Home > Cloud Computing > Cloud Security

About wt life in windbg

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Riusksks blog

Today in the high-end debugging Forum saw someone asked: Open the word program is very slow, how to debug (http://advdbg.com/forums/4096/ShowPost.aspx ). Zhang yinkui, a legendary debugging expert, replied:

"Append the debugger (WinDBG) to the Explorer process and set a breakpoint for the process function to be created:
Bp kernel32! CreateProcessInternalW
Start Word. After the breakpoint hits, execute the wt command to automatically track and view the statistical report ..."

I think this is a good method. Mark it and it may be useful in the future.

The purpose of the wt (Watch and Trace data) command is to view and track the entire execution process of a function from the entry to the return, and provide detailed statistics. We can first set a breakpoint on the function through the bp command, locate the function entry, and then execute wt to view the statistics. Next, we will use windbg notepad.exe as an example to perform the following operations:

Wt has three common parameters:

-L Depth (User mode only)Specifies the maximum call depth to be displayed. Any depth greaterDepthWill be executed in the background.
-M Module (User mode only)Only the first-level calls of the specified module and module are displayed. Can contain multiple-MTo display the code of multiple modules without displaying any other modules.
-I Module (User mode only)Ignores any code in the specified module. Can contain multiple-ITo ignore the code of multiple modules. If-MOption, the debugger ignores all-I.

For example, if the command wt-l0 with a call depth of 0 is displayed, the output result is as follows:

0: 000> wt-l0
Tracing ntdll! ZwQueryInformationProcess to return address 77ca338c
4 0 [0] ntdll! NtQueryInformationProcess

4 instructions were executed in 3 events (0 from other threads)

Function Name Invocations MinInst MaxInst AvgInst
Ntdll! NtQueryInformationProcess 1 4 4 4

0 system callwere executed

Eax = 00000000 ebx = 00000001 ecx = 0009f680 edx = 77c86544 esi = 003c0ea8 edi = 0009f7cc
Eip = 77ca338c esp = 0009f69c ebp = 0009f6a0 iopl = 0 nv up ei pl nz na po nc
Cs = 001b ss = 0023 ds = 0023 es = 0023 fs = 003b gs = 0000 efl = 00000202
Ntdll! RtlEncodePointer + 0x17:
77ca338c 85c0 test eax, eax

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More