pointers
                         .exr 	Display Exception Record
                    .extmatch 	Display All Matching Extensions
                     .extpath 	Set Extension Path
                     .f+, .f- 	Shift Local Context
                       .fiber 	Set Fiber Context
                  .fiximports 	Fix Target Module Imports
              .flash_on_break 	Flash on Break
                       .fnent 	Display Function Data
                       .fnret 	Display Function Return Value
          .force_radix_output 	Use Radix for Integers
                    .force_tb 	Forcibly Allow Branch Tracing
                     .formats 	Show Number Formats
                         .fpo 	Control FPO Overrides
                       .frame 	Set Local Context
                        .help 	Meta-Command Help
                          .hh 	Open HTML Help File
            .hideinjectedcode 	Hide Injected Code
                     .holdmem 	Hold and Compare Memory
                    .idle_cmd 	Set Idle Command
        .ignore_missing_pages 	Suppress Missing Page Errors
                      .inline 	Toggle Inline Function Debugging
                     .imgscan 	Find Image Headers
                     .kdfiles 	Set Driver Replacement Map
                     .kframes 	Set Stack Length
                        .kill 	Kill Process
                   .lastevent 	Display Last Event
                       .lines 	Toggle Source Line Support
               .load, .loadby 	Load Extension DLL
                      .locale 	Set Locale
                   .logappend 	Append Log File
                    .logclose 	Close Log File
                     .logfile 	Display Log File Status
                     .logopen 	Open Log File
                      .netuse 	Control Network Connections
                     .noshell 	Prohibit Shell Commands
                   .noversion 	Disable Version Checking
                    .ocommand 	Expect Commands from Target
                     .ofilter 	Filter Target Output
                        .open 	Open Source File
                    .opendump 	Open Dump File
                     .outmask 	Control Output Mask
                      .pagein 	Page In Memory
                        .pcmd 	Set Prompt Command
                         .pop 	Restore Debugger State
                  .prefer_dml 	Prefer Debugger Markup Language
                     .process 	Set Process Context
                .prompt_allow 	Control Prompt Display
                        .push 	Save Debugger State
                   .quit_lock 	Prevent Accidental Quit
                     .readmem 	Read Memory from File
                      .reboot 	Reboot Target Computer
             .record_branches 	Enable Branch Recording
                      .reload 	Reload Module
                      .remote 	Create Remote.exe Server
                 .remote_exit 	Exit Debugging Client
                     .restart 	Restart Target Application
                     .restart 	Restart Kernel Connection
                    .rrestart 	Register for Restart
                .scroll_prefs 	Control Source Scrolling Preferences
                      .secure 	Activate Secure Mode
                   .send_file 	Send File
                      .server 	Create Debugging Server
                     .servers 	List Debugging Servers
                      .setdll 	Set Default Extension DLL
                       .shell 	Command Shell
           .show_read_failures	
            .show_sym_failures	
                       .sleep 	Pause Debugger
                .sound_notify 	Use Notification Sound
            .srcfix, .lsrcfix 	Use Source Server
                    .srcnoisy 	Noisy Source Loading
          .srcpath, .lsrcpath 	Set Source Path
                 .step_filter 	Set Step Filter
                  .suspend_ui 	Suspend WinDbg Interface
                      .symfix 	Set Symbol Store Path
                      .symopt 	Set Symbol Options
                     .sympath 	Set Symbol Path
                      .thread 	Set Register Context
                        .time 	Display System Time
                       .tlist 	List Process IDs
                        .trap 	Display Trap Frame
                         .tss 	Display Task State Segment
                       .ttime 	Display Thread Times
                     .typeopt 	Set Type Options
                      .unload 	Unload Extension DLL
                   .unloadall 	Unload All Extension DLLs
                    .urestart 	Unregister for Restart
                        .wake 	Wake Debugger
              .write_cmd_hist 	Write Command History
                    .writemem 	Write Memory to File
                      .wtitle 	Set Window Title

