搜索
 找回密码
 立即注册
发新帖

bat教程[281] ntsd命令的用法

时间:2020-5-20 10:22 0 1817 | 复制链接 |

610

主题

610

帖子

0

积分

网站编辑

Rank: 8Rank: 8

积分
0
(1)ntsd命令的简介
  1. ntsd version 6.3.9600.17298
  2. usage: ntsd [options]

  3. Options:

  4.   <command-line> command to run under the debugger
  5.   -? displays command line help text
  6.   -- equivalent to -G -g -o -p -1 -d -pd
  7.   -2 creates a separate console window for debuggee
  8.   -a<DllName> adds a default extension DLL
  9.   -bonc request break in after session started
  10.   -c "<command>" executes the given debugger command at the first debugger
  11.                  prompt
  12.   -cf <file> specifies a script file to be processed at the first debugger
  13.              prompt
  14.   -cfr <file> specifies a script file to be processed at the beginning of a
  15.               session (including after .restart)
  16.   -cimp uses implicit create command line from a process server
  17.   -clines <#> number of lines of output history retrieved by a remote client
  18.   -d sends all debugger output to kernel debugger via DbgPrint
  19.      input is requested from the kernel debugger via DbgPrompt
  20.      -d cannot be used with debugger remoting
  21.      -d can only be used when the kernel debugger is enabled
  22.   -ddefer sends all debugger output to kernel debugger via DbgPrint
  23.           input is requested from the kernel debugger via DbgPrompt unless
  24.           there are remote clients that can provide input
  25.           -ddefer can only be used when the kernel debugger is enabled
  26.           -ddefer should be used with -server
  27.   -ee <name> set default expression evaluator
  28.              <name> can be MASM or C++
  29.   -failinc causes incomplete symbol and module loads to fail
  30.   -g ignores initial breakpoint in debuggee
  31.   -G ignores final breakpoint at process termination
  32.   -hd specifies that the debug heap should not be used for created processes.
  33.       This only works on Windows XP and later
  34.   -i <ImagePath> specifies the location of the executables that generated the
  35.                  fault (see _NT_EXECUTABLE_IMAGE_PATH)
  36.   -iae install as AeDebug debugger
  37.   -iaec <Command> install as AeDebug debugger with given command tail
  38.   -isd sets the CREATE_IGNORE_SYSTEM_DEFAULT flag in STARTUPINFO.dwFlags
  39.        during CreateProcess
  40.   -iu install dbgeng URL protocols
  41.   -kqm turns on kd quiet mode (equivalent to KDQUIET)
  42.   -lines requests that line number information be used if present
  43.   -loga <logfile> appends to a log file
  44.   -logau <logfile> appends to an Unicode log file
  45.   -logo <logfile> opens a new log file
  46.   -logou <logfile> opens a new Unicode log file
  47.   -myob ignores version mismatches in DBGHELP.DLL
  48.   -n enables verbose output from symbol handler
  49.   -noinh disables handle inheritance for created processes
  50.   -noio disables all I/O
  51.   -noshell disables the .shell (!!) command
  52.   -nosqm disables SQM data collection/upload.
  53.   -o debugs all processes launched by debuggee
  54.   -p <pid> specifies the decimal process ID to attach to
  55.   -pb specifies that the debugger should not break in at attach
  56.   -pd specifies that the debugger should automatically detach
  57.   -pe specifies that any attach should be to an existing debug port
  58.   -pn <name> specifies the name of the process to attach to
  59.   -pr specifies that the debugger should resume on attach
  60.   -psn <name> specifies the process to attach to by service name
  61.   -premote <transport>:server=<name>,<params>
  62.     specifies the process server to connect to
  63.     transport arguments are given as with remoting
  64.   -pt <#> specifies the interrupt timeout
  65.   -pv specifies that any attach should be noninvasive
  66.   -pvr specifies that any attach should be noninvasive and nonsuspending
  67.   -QR \\<machine> queries for remote servers
  68.   -r <BreakErrorLevel> specifies the (0-3) error level to break on (see
  69.                        SetErrorLevel)
  70.   -remote <transport>:server=<name>,<params>
  71.     lets you connect to a debugger session started with -server
  72.     must be the first argument if present
  73.       transport: tcp | npipe | ssl | spipe | 1394 | com
  74.       name: machine name on which the debug server was created
  75.       params: parameters the debugger server was created with
  76.         for tcp use:  port=<socket port #>
  77.         for npipe use:  pipe=<name of pipe>
  78.         for 1394 use:  channel=<channel #>
  79.         for com use:  port=<COM port>,baud=<baud rate>,
  80.                       channel=<channel #>
  81.         for ssl and spipe see the documentation
  82.       example: ... -remote npipe:server=yourmachine,pipe=foobar
  83.   -robp allows breakpoints to be set in read-only memory
  84.   -s disables lazy symbol loading
  85.   -sdce pops up dialogs for critical errors
  86.   -server <transport>:<params>
  87.     creates a debugger session other people can connect to
  88.     must be the first argument if present
  89.       transport: tcp | npipe | ssl | spipe | 1394 | com
  90.       params: connection parameterization
  91.         for tcp use:  port=<socket port #>
  92.         for npipe use:  pipe=<name of pipe>
  93.         for 1394 use:  channel=<channel #>
  94.         for com use:  port=<COM port>,baud=<baud rate>,
  95.                       channel=<channel #>
  96.         for ssl and spipe see the documentation
  97.       example: ... -server npipe:pipe=foobar
  98.   -ses enables strict symbol loading
  99.   -sflags <flags> sets symbol flags from a numeric argument
  100.   -sicv ignores the CV record when symbol loading
  101.   -sins ignores the symbol path environment variables
  102.   -snc converts :: to __ in symbol names
  103.   -snul disables automatic symbol loading for unqualified names
  104.   -srcpath <SourcePath> specifies the source search path
  105.   -sup enables full public symbol searches
  106.   -t <PrintErrorLevel> specifies the (0-3) error level to display (see
  107.                        SetErrorLevel)
  108.   -v enables verbose output from debugger
  109.   -version shows the build version
  110.   -vf enables default ApplicationVerifier settings
  111.   -vf:<opts> enables given ApplicationVerifier settings
  112.   -w specifies to debug 16 bit applications in a separate VDM
  113.   -wake <pid> wakes up a sleeping debugger and exits
  114.   -x sets second-chance break on AV exceptions
  115.   -x{e|d|n|i} <event> sets the break status for the specified event
  116.   -y <SymbolsPath> specifies the symbol search path (see _NT_SYMBOL_PATH)
  117.   -z <CrashDmpFile> specifies the name of a crash dump file to debug
  118.   -zp <CrashPageFile> specifies the name of a page.dmp file to use with a
  119.                       crash dump

