DEBUG – запустить стандартный отдачик MS DOS — Windows XP.
Debug.exe — программа-отладчик, разработанная для операционной системы MS DOS и используемая для отладки исполняемых файлов. Под более поздние версии операционных систем (Windows NT и старше) работает через эмулятор MS-DOS и имеет ограниченные возможности. До Windows XP включительно, отладчик debug.exe являлся стандартным компонентом системы.
Формат командной строки:
DEBUG [[диск:][путь]имя_файла [параметры_программы]]
Параметры командной строки:
[диск:][путь]имя_файла — путь и имя отлаживаемой программы.
параметры_программы — параметры командной строки для отлаживаемой программы.
debug /? — отобразить краткую справку по использованию.
debug C:\windows\system32\edit.com C:\boot.ini — запустить отладку текстового редактора edit.com , передав ему в качестве параметра командной строки путь и имя редактируемого файла.
debug — при запуске без параметров, отладчик переходит в интерактивный режим, ожидая ввода команд. Подсказку по используемым командам можно получить, введя знак вопроса — ? :
Краткая подсказка по использованию отладчика Debug:
| assemble | A [адрес] |
| compare | C диапазон адрес |
| dump | D [диапазон] |
| enter | E адрес [список] |
| fill | F диапазон список |
| go | G [=адрес] [адреса] |
| hex | H значение1 значение2 |
| input | I порт |
| load | L [адрес] [диск] [превый_сектор] [число] |
| move | M диапазон адрес |
| name | N [путь] [список_аргументов] |
| output | O порт байт |
| proceed | P [=адрес] [число] |
| quit | Q |
| register | R [регистр] |
| search | S диапазон список |
| trace | T [=адрес] [значение] |
| unassemble | U [диапазон] |
| write | W [адрес] [диск] [первый_сектор] [число] |
| выделение памяти EMS | XA [#число_страниц] |
| освобождение памяти EMS | XD [дескриптор] |
| сопоставление страниц EMS | XM [Lстраница] [Pстраница] [дескриптор] |
| вывод состояния памяти EMS | XS |
При небольших размерах исполняемого файла, отладчик обладал очень неплохими возможностями, позволяя не только выполнять отладку программ, но и просматривать содержимое памяти, в том числе BIOS материнской платы и плат расширения, выполнять операции ввода-вывода с доступом к регистрам устройств ( в среде MS DOS ), и например, позволял легко сохранить в файл и дизасемблировать главную загрузочную запись MBR.
Для выхода из отладчика используется клавиша q .
Using Debugger Commands
For KD or CDB, «Debugger Command window» refers to the whole window. You enter commands at the prompt at the bottom of the window. If the commands have any output, the window displays the output and then displays the prompt again.
For Visual Studio, «Debugger Command window» refers to a window that is labeled «Debugger Immediate Window» in the title bar. This window has two panes:
In the small, bottom pane, you enter commands.
In the large, upper pane, you view command output.
For WinDbg, «Debugger Command window» refers to the window that is labeled «Command» in the title bar. This window contains two panes:
In the small, bottom pane, you enter commands.
In the large, upper pane, you view command output.
This window is always open at the beginning of a debugging session. You can reopen or switch to this window by selecting Command on the View menu, pressing ALT+1, or selecting the Command (Alt+1) button (
) on the toolbar.
You can use the UP ARROW and DOWN ARROW keys to scroll through the command history. When a previous command appears, you can edit it and then press ENTER to execute the previous command (or the edited version of the previous command). The cursor does not have to be at the end of the line for this procedure to work correctly.
Debugger Command Window Prompt
When you are performing user-mode debugging, the prompt in the Debugger Command window looks like the following example.
In the preceding example, 2 is the current process number, and 005 is the current thread number.
If you attach the debugger to more than one computer, the system number is included before the process and thread number, as in the following example.
In this example, 3 is the current system number, 2 is the current process number, and 005 is the current thread number.
When you are performing kernel-mode debugging on a target computer that has only one processor, the prompt looks like the following example.
However, if the target computer has multiple processors, the number of the current processor appears before the prompt, as in the following example.
If the debugger is busy processing a previously issued command, new commands will temporarily not be processed, although they can be added to the command buffer. In addition, you can still use control keys in KD and CDB, and you can still use menu commands and shortcut keys in WinDbg. When KD or CDB is in this busy state, no prompt is displayed. When WinDbg is in this busy state, the following indicator will appear in place of the prompt:
You can use the .pcmd (Set Prompt Command) command to add text to this prompt.
Kinds of Commands
WinDbg, KD, and CDB support a variety of commands. Some commands are shared between the debuggers, and some are available only on one or two of the debuggers.
Some commands are available only in live debugging, and other commands are available only when you debug a dump file.
Some commands are available only during user-mode debugging, and other commands are available only during kernel-mode debugging.