  

Kernel Mode Extensions

!ahcache
!alignmentfaults
!analyzebugcheck
!apc
!apicerr
!arbinst
!arbiter
!ate
!bcb
!blockeddrv
!bpid
!btb
!bth
!bugdump
!bushnd
!ca
!callback
!calldata
!can_write_kdump
!cbreg
!cchelp
!chklowmem
!cmreslist
!cpuinfo
!db, !dc, !dd, !dp, !dq, !du, !dw
!dbgprint
!dblink
!dcr
!dcs
!deadlock
!defwrites
!devext
!devhandles
!devnode
!devobj
!devstack
!dflink
!diskspace
!dma
!dpa
!dpcs
!driveinfo
!drivers
!drvobj
!dskheap
!eb, !ed
!ecb, !ecd, !ecw
!ecs
!errlog
!errpkt
!errrec
!exca
!filecache
!filelock
!fileobj
!filetime
!finddata
!findfilelockowner
!for_each_process
!for_each_thread
!fpsearch
!frag
!frozen
!fwver
!gbl
!gentable
!hidppd
!ib, !id, !iw
!icpleak
!idt
!ih
!ihs
!ioresdes
!ioreslist
!iovirp
!ipi
!irp
!irpfind
!irpzone
!irql
!isainfo
!isr
!ivt
!job
!kb, !kv
!loadermemorylist
!lockedpages
!locks (!kdext*.locks)
!logonsession
!lookaside
!lpc
!mca
!memlist
!memusage
!mps
!mtrr
!npx
!ob, !od, !ow
!object
!obtrace
!openmaps
!pars
!pat
!pci
!pciir
!pcitree
!pcm
!pcr
!pcrs
!pfn
!pmc
!pmssa
!pnpevent
!pocaps
!pool
!poolfind
!poolused
!poolval
!popolicy
!pplookaside
!ppmidle
!ppmidleaccounting
!ppmperf
!ppmperfpolicy
!ppmstate
!prcb
!process
!processfields
!processirps
!psp
!pte
!pte2va
!ptov
!qlocks
!ready
!reg
!regkcb
!rellist
!ruleinfo
!running
!scm
!search
!searchpte
!sel
!session
!smt
!spoolsum
!spoolused
!sprocess
!srb
!stacks
!swd
!sysinfo
!sysptes
!thread
!threadfields
!time
!timer
!tokenfields
!trap
!tss
!tz
!tzinfo
!ubc
!ubd
!ube
!ubl
!ubp
!urb
!vad
!vad_reload
!validatelist
!verifier
!vm
!vpb
!vpdd
!vtop
!walklist
!wdmaud
!whattime
!whatperftime
!whea
!wsle
!xpoolmap
!zombies

 

general extensions

!acl
!address
!analyze
!asd
!atom
!bitcount
!chksym
!chkimg
!cppexr
!cpuid
!cs
!cxr
!dh
!dlls
!dml_proc
!dumpfa
!elog_str
!envvar
!error
!exchain
!exr
!findxmldata
!for_each_frame
!for_each_function
!for_each_local
!for_each_module
!for_each_register
!gflag
!gle
!gs
!handle
!heap
!help
!homedir
!hstring
!hstring2
!htrace
!imggp
!imgreloc
!kuser
!list
!lmi
!mui
!net_send
!obja
!owner
!peb
!rebase
!rtlavl
!sd
!sid
!slist
!std_map
!stl
!str
!sym
!symsrv
!teb
!tls
!token
!tp
!triage
!ustr
!version
!winrterr

  

user mode extensions

!avrf
!critsec
!dp (!ntsdexts.dp)
!dreg
!dt
!evlog
!findstack
!gatom
!igrep
!locks (!ntsdexts.locks)
!mapped_file
!runaway
!threadtoken
!uniqstack
!vadump
!vprot

  

  

 

posted @ 2014-07-29 13:19  Daniel King  阅读(1534)  评论(0编辑  收藏  举报