  120. Environment Variables:

  121.     _NT_SYMBOL_PATH=[Drive:][Path]
  122.         Specify symbol image path.

  123.     _NT_ALT_SYMBOL_PATH=[Drive:][Path]
  124.         Specify an alternate symbol image path.

  125.     _NT_DEBUGGER_EXTENSION_PATH=[Drive:][Path]
  126.         Specify a path which should be searched first for extensions dlls

  127.     _NT_EXECUTABLE_IMAGE_PATH=[Drive:][Path]
  128.         Specify executable image path.

  129.     _NT_SOURCE_PATH=[Drive:][Path]
  130.         Specify source file path.

  131.     _NT_DEBUG_LOG_FILE_OPEN=filename
  132.         If specified, all output will be written to this file from offset 0.

  133.     _NT_DEBUG_LOG_FILE_APPEND=filename
  134.         If specified, all output will be APPENDed to this file.

  135.     _NT_DEBUG_HISTORY_SIZE=size
  136.         Specifies the size of a server's output history in kilobytes

  137. Control Keys:

  138.      <Ctrl-B><Enter> Quit debugger
  139.      <Ctrl-C>        Break into Target
  140.      <Ctrl-F><Enter> Force a break into debuggee (same as Ctrl-C)
  141.      <Ctrl-\><Enter> Debug Current debugger
  142.      <Ctrl-V><Enter> Toggle Verbose mode
  143.      <Ctrl-W><Enter> Print version information
复制代码

(2)ntsd命令的示例
  1. C:\Users\86137>tasklist |findstr notepad
  2. notepad++.exe                18400 Console                   10     26,120 K

  3. C:\Users\86137>ntsd -c q -p 18400
复制代码

ntsd命令下载链接
ntsd.zip (92.23 KB, 下载次数: 0)
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回列表 返回顶部