调试平台: target machine: win7 32 bit remote machine: win 7 64 bit 其他平台应该基本相同。 1.开启debug选项 调试机需要开启debug 选项支持debug。设置完毕后重启生效(等会儿还要重启,这里可以先等一下) bcdedit /debug on bcdedit的更多用法,点这里。设置会默认占用串口,在device manager中被占用的串口不可见(为什么捏?AR)。 2.配置windbg串口 串口线连接好两台机器,在远端机器打开windbg。File->Kernel debug..打开kernel debugging窗口。 点OK连接。需要重新启动debug机器,才能成功连接。(重启了,赶紧收衣服啊) 3. windbg基本设置 在windbg命令窗口,输入信息可能是这样的: Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Opened //./com2 Waiting to reconnect... Connected to Windows 7 7601 x86 compatible target at (Thu Apr 14 16:11:43.083 2011 (UTC + 8:00)), ptr64 FALSE Kernel Debugger connection established. Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y <symbol_path> argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe - 如果找不到symbol file,需要设置File -> symbol file path.. 或者在命令行键入: .sympath SRV*f:/localsymbols*http://msdl.microsoft.com/download/symbols 想了解具体更多,可以点击这里。 推荐第一种。可以保存起来。这时候应该可以开始调试啦..(Hopefully..)4. 调试方法和常用命令进入windbg以后,状态是BUSY。windows正在飞奔中... 需要调试windows kernel, 需要先break (ctrl+break) windbg。break以后,命令行输入可用了。这个时候windows就‘挂’在那里啦。
