windbg使用

记录一下windbg的使用。
1.字体
https://bbs.pediy.com/thread-190640.htm

2.!heap不能使用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
0:000> !heap
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_HEAP_ENTRY ***
*** ***
*************************************************************************
Invalid type information

解决

1
2
.symfix
.reload
1
2
3
4
5
6
0:000> !heap
Index Address Name Debugging options enabled
1: 00270000
2: 015e0000
3: 00010000
4: 00020000

3.没有符号文件
在windbg的窗口里输入

1
.sympath SRV*c:\localsymbols*http://msdl.microsoft.com/download/symbols