Extension command is used to debug specific debugging targets. Standard Commands and meta commands are built in windbgProgramDifferent files, the extension command is implemented in the Dynamically Loaded extension module (DLL.
With the windbg SDK, you can write extension modules and extension commands by yourself. The windbg package contains common extension command modules, which are stored in the following subdirectories.
- Nt4chk: the extended command module used when the debugging target is Windows NT 4.0 checked.
- Nt4fre: the extended command module used when the debugging target is Windows NT 4.0 free.
- W2kchk: the extended command module used when the debugging target is Windows 2000 checked.
- W2kfre: the extended command module used when the debugging target is Windows 2000 free.
- WINXP: the extended command module used when the debugging target is Windows XP or later.
- Winext: Extended command modules for all Windows versions.
Expansion module |
Path |
Description |
Ext. dll |
Winext |
Common extension commands for various debugging targets |
Kext. dll |
Winext |
Common extension commands for kernel-mode debugging |
Uext. dll |
Winext |
Common extension commands for user-mode debugging |
Logexts. dll |
Winext |
Used to monitor and record API calls (Windows API logging extensions) |
SOS. dll |
Winext |
Debugging hostingCodeAnd. net programs |
KS. dll |
Winext |
Used to debug the kernel stream) |
Wdfkd. dll |
Winext |
Debug the driver program compiled using WDF (Windows Driver Foundation) |
Acpikd. dll |
WINXP |
Used for ACPI debugging, tracing the process of calling the ASL program, and displaying ACPI objects |
Exts. dll |
WINXP |
About heap (! Heap), process/thread structure (! TEB /! Peb), Security Information (! Token ,! Sid ,! ACL) and application verification (! Avrf) and other extended commands |
Kdexts. dll |
WINXP |
Contains a large number of extended commands for kernel debugging |
Fltkd. dll |
WINXP |
Fsfilter) |
Minipkd. dll |
WINXP |
Used to debug the aic78xx miniport driver |
Ndiskd. dll |
WINXP |
Used to debug network-related drivers |
Ntsdexts. dll |
WINXP |
Implemented! Handle ,! Locks ,! DP ,! Dreg (display registry) and other commands |
Rpcexts. dll |
WINXP |
Used for RPC debugging |
Scsikd. dll |
WINXP |
Used to debug SCSI-related drivers |
Traceprt. dll |
WINXP |
Used to format ETW Information |
Vdmexts. dll |
WINXP |
Debug the DOS program and wow program running in vdm |
Wow64exts. dll |
WINXP |
Debug a 32-bit program running in a 64-bit Windows System |
Wmitrace. dll |
WINXP |
Displays WMI trace-related data structures, buffers, and log files |
Execute the extension command. It should be an exclamation point (! The exclamation point is called Bang in English, so the extension name bang command. The complete format for executing the extension command is:
! [Extension module name]. <extension command name> [parameter]
The extension module name can be omitted. If omitted, windbg will automatically search for the specified command in the attached extension module.
Because the extension command is implemented in the Dynamically Loaded extension module (DLL), the corresponding extension module needs to be loaded during execution. when the debugging target is activated (debuggee activation), windbg automatically loads the specified extension modules in the Command space according to the type of the debugging target and the current workspace. you can also manually load the extension module using the following method.
- Use the. Load command with the extension module name or completion path to load it. If no path is specified, windbg will search for this file in the extension module search path (extpath.
- Use. add the extension module name and the name of a loaded program module to the loadby command. in this case, windbg searches for and loads the extended command module in the directory where the specified program module File is located. for example, you can use. the loadby SOS mscorwks command allows windbg to load the SOS extension module in the directory where the mscorwks module is located. This ensures that the correct version of the SOS module is loaded.
When "! If the specified extension module has not been loaded, windbg will automatically search for and load the extension command.
Use. the chain command can be used to list all the currently loaded extension modules. unload and. the unloadall command can uninstall specified or all extension modules. most extension modules support the HELP command to display the basic information of this module and all the commands contained, such as execution! Ext. Help displays all the extended commands in the ext module.
From <software debugging>-Zhang yinkui