ntsd (ת)-Home of moonchild-Ѻ ¼|ע뿪| |  ģӮʱд 
loading...
Ժ...
Home of moonchild ־  Ƶ   Home of moonchildҳ 
Ѻ > Home of moonchild > ־ >  &laquo; һƪ | һƪ &raquo;2009-02-25 | ntsd (ת)  ǩ 
ntsd    debugger  server  symbol  ntsdWindows 
2000ʼϵͳԴĽ̵Թ,system32Ŀ¼¡NTSDĹܷǳǿ,÷ҲȽϸ,ֻһЩ,ǾͱȽϼˡWindowsֻSystemSMSS.EXECSRSS.EXEɱǰǴں̬ģǸWin32ϵͳntsdҪlsass.exeҲҪɱǸ𱾵˻ȫġŵĽ̻һ˳Կֹ̡
cmd ͿԽ̣
һý̵PID
ʽntsd -c q -p pid 
 ntsd -c q -p 1332 explorer.exẹ
⣺explorer.exepidΪ1332λȡ̵pidأCMDTASKLISTͿԻȡǰн̵PIDߴڲ˵ѡ񡰲鿴ѡСڴ򿪵ѡнPIḎʶѡϣĽоͻPIDһˡPIDķ䲢̶ڽϵͳģԽÿĽһ㶼һ
ý
ʽntsd -c q -pn ***.exe ***.exe Ϊ,exeʡ
ntsd -c q -pn explorer.exe
̵ܽDOStaskkilltskill
ʽ taskkill /pid 1234 /f  ҲԴﵽͬЧ
Щ֪滹У
ntsd
һЩߵȼĽ,tskilltaskkill޷,ôǻһǿĹ,Ǿϵͳdebugntsd.׼ȷ˵,ntsdһϵͳԹ,ֻṩϵͳĹԱʹ,Ƕɱ̻Ǻˬ.ϳWINDOWSϵͳԼĹ,ntsdɱNTSD 
ԳʱҪûָһҪӵĽ̡ʹ TLIST  PVIEWERԻĳн̵Ľ IDȻ NTSD -p pid 
̡NTSD ʹµľ䷨
NTSD [options] imagefile
Уimagefile ҪԵӳơ
÷usage: ntsd [-?] [-2] [-d] [-g] [-G] [-myob] [-lines] [-n] [-o] [-s] [-v] 
[-w]
[-r BreakErrorLevel] [-t PrintErrorLevel]
[-hd] [-pd] [-pe] [-pt #] [-pv] [-x | -x{e|d|n|i} <event>]
[-- | -p pid | -pn name | command-line | -z CrashDmpFile]
[-zp CrashPageFile] [-premote transport] [-robp]
[-aDllName] [-c "command"] [-i ImagePath] [-y SymbolsPath]
[-clines #] [-srcpath SourcePath] [-QR \\machine] [-wake ]
[-remote transport:server=name,portid] [-server transport:portid]
[-ses] [-sfce] [-sicv] [-snul] [-noio] [-failinc] [-noshell] 
where: -? displays this help text
command-line is the command to run under the debugger
-- is the same as -G -g -o -p -1 -d -pd
-aDllName sets the default extension DLL
-c executes the following debugger command
-clines number of lines of output history retrieved by a remote client
-failinc causes incomplete symbol and module loads to fail
-d sends all debugger output to kernel debugger via DbgPrint
-d cannot be used with debugger remoting
-d can only be used when the kernel debugger is enabled
-g ignores initial breakpoint in debuggee
-G ignores final breakpoint at process termination
-hd specifies that the debug heap should not be used
for created processes. This only works on Windows Whistler.
-o debugs all processes launched by debuggee
-p pid specifies the decimal process Id to attach to
-pd specifies that the debugger should automatically detach
-pe specifies that any attach should be to an existing debug port
-pn name specifies the name of the process to attach to
-pt # specifies the interrupt timeout
-pv specifies that any attach should be noninvasive
-r specifies the (0-3) error level to break on (SeeSetErrorLevel)
-robp allows breakpoints to be set in read-only memory
-t specifies the (0-3) error level to display (SeeSetErrorLevel)
-w specifies to debug 16 bit applications in a separate VDM
-x sets second-chance break on AV exceptions
-x{e|d|n|i} <event> sets the break status for the specified event
-2 creates a separate console window for debuggee
-i ImagePath specifies the location of the executables that generated
the fault (see _NT_EXECUTABLE_IMAGE_PATH)
-lines requests that line number information be used if present
-myob ignores version mismatches in DBGHELP.DLL
-n enables verbose output from symbol handler
-noio disables all I/O for dedicated remoting servers
-noshell disables the .shell (!!) command
-QR <\\machine> queries for remote servers
-s disables lazy symbol loading
-ses enables strict symbol loading
-sfce fails critical errors encountered during file searching
-sicv ignores the CV record when symbol loading
