很多研究win2000核心的人,都介绍使用soft-ice,可很少介绍microsoft自己的核心调试工具。
小弟写篇i386kd.exe的介绍,意在抛转引玉,供大家参考!
而且这段时间,csdn 上关于内核类的文章好象以绝迹那,大虾大虾快回来,你的fans在呼唤你!
usage: i386kd [-?] [-v] [-m] [-r] [-s] [-b] [-x] [-m] [-myob]
[-y SymbolsPath] [-z CrashDmpFile]
where: -v Verbose mode
-? Display this help
-r Display registers
-s No Lazy symbol loading
-m Use modem controls
-b Break into kernel
-x Same as -b, except uses an initial command of eb NtGlobalFlag 1;g
-m Serial port is a modem, watch for carrier detect
-myob ignores version mismatches in DBGHELP.DLL
-y SymbolsPath specifies the symbol search path
-z CrashDmpFile specifies the name of a crash dump file to debug
Environment Variables:
_NT_DEBUG_PORT=com[1|2|...]
Specify which com port to use. (Default = com1)
_NT_DEBUG_BAUD_RATE=baud rate
Specify the baud rate used by debugging serial port. (Default = 19200)
_NT_SYMBOL_PATH=[Drive:][Path]
Specify symbol image path. (Default = %SystemRoot%)
_NT_ALT_SYMBOL_PATH=[Drive:][Path]
Specify an alternate symbol image path.
_NT_DEBUG_EXTENSIONS=dllname(s)
If specified, it is a semi-colon separated list of debugger extension DLL names
This specifies the search order when resolving debugger extension commands
_NT_DEBUG_LOG_FILE_OPEN=filename
If specified, all output will be written to this file from offset 0.
_NT_DEBUG_LOG_FILE_APPEND=filename
If specified, all output will be APPENDed to this file.
_NT_DEBUG_CACHE_SIZE=x
If specified, gives the number of bytes cached on debugger side
of kernel debugger serial connection (default is 102400).
KDQUIET=anything
If defined, disables obnoxious warning message displayed when user
presses Ctrl-C
Control Keys:
<Ctrl-C> Break into kernel
<Ctrl-B><Enter> Quit debugger
<Ctrl-R><Enter> Resynchronize target and host
<Ctrl-K><Enter> Toggle Initial Breakpoint
<Ctrl-V><Enter> Toggle Verbose mode
<Ctrl-D><Enter> Display debugger debugging information
流浪的小狗,没有家呀!
没有一个家! 
|
本类阅读TOP10