Some commands are available only when the target is running on certain processors. For more information about all of the commands and their restrictions, see Debugger Commands.
Editing, Repeating, and Canceling Commands
You can use standard editing keys when you enter a command:
Use the UP ARROW and DOWN ARROW keys to find previous commands.
Edit the current command with the BACKSPACE, DELETE, INSERT, and LEFT ARROW and RIGHT ARROW keys.
Press the ESC key to clear the current line.
You can press the TAB key to automatically complete your text entry. In any of the debuggers, press the TAB key after you enter at least one character to automatically complete a command. Press the TAB key repeatedly to cycle through text completion options, and hold down the SHIFT key and press TAB to cycle backward. You can also use wildcard characters in the text and press TAB to expand to the full set of text completion options. For example, if you type fo*!ba and then press TAB, the debugger expands to the set of all symbols that start with «ba», in all modules with module names that start with «fo». As another example, you can complete all extension commands that have «prcb» in them by typing !*prcb and then pressing TAB.
When you use the TAB key to perform text completion, if your text fragment begins with a period (.), the text is matched to a dot command. If your text fragment begins with an exclamation point (!), the text is matched to an extension command. Otherwise, the text is matched with a symbol. When you usee the TAB key to enter symbols, pressing the TAB key completes code and type symbols and module names. If no module name is apparent, local symbols and module names are completed. If a module or module pattern is given, symbol completion completes code and type symbols from all matches.
You can select and hold (or right-click) in the Debugger Command window to automatically paste the contents of the clipboard into the command that you are typing.
The maximum command length is 4096 characters. However, if you are controlling the user-mode debugger from the kernel debugger, the maximum line length is 512 characters.
In CDB and KD, press the ENTER key by itself to repeat the previous command. In WinDbg, you can enable or disable this behavior. For more information about this behavior, see ENTER (Repeat Last Command).
If the last command that you issued presents a long display and you want to cut it off, use the CTRL+C key in CDB or KD. In WinDbg, use Debug | Break or press CTRL+BREAK.
In kernel-mode debugging, you can cancel commands from the keyboard of the target computer by pressing CTRL+C.
You can use the .cls (Clear Screen) command to clear all of the text from the Debugger Command window. This command clears the whole command history. In WinDbg, you can clear the command history by using the Edit | Clear Command Output command or by selecting Clear command output on the shortcut menu of the Debugger Command window.
Expression Syntax
Many commands and extension commands accept expressions as their arguments. The debugger evaluates these expressions before executing the command. For more information about expressions, see Evaluating Expressions.
Aliases
Aliases are text macros that you can use to avoid having to retype complex phrases. There are two kinds of aliases. For more information about aliases, see Using Aliases.
Self-Repeating Commands
You can use the following commands to repeat an action or conditionally execute other commands:
KD Command-Line Options
First-time users of KD should begin with the Debugging Using KD and NTKD section.
The KD command line uses the following syntax.
Descriptions of the KD command-line options follow. Only the -remote and -server options are case-sensitive. The initial hyphen can be replaced with a forward-slash (/). Options which do not take any additional parameters can be concatenated — so kd -r -n -v can be written as kd -rnv.
If the -remote or -server option is used, it must appear before any other options on the command line.
Parameters
-server ServerTransport
Creates a debugging server that can be accessed by other debuggers. For an explanation of the possible ServerTransport, see Activating a Debugging Server. When this parameter is used, it must be the first parameters on the command line.
-remote ClientTransport
Creates a debugging client, and connects to a debugging server that is already running. For an explanation of the possible ClientTransport values, see Activating a Debugging Client. When this parameter is used, it must be the first parameters on the command line.
-a Extension
Sets the default extension DLL. The default is kdextx86.dll or kdexts.dll. There must be no space after the «a», and the .dll file name extension must not be included. For details, and other methods of setting this default, see Loading Debugger Extension DLLs.
-b
This option no longer supported.
-bonc
If this option is specified, the debugger will break into the target as soon as the session begins. This is especially useful when connecting to a debugging server that might not be currently broken into the target.
-cfr «filename«
Specifies the path and name of a script file. This script file is executed as soon as the debugger is started, and any time the target is restarted. If filename contains spaces it must be enclosed in quotation marks. If the path is omitted, the current directory is assumed. If the file does not exist, no error occurs. For details, see Using Script Files.
-clines lines
Sets the approximate number of commands in the command history which can be accessed during remote debugging. For details, and for other ways to change this number, see Using Debugger Commands.
-d
After a reboot, the debugger will break into the target computer as soon as a kernel module is loaded. (This break is earlier than the break from the -b option.) See Crashing and Rebooting the Target Computer for details and for other methods of changing this status.
-ee <masm|c++>
Sets the default expression evaluator. If masm is specified, MASM expression syntax will be used. If c++ is specified, C++ expression syntax will be used. If the -ee option is omitted, MASM expression syntax is used as the default. See Evaluating Expressions for details.