-snul disables automatic symbol loading for unqualified names
-srcpath <SourcePath> specifies the source search path
-v enables verbose output from debugger
-wake wakes up a sleeping debugger and exits
-y <SymbolsPath> specifies the symbol search path (see _NT_SYMBOL_PATH)
-z <CrashDmpFile> specifies the name of a crash dump file to debug
-zp <CrashPageFile> specifies the name of a page.dmp file
to use with a crash dump
-remote lets you connect to a debugger session started with -server
must be the first argument if present
transport: tcp | npipe | ssl | spipe | 1394 | com
name: machine name on which the debug server was created
portid: id of the port the debugger server was created on
for tcp use: port=<socket port #>
for npipe use: pipe=<name of pipe>
for 1394 use: channel=<channel #>
for com use: port=<COM port>,baud=<baud rate>,
channel=<channel #>
for ssl and spipe see the documentation
example: ... -remote npipe:server=yourmachine,pipe=foobar
-server creates a debugger session other people can connect to
must be the first argument if present
transport: tcp | npipe | ssl | spipe | 1394 | com
portid: id of the port remote users can connect to
for tcp use: port=<socket port #>
for npipe use: pipe=<name of pipe>
for 1394 use: channel=<channel #>
for com use: port=<COM port>,baud=<baud rate>,
channel=<channel #>
for ssl and spipe see the documentation
example: ... -server npipe:pipe=foobar
-premote transport specifies the process server to connect to
transport arguments are given as with remoting 
Environment Variables: 
_NT_SYMBOL_PATH=[Drive:][Path]
Specify symbol image path. 
_NT_ALT_SYMBOL_PATH=[Drive:][Path]
Specify an alternate symbol image path. 
_NT_DEBUGGER_EXTENSION_PATH=[Drive:][Path]
Specify a path which should be searched first for extensions dlls 
_NT_EXECUTABLE_IMAGE_PATH=[Drive:][Path]
Specify executable image path. 
_NT_SOURCE_PATH=[Drive:][Path]
Specify source file path. 
_NT_DEBUG_LOG_FILE_OPEN=filename
If specified, all output will be written to this file from offset 0. 
_NT_DEBUG_LOG_FILE_APPEND=filename
If specified, all output will be APPENDed to this file. 
_NT_DEBUG_HISTORY_SIZE=size
Specifies the size of a server's output history in kilobytes 
Control Keys: 
<Ctrl-B><Enter> Quit debugger
<Ctrl-C> Break into Target
<Ctrl-F><Enter> Force a break into debuggee (same as Ctrl-C)
<Ctrl-P><Enter> Debug Current debugger
<Ctrl-V><Enter> Toggle Verbose mode
<Ctrl-W><Enter> Print version information
ntsd: exiting - press enter --- 
ѡoption
-2һڵַģʽӦó´
-dض򵽵ն-g ʹִԶͨһϵ
-Gʹ NTSD ӳֹʱ˳oö̵ĵԣĬֵΪɵԳһ
-pָɽ ID ʶĽ
-vϸ
磬 inetinfo.exe Ľ ID Ϊ 104NTSD -p 104 NTSD Գӵ inetinfo  
(IIS)Ҳʹ NTSD һ½еԡ磬NTSD notepad.exe һµ notepad.exe 
̣ӡһӵĳ̣Ϳø鿴ջöϵ㡢תڴ棬ȵȡ
~ʾ̵߳һбKB ʾǰ̵߳Ķջ켣~*KBʾ̵߳Ķջ켣Rʾǰ
֡ļĴU벢ʾƫD[type][< 
range>]תڴBPöϵBC[]һϵBD[]һϵBE[< bp>]һϵBL[]гһϵ㡣
,һǳҪĲ-v,ǿͨһҽЩӿļкܶಡ,ľ,߶,ϲԼɶ̬,Ȼעᵽϵͳļؿб,ﵽԼĿ.
Ҫһntsdض,ضһıļ,Ƿо.
c:\>set _NT_DEBUG_LOG_FILE_APPEND=c:\pdw.txt
ע,Ȼض,ǵȻʾĻ,һ뵽debugģʽ,ʹ-c q,ͿԱ.
c:\>ntsd -c q -v notepad.exe
ǵpdw.txtļ,ͿԿnotepad.exeļĵϢ.
֪,ntsdֹǺܺúǿ,һЩtaskkill޷ֹ(Student.exeһľ)ntsdֹ 
  |   (0) |  Ķ (2)  |  ̶ |   () |   09:04 
ʾ̶ӡΪʾƪµĹ̶ӣл
ӵַhttp://sunrongbin.blog.sohu.com/110986888.html ƴ˵ַ

     һʱɳôѺܰʾ販թƭ Ѻ͹ԱȷַΪhttp://admin.blog.sohu.com 
ðơѺ͹ٷҪμӻĸλѽκεáԡенϢҪİ绰İʻƭʶƭ 
鿴顣
  δ¼ֻۡ ¼ 󷢱
       
      ʡ:
      վ:
        סң´ظʱϢ
       μйӮ50 
      :
      :   ط

      ظ֪ͨ:ͬʱСֽ֪ͨԷûظ

         


ͷ԰ | ͷ | ͷ | 24Сʱͷ:010-58511234(˹8:00-24:00) | ߿ͷ | ٱϢ 
Copyright &copy; 2009 Sohu.com Inc. All rights reserved. Ѻ˾ Ȩ 

  >