Windbg command Overview (below)-extended command

Extension command is used to debug specific debugging targets. Standard Commands and meta commands are built in windbgProgramDifferent files, the extension command is implemented in the Dynamically Loaded extension module (DLL.

 

With the windbg SDK, you can write extension modules and extension commands by yourself. The windbg package contains common extension command modules, which are stored in the following subdirectories.

• Nt4chk: the extended command module used when the debugging target is Windows NT 4.0 checked.
• Nt4fre: the extended command module used when the debugging target is Windows NT 4.0 free.
• W2kchk: the extended command module used when the debugging target is Windows 2000 checked.
• W2kfre: the extended command module used when the debugging target is Windows 2000 free.
• WINXP: the extended command module used when the debugging target is Windows XP or later.
• Winext: Extended command modules for all Windows versions.

Expansion module	Path	Description
Ext. dll	Winext	Common extension commands for various debugging targets
Kext. dll	Winext	Common extension commands for kernel-mode debugging
Uext. dll	Winext	Common extension commands for user-mode debugging
Logexts. dll	Winext	Used to monitor and record API calls (Windows API logging extensions)
SOS. dll	Winext	Debugging hostingCodeAnd. net programs
KS. dll	Winext	Used to debug the kernel stream)
Wdfkd. dll	Winext	Debug the driver program compiled using WDF (Windows Driver Foundation)
Acpikd. dll	WINXP	Used for ACPI debugging, tracing the process of calling the ASL program, and displaying ACPI objects
Exts. dll	WINXP	About heap (! Heap), process/thread structure (! TEB /! Peb), Security Information (! Token ,! Sid ,! ACL) and application verification (! Avrf) and other extended commands
Kdexts. dll	WINXP	Contains a large number of extended commands for kernel debugging
Fltkd. dll	WINXP	Fsfilter)
Minipkd. dll	WINXP	Used to debug the aic78xx miniport driver
Ndiskd. dll	WINXP	Used to debug network-related drivers
Ntsdexts. dll	WINXP	Implemented! Handle ,! Locks ,! DP ,! Dreg (display registry) and other commands
Rpcexts. dll	WINXP	Used for RPC debugging
Scsikd. dll	WINXP	Used to debug SCSI-related drivers
Traceprt. dll	WINXP	Used to format ETW Information
Vdmexts. dll	WINXP	Debug the DOS program and wow program running in vdm
Wow64exts. dll	WINXP	Debug a 32-bit program running in a 64-bit Windows System
Wmitrace. dll	WINXP	Displays WMI trace-related data structures, buffers, and log files

 

Execute the extension command. It should be an exclamation point (! The exclamation point is called Bang in English, so the extension name bang command. The complete format for executing the extension command is:

! [Extension module name]. <extension command name> [parameter]

 

The extension module name can be omitted. If omitted, windbg will automatically search for the specified command in the attached extension module.

 

Because the extension command is implemented in the Dynamically Loaded extension module (DLL), the corresponding extension module needs to be loaded during execution. when the debugging target is activated (debuggee activation), windbg automatically loads the specified extension modules in the Command space according to the type of the debugging target and the current workspace. you can also manually load the extension module using the following method.

• Use the. Load command with the extension module name or completion path to load it. If no path is specified, windbg will search for this file in the extension module search path (extpath.
• Use. add the extension module name and the name of a loaded program module to the loadby command. in this case, windbg searches for and loads the extended command module in the directory where the specified program module File is located. for example, you can use. the loadby SOS mscorwks command allows windbg to load the SOS extension module in the directory where the mscorwks module is located. This ensures that the correct version of the SOS module is loaded.

When "! If the specified extension module has not been loaded, windbg will automatically search for and load the extension command.

 

Use. the chain command can be used to list all the currently loaded extension modules. unload and. the unloadall command can uninstall specified or all extension modules. most extension modules support the HELP command to display the basic information of this module and all the commands contained, such as execution! Ext. Help displays all the extended commands in the ext module.

 

From <software debugging>-Zhang yinkui