windbg调试技巧 执行直到某个特殊状态



Executing Until a Specified State is Reached

执行直到某个特殊状态

There are several ways to cause the target to execute until a specifiedstate is reached.

有几种方式使得目标执行直到某个特殊状态

Using a Breakpoint to Control Execution

使用一个断点控制执行

One method is to use a breakpoint. The simplest breakpoint halts executionwhen the program counter reaches a specified address. A more complex breakpointcan:

一种方式是使用一个断点。最简单的断点在程序计数器到达某个特定地址时将程序挂起。一个更加复杂的断点可以：

• be triggered only when this address is executed by a specific thread,
• 仅当这个地址被某个特定的线程执行时被触发
• allow a specified number of passes through this address before being triggered,
• 允许在这个地址被触发前一个特定数量的通过这个地址
• automatically issue a specified command when it is triggered, or
• 当它被触发是自动化的调用一个特定的命令，或者
• watch a specified address in non-executable memory, being triggered when that memory is read or written to.
• 在不可执行内存中监控一个特定的地址，当该内存被读或写时被触发

For details on how to set and control breakpoints, seeUsing Breakpoints.

如果需要如何设置和控制断点，可以参考Using Breakpoints.

A more complicated way to execute until a specified state is reached is touse aconditional breakpoint. This kind of breakpoint is set at acertain address, but is only triggered if a specified condition holds. Fordetails, seeSetting a Conditional Breakpoint.

一个更加复杂使得执行直到一个特定状态的方式是使用一个条件断点。这种断点设置在某个特定地址，但是只有当某个条件被满足时才被触发。详情见Setting a Conditional Breakpoint.

Breakpoints and Pseudo-Registers

断点和伪寄存器

In specifying the desired state, it is often helpful to useautomaticpseudo-registers. These are variables controlled by the debugger whichallow you to reference a variety of values related to the target state.

在指定需要的状态时，使用自动的伪寄存器经常很有用。有一些通过调试器控制的变量允许你引用一些与目标状态相关的一些变量

For example, the following breakpoint uses the$threadpseudo-register, which is always equal to the value of the current thread. Itresolves to the value of the current thread when it is used in a command. Byusing$thread as the argument of the/t parameter of thebp (Set Breakpoint) command, you cancreate a breakpoint that will be triggered every time thatNtOpenFile iscalled by the thread which was active at the time you issued thebpcommand:

例如，下面的断点使用$thread伪寄存器，它总是与当前线程的值相等。当在一个命令中使用它时它被解释为当前线程的值。通过在bp命令的/t参数中使用$thread作为参数，你可以创建一个断点，它在每次当你使用bp命令设置时的线程调用NtOpenFile时都会被触发:

kd> bp /t @$thread nt!ntopenfile

This breakpoint will not be triggered when any other thread callsNtOpenFile.

当其他任何线程调用NtOpenFile时都不会触发这个断点

For a list of automatic psuedo-registers, seePseudo-Register Syntax.

自动化伪寄存器的列表可以参见Pseudo-Register Syntax.

Using a Script File to Control Execution

使用一个脚本文件控制执行

Another way to execute until a specified state is reached is to create a scriptfile that calls itself recursively, testing the desired state in eachiteration.

另一个使得执行直到一个特定状态的方式时创建一个脚本文件，递归地调用自身，在每一次迭代式测试该状态

Typically, this script file will contain the.if and.else tokens. You can use a command such ast (Trace) to execute a single step, andthen test the condition in question.

通常地，这个脚本文件将会包含.if和.else关键字。你可以使用一个命令如t以单步执行，并且测试条件

For example, if you wish to execute until theeax register containsthe value 0x1234, you can create a script file calledeaxstep.txt thatcontains the following line:

例如，如果你想要执行直到eax寄存器包含值0x1234，你可以创建一个脚本文件叫做eaxstep.txt包含下面这些行：

.if (@eax == 1234) { .echo Value of eax is 1234. } .else { t ; $<eaxstep.txt }

Then issue the following command from the Debugger Command window:

然后再命令窗口中调用下面的命令

t "$<eaxstep.txt"

Thist command will execute a single step, and then execute thequoted command. This command happens to be$< (Run Script File), which runs theeaxstep.txtfile. The script file tests the value ofeax, runs thet command,and then calls itself recursively. This continues until theeax registerequals 0x1234, at which point the.echo (Echo Comment) command prints amessage to the Debugger Command window, and execution stops.

这个t命令将会单步执行，并且接着执行单引号中的命令。这个命令常常是$< (Run Script File),执行eaxstep.txt文件。这个脚本文件测试eax的值，运行t命令，并且接着递归地调用它自身.这将持续直到eax寄存器等于0x1234，在该点.echo (Echo Comment)  命令打印一条消息到调试命令窗口，并且停止执行

For details on script files, seeUsing Script Files andUsing Debugger Command Programs.

脚本文件的详细信息参见Using Script Files andUsing Debugger Command Programs.