windbg调试程序

最新推荐文章于 2024-06-24 18:41:05 发布

Hui_NJ

最新推荐文章于 2024-06-24 18:41:05 发布

阅读量1.2k

点赞数 1

分类专栏： c++编程基础

本文链接：https://blog.csdn.net/cai0612123/article/details/16887995

版权

c++编程基础专栏收录该内容

15 篇文章 0 订阅

订阅专栏

1.取消编译优化选择，将编译后的binary 及其符号文件放入 bin下

2.设置gflags.exe，在程序刚启动就将其捕获

3. 进程:DoScan.exe在windbg.exe 设置如下：
(1)加载符号文件
0:000> .reload /f doscan.exe
0:000> .reload /f cliproxy.dll
"cliproxy.dll" was not found in the image list.
Debugger will attempt to load "cliproxy.dll" at given base 00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000

如果reload命令加载本地symbol失败，可以用ld命令

(2)加载cliproxy.dll时下断点
0:000> sxe ld:cliproxy.dll
(3)设置断点
0:000> x doscan!*startupscan*
00411290 DoScan!DoStartUpScans (void)
00408ff0 DoScan!StartupScansLocked (void)
00409070 DoScan!StartupScansEnabled (void)
0:000> bp DoScan!DoStartUpScans
0:000> bp doscan!performscan
(4)开始调试
0:000> g

(5)设置源文件路径

4.将进程ccSvcHost.exe attached到windbg.exe上，之后做如下设置：
0:082> .reload /f avhostplugin.dll
0:082> x avhostplugin!*startscan*
0275dd70 AVHOSTPLUGIN!StartScan (struct HKEY__ *, unsigned long *, unsigned long, <function> *, <function> *, class CSavScanStatus *, void *, struct HKEY__ *, char *, char *)
027216e0 AVHOSTPLUGIN!CSavCloudScan::StartScan (void)
027556e0 AVHOSTPLUGIN!CScheduledScanService::StartScan (class CScheduledScanAbstract *, struct HKEY__ *, bool)
0275f170 AVHOSTPLUGIN!ThrottledStartScan (class CSavScanStatus *)
027e93b0 AVHOSTPLUGIN!CScanManagerService::StartScan (struct tagVARIANT, struct tagVARIANT *)
0:082> bp AVHOSTPLUGIN!CScanManagerService::StartScan
0:082> bl
0 e 027e93b0 0001 (0001) 0:**** AVHOSTPLUGIN!CScanManagerService::StartScan
0:082> g

5.最终结果