평소에 WinDbg의 가장 불편한 점 중 하나가 STL 분석이 안된다는 점이었는데요... 이 점을 보완할 수 있는 Extention DLL을 소개합니다.
STL 분석 뿐만 아니라 리버싱 관련 다양하고 파워풀한 기능을 지원하는 WinDbg의 Extention DLL "SDbgExt"입니다.
여기서 다운로드 받으시면 됩니다.
사용법은 아래 튜터리얼 참고...
이런 식으로 씁니다.
0:045> !sdbgext.stlmap
Usage: !stlmap <address> [key-size] [value-size]
0:045> !sdbgext.stlmap 0x02722ae0+0x20e4 0x24 0x04
map size=78 head=027209b8
node at 08e41cc8
key:
b0 a3 8b 05 6f 00 6d 00 65 00 5c 00 75 00 73 00 ....o.m.e.\.u.s.
5f 00*00 00 5f 00 00 00 5c 00 6d 00 30 51 72 02 _..._...\.m.0Qr.
9a 01 00 00 ....
data = 058C7F38
node at 08e419c8
key:
78 a4 8b 05 65 00 6d 00 6f 00 72 00 79 00 32 00 x...e.m.o.r.y.2.
5f 00*00 00 5f 00 00 00 00 00 00 00 30 51 72 02 _..._.......0Qr.
9b 01 00 00 ....
data = 05948008
/// 이하 생략...
0:045> dt Dokan!LEO_UDRIVE_REQUEST_HEADER 058C7F38
+0x000 cbHeaderSize : 0x10265
+0x004 FileIoType : 6 ( LeoIo_WriteFile )
+0x008 szSessionId : [100] "00e0c338-58c5fa67"
+0x0d0 dwProcessTypeFlag : 0
+0x0d4 dwFlag : 0
+0x0d8 LeoDokanOptions : _LEO_DOKAN_OPTIONS
+0x0f4 DokanFileInfo : _DOKAN_FILE_INFO
+0x114 PerIoContext : _LEOFS_PERIO_CONTEXT
+0x170 ClientIp : 0x2a64a8c0
+0x174 dwReserved1 : 0
+0x178 cbDataSize : 0x100e8
+0x17c Data : [1] ""
도움말이 잘 되어 있어서... 일단 무작정 써보셔도 됩니다.
VS에서 직접 stl 디버깅하는 것만큼은 아니지만... 아쉬운대로 쓸만 합니다.
대충 다음과 같은 기능들이 있네요... ^^
0:045> !sdbgext.help
Skywing Debugger Extensions (SDbgExt) help
!valloc [address] <size> <type> <protect> Allocates virtual memory
!vallocrwx [address] <size> Allocates and commits PAGE_READWRITE_EXECUTE virtual memory
!vfree <address> <size> <type> Frees virtual memory
!vdecom <address> Decommits virtual memory
!vprotect <address> <size> <protect> Protects virtual memory
!vmemconst Displays various constants for the !v* extensions
!ntstatus <status> Translates an NTSTATUS value
!remotecall <address> <call-conv> [arguments] Calls a function in the target process (from a new thread)
Valid calling conventions include stdcall(0), cdecl(1), fastcall(2)
Ansi and Unicode strings ("str", L"str") are automatically marshalled
!remotecall64 <address> <call-conv> [arguments] Same as !remotecall, but displays a 64-bit return value
!loaddll <dllname> Loads a dll into the target process (from a new thread)
!unloaddll <address> Unloads a dll from the target process (from a new thread)
!loaderlock Checks if the process loader lock has been acquired
!version Displays the SDbgExt version
!heapalloc [heap] <size> Allocates heap memory (defaults to the process heap)
!heapfree [heap] <address> Frees heap memory (defaults to the process heap)
!objsec <handle> Displays the security descriptor associated with an object
!amask <access-mask> [object-type] Displays an ACCESS_MASK, optionally interpreting specific rights according to object-type
!objtypes Display a list of supported object type names
!overlapped <address> Displays an OVERLAPPED structure
!hwnd [window-handle] [flags] Displays information about an HWND (or enumerates windows for the current thread)
If bit 1 (0x01) is set in flags, dialog-specific information is included
!switchdesk <desktop-name> Switches the active desktop
!threadinfo <thread-id> [flags] Displays information about a thread
If bit 1 (0x01) is set in flags, thread times are included
!getprop <hwnd> [propname] Displays a window property
If propname is omitted, all properties are displayed
!tokeninfo [handle] [flags] Displays information about a token. If handle is omitted the current subject token is used.
If bit 1 (0x01) is set in flags, handle refers to a thread id and the token for
that thread is displayed. Bit 2 indicates a thread handle, bit 3 indicates a process
id, and bit 4 indicates a process handle. Only one may be supplied.
!sidname <sid> Converts a sid to an account name.
!close <handle> Closes a handle in the process currently being debugged.
!objname <handle> Retrieves full name information for an object handle, including FILE_OBJECT handles.
