NTSD简介

 

前言：既然Drwtsn32存在若干缺陷，需要寻找新的技术替代Drwtsn32。NTSD是一个不错的选择。本文将从Drwtsn32的几个缺点，分别介绍NTSD中 的解决方法。主要介绍以下三个方面的内容：

1、NTSD配置

2、NTSD优点

3、NTSD缺点

一、 NTSD配置

There are two options to deploy NTSD!

Option 1-Share Model

所有的应用程序异常崩溃都用调用的方式，drwtsn32一样，修改注册表中Debugger的值为：

C:/WINDOWS/system32/ntsd.exe -p %ld -e %ld -g -c ".dump D:/Dump/jit.dmp;q"

其中第一个路径为ntsd.exe程序目录，最后一个路径为生成的dmp文件存储路径，该目录必须存在，否则文件将生成失败。

图1.1 Share Model 参数设置

 

Option 2-Unshared Model

为特定某个应用程序崩溃指定调试程序，在键

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WindowsNT/CurrentVersion/Image File Execution Options下建一个项；比如为GPTLog进行特殊设置，取名为GPTLog.EXE,而后增加Debugger键，类型为string，键值为：

C:/WINDOWS/system32/ntsd.exe -g -c ".dump D:/Dump/jit.dmp;q"

图1.2 UnShared Mode 参数设置

Note: If value name Debugger doesn’t exist under the new key, create it; if path of NTSD contains space, a quote is needed.

二、NTSD优点

    NTSD可以解决 drwtsn32中的所有缺陷！

1、  JIT debugging under any user account（在任何帐户下可以使用）

-noio 命令行参数，允许任何用户访问WinSta0，使其可以使用ntsd，修改后命令：

C:/WINDOWS/system32/ntsd.exe -p %ld -e %ld -g -noio -c ".dump D:/Dump/jit.dmp;q"

        

2、  Crash dump files with unique names（生成唯一的dmp文件名）

If we use /u option with .dump command, the command will create a crash dump with unique name (based on the specified file name, current date and time, and some additional information; for example, jit_0648_2005-06-13_23-42-49-834_0638.dmp). Here is the new command line:

C:/WINDOWS/system32/ntsd.exe -p %ld -e %ld -g -noio -c ".dump –u D:/Dump/jit.dmp;q"

 

3、  Customizing the minidump format（定制minidump格式）

Other options of .dump command allow to customize the format and contents of the minidump. Complete list can be found in Debugging Tools' documentation (search for .dump command), and here I will show the most popular ones:

/f

Full user dump (old format, not recommended)

/m

Standard minidump (equivalent of MiniDumpNormal minidump type; this option is used by default)

/ma

Minidump with all possible options (memory, handles, unloaded modules, etc.)

/mFhutwd

Minidump with data sections, non-shared read/write memory pages and other useful information (my personal favorite when size of the minidump is important)

 

You can Find more information about contents of minidumps in this article:

http://www.debuginfo.com/articles/ntsdwatson.html#jitregister

and here is the new command line that creates a minidump with as much information as possible:

c:/dbgtools/ntsd.exe -p %ld -e %ld -g -noio -c ".dump /ma /u D:/dumps/jit.dmp;q"

        

4、  Sending notifications（发送告示）

Finally, let's notify ourselves when an application crashes on another system in the network (e.g. in test lab). NTSD makes it possible with the help of !net_send command, which allows to send a message to another computer over the network. This command line takes the following parameters:

!net_send SenderMachine TargetMachine SenderMachine MessageText

Assuming that NTSD is running on the computer called TestPc, and we want to send a message to the computer called DevPc, the command would look like this:

c:/dbgtools/ntsd.exe -p %ld -e %ld -g -noio -c ".dump /ma /u D:/dumps/jit.dmp;!net_send TestPc DevPc TestPc Crash dump created;q"

;q 表示退出Dos窗口

三、NTSD缺点

这也是drwtsn32（Dr. Watson）的一个优点，drwtsn32被安装于到现在为止的所有操作系统。NTSD也存在于以Windows NT为内核的操作系统中，但在大多数操作系统中存在的是她的老版本，不支持此处讨论的绝大部分参数。然而，NTSD仍是JIT(Just In Time) Debugger的强有力的竞争者之一。

 

参考文章：

http://blog.csdn.net/yeming81/archive/2008/05/03/2370803.aspx

http://www.debuginfo.com/articles/ntsdwatson.html