WinDbg扩展步进 [英] WinDbg Extension stepping

问题描述

我试图写一个扩展函数，它将运行到下一个调用，然后打印出关于下一条指令的信息。

I am trying to write an extension function that will run to the next call and then print out information about the next instruction.

我使用 IDebugControl :: Execute 运行 tc 。如文档中所述，此调用在实际发生跟踪之前返回。睡眠或调用DispatchCallbacks没有看到 tc 跟踪发生在我的扩展返回之前。

I am using IDebugControl::Execute to run tc. As noted in the documentation, this call returns before the tracing has actually occurred. Sleeping or calling DispatchCallbacks does not see the tc trace occur before my extension returns.

如何在不从调用返回的情况下允许跟踪发生？

如果我添加自己的DebugEventCallback，那么我可以得到触发的DebuggeeState和EngineState更改的通知，但不能从这些回调中返回到引擎。

If I add my own DebugEventCallback then I can get notified of the triggered DebuggeeState and EngineState changes, but can't reach back into the engine from those callbacks.

推荐答案

我认为通过IDebugControl :: Execute（g，t等）调用更改调试器状态不是一个好主意

I think It is not a good idea to make call changing a debugger state through IDebugControl::Execute ( g, t, etc )

首先应该实现步骤命令：

At first you should implement step command:

control->SetExecutionStatus(DEBUG_STATUS_STEP_OVER);
control->WaitForEvent(DEBUG_WAIT_DEFAULT, INFINITE);

那么你可以为呼叫签名做一个匹配器：

then you can make a matcher for call signature:

registers->GetInstructionOffset( &ip );
control->Disassemble( ip, ..., disasmStr, .. 
return  disasmStr

然后可以构建自己的tc：

then can build your own tc:

while( CurrentInstruction() != 'call' ) makeOneStep()

您可以使用我们的python扩展： pykd.codeplex.com

you can use our python extension: pykd.codeplex.com

Python代码如下所示：

Python code will look like:

from pykd import disasm, step
while disasm().instruction.find('call') < 0:
   step()

这篇关于WinDbg扩展步进的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！