!killthread [threadid] Terminates a thread. If a thread is is not supplied, the current thread is terminated.
!loadsym <module> [symbol list file] [path] Loads custom symbols from a symbol list file. If no list file is specified, a file named
loaded-base-module-name.lst is searched (e.g. C:\WINDOWS\System32\CMD.lst). Optionally a
path to the module image may be specified (for remote debugging. If a path is specified then
any filenames with spaces must be quoted (otherwise quoting is optional).
If no .lst file is present, loaded-base-module-name.map is searched (as a linker map file).
!unloadsym <module> [symbol list file] [path] Unloads custom symbols from a symbol list file.
!dbgpri [priority] Sets the scheduling priority for the debugger process. If priority is omitted, the debugger
is set to the normal priority class.
!lmx [list-type] Lists user mode loaded modules for the target. list-type is 0, 1, 2 for the load order,
memory order, or initialization order lists. Defaults to in-load-order list.
!findwfptr [flags] Searches target process address space for function pointers that are in writable memory.
Bit 0x1: Ignore symbols that reside in the middle of functions.
Bit 0x2: Automatically breakpoint on all found function addresses.
!adjpriv [priv] [flags] Adjusts privileges the target token.
Bit 0x1: Disable the privilege instead of enabling it.
Bit 0x2: Adjust the threads privileges and not the process.
Bit 0x4: Disable privilege lookup by name (required when RPC is unavailable).
Bit 0x8: Remove the privilege from the token.
!usermsg <address> Displays detailed information about a winuser MSG structure.
!ret <returnpoint> [stackbytes] [retval] Returns from a function, adjusting the stack upwards by 'stackbytes' bytes and
setting the return value register to a given value. The extension will verify
that the given returnpoint matches a return address on the stack after adjusting
the stack pointer. If retval is not specified, the return value is set to zero.
!mapbuiltinsym Loads SDbgExt built-in symbols appropriate for the target platform. If a full symbol
reload is issued, these symbols will be removed.
!cmpmem <[[-a|-x] addr length] | [-e addr] | [-c addr] [-s addr] [-l]>
Compares memory over time. Memory compare ranges may not overlap.
-a address length: Begin the comparison operation by saving target virtual memory.
-x address length: Manually exclude a region from future comparisons.
-e address : Compare memory with the target, excluding differing ranges from future
comparison operations. Address must refer to a region within an existing
memory compare operation.
-c address : Compare memory with the target, displaying differing ranges. Address must
refer to a region within an existing memory compare operation.
-s address : Stop a comparison operation, freeing any saved memory. Implied by -a.
Address must refer to a region within an existing memory compare operation.
-l : List all compare ranges currently active.
!rawbu <modulename> [command] Sets a deferred breakpoint on a given module name that executes the given command,
if present. The modulename is taken "as-is" and is not parsed.
Note that if present, the breakpoint command must not be quoted; it is taken "as-is".
!fnseh <address> [seh-module-base] Retrieves and displays exception handling data for an address (on 64-bit targets).
If present, seh-module-base overrides the automatic detection for the module base to use when
computing completed virtual addresses for exception and unwind handlers.
!findsymptr [flags] Searches for potential pointers to addresses corresponding exactly to a symbol.
This extension is useful for finding vtables on the heap if you have symbols.
Bit 0x1: Ignore symbols that reside in the middle of functions.
Bit 0x2: Only show sorted totals.
STL functions (for Visual Studio STL only)
!stlstring <address> [max-size] Displays an std::string (up to the first 64K chars, default to max 16K)
!stlwstring <address> [max-size] Displays an std::wstring (up to the first 64K-1 chars, default to max 16K)
!stlset <address> [value-size] Displays an std::set/std::multiset
If value-size is specified, that many bytes are displayed from each node's data
!stlmap <address> [key-size] [value-size] Displays an std::map/std::multimap
If key-size is specified, that many bytes are displayed from each node's key data
If value-size is also specified, that many bytes are displayed from each node's value data
!stllist <address> [value-size] Displays an std::list
If value-size is specified, that many bytes are displayed from each node's data
!stlvector <address> [element-size] Displays an std::vector
If element-size is specified, that many bytes are displayed from each element's data
'C++ > Debug' 카테고리의 다른 글
| Heap32Next 와 RtlAllocateHeap을 동시에 호출하면 DeadLock이 발생함 (2) | 2013.09.10 |
|---|---|
| Debugging Tips (8) - Hang 걸린 Application 분석하기 (20130905 수정) (7) | 2013.09.05 |
| Debugging Tips (13) static loading (implicit loading)된 DLL 강제로 Unload하기 (4) | 2013.06.20 |
| WinDbg에서 LastErrorCode (GetLastError) 확인하는 법 (0) | 2013.02.14 |
| Debugging Tips (12) - 정확한 PDB가 없을때 메모리 덤프 분석하기 (0) | 2013.01.24 |
