谈谈CEDebugX的使用和命令(押宝游戏被坑了10000分,发个帖子发泄一下)
第一次玩押宝游戏,才知道原来是个大坑,给得答案明显不对也行,坑了我10000分。算了,还是来谈谈技术吧
用CE的人经常觉得CE上面没有很好的debug工具,就像桌面的windbg那样好用的工具来跟踪问题,其实CE上也提
供了一个类似的东西,虽然没有windbg那么强大,但是也提供了很多有用的功能,那就是cedebugx.也许有些人
还不了解这个工具,我这里简单介绍一下它的几个常用命令。
在CE6的PB里面,cedebugx已经被自动装载了,但是在CE5的pb里,你需要手动的从菜单里面通过load debug
extension装载.
cedebugx的命令和其他target control中的命令一样,都只要在target control中运行该命令就可以了。但是这
个工具和windbg一样,都是在系统被断下来的情况下进行分析的,而不像很多target control中的其他命令,只
能在系统运行的时候调用。另外就是,由于cexdebugx是debug extension,所以它所有命令之前都要加一个感叹
号。
我们先可以在target control中用!help看一下该工具包含的命令,可以看到这里面包含的所有命令:
COMMANDS:
To see detailed help type the command followed by /?
Extension Information and Control:
help - display this list
version - display version information for this extension
refresh - refresh cached info (must call after any run/break cycle).
xml - capture debug info in an xml file and display formatted data.
save - prompts the user for a location in which to save all files generated
in the session.
getworkingpath - display the path to the debugger extension's current working folder.
setworkingpath - specify a path to use as a new destination for saved files (working
folder)
General Information:
exception - exception info and current call stack
kinfo - prints the UserKInfo table
toc - prints ROM table of contents
oat - prints OEM Address Table
disasm - retrieve disassembly for a given address
getsym - list nearest symbol at addr
checksymbols - validate that correct symbols are in use.
dd - dump data at given address
ll - prints linked lists generically
expr - evaluate an expression
getsizeof - get the size, in bytes, of a type or expression
d2x - convert a decimal integer to a hex value.
x2i - convert a hex value to a singed integer.
x2u - convert a hex value to an unsigned integer.
ms2t - display a value in milliseconds as hours, minutes, and seconds.
Diagnostics:
diagnose - provide detailed information about hangs or crashes
Threads:
thread - prints thread information from thread ptr
threadh - prints thread information from thread handle
threadlist - enumerate all threads (basic info). use "threadlist ?" for more
options
allthreads - enumerate all threads (extended info)
runlist - enumerate threads on the scheduler's run list.
sleeplist - enumerate threads on the scheduler's sleep list.
context - print context information for a given thread.
stackeval - prints all values on a thread's stack, looking for potential symbols
and known objects
stacktrace - prints stack ptr and frame ptrs with PC and ret addr for a given
thread
Processes and Modules:
proc - prints process information
proclist - lists all processes
module - prints module information
modlist - lists all loaded modules
Handles:
handlelist - prints active handle list
handle - evaluates a handle to determine type
h2p - get kernel object ptr from a handle
p2h - get a handle from a kernel object ptr
Blocked Threads:
proxy - prints detailed information about a particular proxy (i.e. blocking
object)
proxylist - lists all of the proxies in the system or owned by a particualr
process
blocked - prints list of blocking objects (proxies) and the threads they are
blocking
cslist - prints a list of critical sections that are currently blocking
threads
eventlist - prints a list of events that are currently blocking threads
sending - prints a list of threads blocked in SendMessage calls
Memory:
heaplist - prints summary information about all heaps in the system
heapwalk - print extended heap information
walkthisheap - print heap information for specific heap
meminfo - prints system memory information
heapitem - finds a heap item spanning an address and dumps item contents
dumpitem - prints contents of a heap item
valist - prints virtual allocations associated with a process
fsmaplist - prints summary information about all memory-mapped files
fsmap - prints information about a memory-mapped file
fsviewlist - prints summary information about all memory-mapped views
fsview - prints information about a memory-mapped view
pgpool - prints information about the page pools
GWES:
win - enumerate all windows (use it without arguments for more options)
winh - prints the window information for a handle (can use p|c|n|d|a) for
navigation
gditable - enumerate all GDI entries
gdih - prints the information of the GDI entity related to the provided
handle
gdiobj - prints the information of the GDI entity related to the provided gdi
object
screenshot - creates and shows a screenshot of the current UI state of the device
msgqueues - lists active message queues
注意如果你release目录下的文件和你的设备中的文件(包括pdb文件)不匹配的话,会报以下错误:
Error resolving expression <{,,kernel.dll}g_pprcNK->dwId>
ERROR in ReadStruct, can't read {,,kernel.dll}g_pprcNK->dwId
Symbols for NK.EXE are incorrect. Attempting to reload symbols ...
Error resolving expression <{,,kernel.dll}g_pprcNK->dwId>
ERROR in ReadStruct, can't read {,,kernel.dll}g_pprcNK->dwId
Unable to resolve NK.EXE symbols.
这是说你的NK.exe和你的NK.pdb不匹配,这种情况下上述命令是用不了的,所以你要至少保证您的设备上的
NK.exe和release下的nk.pdb是匹配的,一般我都是要求设备上的image就是通过当前release目录里的文件生成
的。
所有这些命令当中一般都是先打一个!diagnose all看一看,它会帮你自动分析系统可能存在的hang和crash的问
题。如果找到了,它会列出它认为存在的问题,然后你可以用!diagnose <index>来看它列出的问题的详细信息
。
当然diagnose不是万能的,你也许要自己手工去查问题,那么首先要显示进程列表,线程列表,装载的模块列表以及窗口列表:
proclist,threadlist,modlist,win
当然相关的process, thread,module可以显示指定对象的详细信息。
如果要查询堆栈上的东西,那么可以用stackeval,当然前提是你需要对堆栈的结构熟悉。它的好处是它会帮你自动匹配所有可能匹配的数据,所以匹配结果只是个参考,但省去了好多麻烦。
disasm是用来反汇编用的,这在需要分析汇编代码的时候很有用。
runlist可以用来显示当前运行的线程,当系统非正常的busy的时候,可以用它来查看系统中哪个线程占了大量的CPU时间。
dd,getsizeof可以用来查看结构内容和大小,当你从栈上得到一个结构的地址,但是不知道怎么看里面的内容时就可以用上了。