If you are using MASM syntax, you can add an @ before $. It can tell the debuger that the following value is a register or pesudo-register, not a symbol. If you omit the at sign, the debugger responds more slowly, because it has to search the whole symbol table.
$ea
The effective address of the last instruction that was executed. If this instruction does not have an effective address, the debugger displays "Bad register error". If this instruction has two effective addresses, the debugger displays the first address.
$ea2
The second effective address of the last instruction that was executed. If this instruction does not have two effective addresses, the debugger displays "Bad register error".
$exp
The last expression that was evaluated.
$ra
The return address that is currently on the stack.
This address is especially useful in execution commands. For example, g @$ra continues until the return address is found (although gu (Go Up) is a more precise effective way of "stepping out" of the current function).
$ip
The instruction pointer register.
x86-based processors: The same as eip. Itanium-based processors: Related to iip.(For more information, see the note following this table.) x64-based processors: The same as rip.
$eventip
The instruction pointer at the time of the current event. This pointer typically matches $ip, unless you switched threads or manually changed the value of the instruction pointer.
$previp
The instruction pointer at the time of the previous event.(Breaking into the debugger counts as an event.)
$relip
An instruction pointer that is related to the current event. When you are branch tracing,this pointer is the pointer to the branch source.
$scopeip
The instruction pointer for the current local context (also known as the scope).
$exentry
The address of the entry point of the first executable of the current process.
$retreg
The primary return value register.
x86-based processors: The same as eax. Itanium-based processors: The same as ret0. x64-based processors: The same as rax.
$retreg64
The primary return value register, in 64-bit format.
x86 processor: The same as the edx:eax pair.
$csp
The current call stack pointer. This pointer is the register that is most representative of call stack depth.
x86-based processors: The same as esp. Itanium-based processors: The same as bsp. x64-based processors: The same as rsp.
$p
The value that the last d*(Display Memory) command printed.
$proc
The address of the current process (that is, the address of the EPROCESS block).
$thread
The address of the current thread. In kernel-mode debugging,this address is the address of the ETHREAD block. In user-mode debugging,this address is the address of the thread environment block (TEB).
$peb
The address of the process environment block (PEB) of the current process.
$teb
The address of the thread environment block (TEB) of the current thread.
$tpid
The process ID (PID)for the process that owns the current thread.
$tid
The thread ID for the current thread.
$bpNumber
The address of the corresponding breakpoint. For example, $bp3 (or $bp03) refers to the breakpoint whose breakpoint ID is 3. Number is always a decimal number. If no breakpoint has an ID of Number, $bpNumber evaluates to zero. For more information about breakpoints, see Using Breakpoints.
$frame
The current frame index. This index is the same frame number that the .frame (Set Local Context) command uses.
$dbgtime
The current time, according to the computer that the debugger is running on.
$callret
The return value of the last function that .call (Call Function) called or that is used in an .fnret /s command. The data type of $callret is the data type of thisreturn value.
$lastclrex
Managed debugging only: The address of the last-encountered common language runtime (CLR) exception object.
$ptrsize
The size of a pointer. In kernel mode,this size is the pointer size on the target computer.
$pagesize
The number of bytes in one page of memory. In kernel mode,this size is the page size on the target computer.
$exr_chance
The chance of the current exception record.
$exr_code
The exception code for the current exception record.
$exr_numparams
The number of parameters in the current exception record.
$exr_param0
The value of Parameter 0 in the current exception record.
$exr_param1
The value of Parameter 1 in the current exception record.
$exr_param2
The value of Parameter 2 in the current exception record.
$exr_param3
The value of Parameter 3 in the current exception record.
$exr_param4
The value of Parameter 4 in the current exception record.
$exr_param5
The value of Parameter 5 in the current exception record.
$exr_param6
The value of Parameter 6 in the current exception record.
$exr_param7
The value of Parameter 7 in the current exception record.
$exr_param8
The value of Parameter 8 in the current exception record.
$exr_param9
The value of Parameter 9 in the current exception record.
$exr_param10
The value of Parameter 10 in the current exception record.
$exr_param11
The value of Parameter 11 in the current exception record.
$exr_param12
The value of Parameter 12 in the current exception record.
$exr_param13
The value of Parameter 13 in the current exception record.
$exr_param14
The value of Parameter 14 in the current exception record.
$bug_code
If a bug check has occurred,this is the bug code. Applies to live kernel-mode debugging and kernel crash dumps.
$bug_param1
If a bug check has occurred,this is the value of Parameter 1. Applies to live kernel-mode debugging and kernel crash dumps.
$bug_param2
If a bug check has occurred,this is the value of Parameter 2. Applies to live kernel-mode debugging and kernel crash dumps.
$bug_param3
If a bug check has occurred,this is the value of Parameter 3. Applies to live kernel-mode debugging and kernel crash dumps.
$bug_param4
If a bug check has occurred,this is the value of Parameter 4. Applies to live kernel-mode debugging and kernel crash dumps.
1291
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