-failinc
Causes the debugger to ignore any questionable symbols. When debugging a user-mode or kernel-mode minidump file, this option will also prevent the debugger from loading any modules whose images can’t be mapped. For details and for other methods of controlling this, see SYMOPT_EXACT_SYMBOLS.
-i ImagePath
Specifies the location of the executables that generated the fault. If the path contains spaces, it should be enclosed in quotation marks.
-iu KeyString
Registers debugger remoting as an URL type so that users can auto-launch a debugger remote client with an URL. KeyString has the format remdbgeng://RemotingOption . RemotingOption is a string that defines the transport protocol as defined in the topic Activating a Debugging Client. If this action succeeds, no message is displayed; if it fails, an error message is displayed.
The -iu parameter must not be used with any other parameters. This command will not actually start KD.
-k ConnectType
Tells the debugger how to connect to the target. For details, see Debugging Using KD and NTKD.
-kl
Starts a kernel debugging session on the same machine as the debugger.
-kqm
Starts KD in quiet mode.
-kx ExdiOptions
Starts a kernel debugging session using an EXDI driver. EXDI drivers are not described in this documentation. If you have an EXDI interface to your hardware probe or hardware simulator, please contact Microsoft for debugging information.
-lines
Enables source line debugging. If this option is omitted, the .lines (Toggle Source Line Support) command will have to be used before source debugging will be allowed. For other methods of controlling this, see SYMOPT_LOAD_LINES.
-log<a|au|o|ou> LogFile
Begins logging information to a log file. If LogFile already exists, it will be overwritten if -logo is used, or output will be appended to the file if -loga is used. The -logau and -logou options operate similar to -loga and -logo respectively, except that the log file is a Unicode file. For more details, see Keeping a Log File in KD.
-m
Indicates that the serial port is connected to a modem. Instructs the debugger to watch for the carrier-detect signal.
-myob
If there is a version mismatch with dbghelp.dll, the debugger will continue to run. (Without the -myob switch, this is considered a fatal error.)
A secondary effect of this option is that the warning that normally appears when breaking into the target computer is suppressed.
-n
Noisy symbol load: Enables verbose output from symbol handler. For details and for other methods of controlling this, see SYMOPT_DEBUG.
-noio
Prevents the debugging server from being used for input or output. Input will only be accepted from the debugging client (plus any initial command or command script specified by the -c command-line option).
All output will be directed to the debugging client. For more details, see Activating a Debugging Server.
-noshell
Prohibits all .shell commands. This prohibition will last as long as the debugger is running, even if a new debugging session is begun. For details, and for other ways to disable shell commands, see Using Shell Commands.
-QR Server
Lists all debugging servers running on the specified network server. The double backslash (\\) preceding Server is optional. See Searching for Debugging Servers for details.
The -QR parameter must not be used with any other parameters. This command will not actually start KD.
-r
Displays registers.
-s
Disables lazy symbol loading. This will slow down process startup. For details and for other methods of controlling this, see SYMOPT_DEFERRED_LOADS.
-sdce
Causes the debugger to display File access error dialog boxes during symbol load. For details and for other methods of controlling this, see SYMOPT_FAIL_CRITICAL_ERRORS.
-secure
Activates Secure Mode.
-ses
Causes the debugger to perform a strict evaluation of all symbol files and ignore any questionable symbols. For details and for other methods of controlling this, see SYMOPT_EXACT_SYMBOLS.
-sflags 0xNumber
Sets all the symbol handler options at once. Number should be a hexadecimal number prefixed with 0x — a decimal without the 0x is permitted, but the symbol options are binary flags and therefore hexadecimal is recommended. This option should be used with care, since it will override all the symbol handler defaults. For details, see Setting Symbol Options.
-sicv
Causes the symbol handler to ignore the CV record. For details and for other methods of controlling this, see SYMOPT_IGNORE_CVREC.
-sins
Causes the debugger to ignore the symbol path and executable image path environment variables. For details, see SYMOPT_IGNORE_NT_SYMPATH.
-snc
Causes the debugger to turn off C++ translation. For details and for other methods of controlling this, see SYMOPT_NO_CPP.
-snul
Disables automatic symbol loading for unqualified names. For details and for other methods of controlling this, see SYMOPT_NO_UNQUALIFIED_LOADS.
-srcpath SourcePath
Specifies the source file search path. Separate multiple paths with a semicolon (;). If the path contains spaces, it should be enclosed in quotation marks. For details, and for other ways to change this path, see Source Path.
-sup
Causes the symbol handler to search the public symbol table during every symbol search. For details and for other methods of controlling this, see SYMOPT_AUTO_PUBLICS.
-t PrintErrorLevel
Specifies the error level that will cause the debugger to display an error message. This is a decimal number equal to 0, 1, 2, or 3. The values are described as follows:
