[drive:][path]filename Specifies the file you want to test.
testfile-parameters Specifies command-line information required by the file you want to test.
After Debug starts, type ? to display a list of debugging commands.
To get out of Debug you need to "Q" and enter
To execute the Debug routine you need to do "G" and enter
Examples
debug
-D40:00
Information about your computer ports would be displayed
-Q
===================================================
Windows Debug Command
by Dustin Cogburn
This is a tutorial about windows Debug command. This tutorial is made by dustin cogburn and is based off what i have learned about the debug command. This tutorial is for Windows XP home
Ok, we will start by making a hello world display in your ram.
1. go to start/run/cmd 2. type debug and hit enter 3.Type the following and hit enter after EVERY line -E 0100 BE 0D 01 B4 0E B1 0C AC CD 10 E2 FB C3 48 65 6C -E 0110 6C 6F 20 57 6F 72 6C 64 21 -g
*note do not type the little - also when you hit g and enter it should execute "hello world"
by typing "g" you execute the program.
it should look similar to the following ------------------------------------------------------- Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\dustin cogburn>debug -E 0100 BE 0D 01 B4 0E B1 0C AC CD 10 E2 FB C3 48 65 6C -E 0110 6C 6F 20 57 6F 72 6C 64 21 -g Hello World! Program terminated normally -
------------------------------------------------------ now i will teach you how to make fire! at debug type these lines as follows E 0100 B0 13 CD 10 33 C0 BF B0 01 B9 00 7D F3 AB BA C8 E 0110 03 EE 42 FE C9 80 FB 3C 73 05 80 C3 04 EB 08 80 E 0120 FF 3C 73 03 80 C7 04 8A C3 EE 8A C7 EE 32 C0 EE E 0130 E2 E3 B1 C8 81 06 AC 01 E9 62 80 06 AC 01 62 81 E 0140 16 AE 01 19 36 A1 AE 01 33 D2 BB 40 01 F7 F3 8B E 0150 F2 FE 8C 70 7D E2 DD BE F1 02 BF B1 7E B1 62 BA E 0160 3E 01 8A 9C C0 FE 8A 44 FF 03 D8 8A 44 01 03 D8 E 0170 8A 84 40 01 03 D8 C1 EB 02 88 1D 46 47 4A 75 E2 E 0180 46 46 47 47 E2 D9 BE B2 7E BF B2 01 B9 7E 3E 51 E 0190 57 F3 A5 5E 68 00 A0 07 BF 02 7D 59 F3 A5 1E 07 E 01A0 B4 01 CD 16 74 8C B8 03 00 CD 10 C3 g ----------------------------- it should display fire! neat huh. now we will learn to do somthing using ASM code. type as follows: n c:\flasher.com a 100 mov ax,0013 int 10 mov ax,a000 mov ds,ax mov ax,0 mov bx,0 mov [bx],ax call 129 inc bx cmp bx,fa00 jnz 110 inc ax cmp ax,ff jnz 10d mov ax,3 int 10 int 20 push cx mov cx,ff dec cx jnz 12d pop cx ret
rcx 32 w q ------------------- now go to your C:\ and open up flasher.com -------------- credits go out to c_programming_guru on an undisclosed chat client for teaching me this. thanks.
===================================================
Attach the WinDbg debugger to a service after the service starts
This method is similar to the method that you can use to attach a debugger to a process and then debug a process.
Use the process ID of the process that hosts the service that you want to debug
1. To determine the process ID (PID) of the process that hosts the service that you want to debug, use one of the following methods.
•
Method 1: Use the Task Manager
a. Right-click the taskbar, and then click Task Manager. The Windows Task Manager dialog box appears.
b. Click the Processes tab of the Windows Task Manager dialog box.
c. Under Image Name, click the image name of the process that hosts the service that you want to debug. Note the process ID of this process as specified by the value of the corresponding PID field.
•
Method 2: Use the Task List Utility (tlist.exe)
a. Click Start, and then click Run. The Run dialog box appears.
b. In the Open box, type cmd, and then click OK.
c. At the command prompt, change the directory path to reflect the location of the tlist.exe file on your computer.
Note The tlist.exe file is typically located in the following directory: C:\Program Files\Debugging Tools for Windows
d. At the command prompt, type tlist to list the image names and the process IDs of all processes that are currently running on your computer.
Note Make a note of the process ID of the process that hosts the service that you want to debug.
2. At a command prompt, change the directory path to reflect the location of the windbg.exe file on your computer.
Note If a command prompt is not open, follow steps a and b of Method 1. The windbg.exe file is typically located in the following directory: C:\Program Files\Debugging Tools for Windows.
3. At the command prompt, type windbg –p ProcessID /g to attach the WinDbg debugger to the process that hosts the service that you want to debug.
Note ProcessID is a placeholder for the process ID of the process that hosts the service that you want to debug.
Use the image name of the process that hosts the service that you want to debug
You can use this method only if there is exactly one running instance of the process that hosts the service that you want to run. To do this, follow these steps:
1. Click Start, and then click Run. The Run dialog box appears.
2. In the Open box, type cmd, and then click OK to open a command prompt.
3. At the command prompt, change the directory path to reflect the location of the windbg.exe file on your computer.
Note The windbg.exe file is typically located in the following directory: C:\Program Files\Debugging Tools for Windows.
4. At the command prompt, type windbg –pn ImageName /g to attach the WinDbg debugger to the process that hosts the service that you want to debug.
NoteImageName is a placeholder for the image name of the process that hosts the service that you want to debug. The "-pn" command-line option specifies that the ImageName command-line argument is the image name of a process.
Start the WinDbg debugger and attach to the process that hosts the service that you want to debug
1. Start Windows Explorer.
2. Locate the windbg.exe file on your computer.
Note The windbg.exe file is typically located in the following directory: C:\Program Files\Debugging Tools for Windows
3. Run the windbg.exe file together with the /g command-line switch to start the WinDbg debugger. The /g command-line switch allows the tracked process to continue after the break point is set.
4. On the File menu, click Attach to a Process to display the Attach to Process dialog box.
5. Click to select the node that corresponds to the process that hosts the service that you want to debug, and then click OK.
6. In the dialog box that appears, click Yes to save base workspace information. Notice that you can now debug the disassembled code of your service.
Back to the top
Configure a service to start with the WinDbg debugger attached
You can use this method to debug services if you want to troubleshoot service-startup-related problems.
1. Configure the "Image File Execution" options. To do this, use one of the following methods:
•
Method 1: Use the Global Flags Editor (gflags.exe)
a. Start Windows Explorer.
b. Locate the gflags.exe file on your computer.
Note The gflags.exe file is typically located in the following directory: C:\Program Files\Debugging Tools for Windows.
c. Run the gflags.exe file to start the Global Flags Editor.
d. In the Image File Name text box, type the image name of the process that hosts the service that you want to debug. For example, if you want to debug a service that is hosted by a process that has MyService.exe as the image name, type MyService.exe.
e. Under Destination, click to select the Image File Options option.
f. Under Image Debugger Options, click to select the Debugger check box.
g. In the Debugger text box, type the full path of the debugger that you want to use. For example, if you want to use the WinDbg debugger to debug a service, you can type a full path that is similar to the following: C:\Program Files\Debugging Tools for Windows\windbg.exe
h. Click Apply, and then click OK to quit the Global Flags Editor.
•
Method 2: Use Registry Editor
a. Click Start, and then click Run. The Run dialog box appears.
b. In the Open box, type regedit, and then click OK to start Registry Editor.
c. Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/) How to back up and restore the registry in Windows
In Registry Editor, locate, and then right-click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
d. Point to New, and then click Key. In the left pane of Registry Editor, notice that New Key #1 (the name of a new registry subkey) is selected for editing.
e. Type ImageName to replace New Key #1, and then press ENTER.
Note ImageName is a placeholder for the image name of the process that hosts the service that you want to debug. For example, if you want to debug a service that is hosted by a process that has MyService.exe as the image name, type MyService.exe.
f. Right-click the registry subkey that you created in step e.
g. Point to New, and then click String Value. In the right pane of Registry Editor, notice that New Value #1, the name of a new registry entry, is selected for editing.
h. Replace New Value #1 with Debugger, and then press ENTER.
i. Right-click the Debugger registry entry that you created in step h, and then click Modify. The Edit String dialog box appears.
j. In the Value data text box, type DebuggerPath, and then click OK.
Note DebuggerPath is a placeholder for the full path of the debugger that you want to use. For example, if you want to use the WinDbg debugger to debug a service, you can type a full path that is similar to the following:
C:\Progra~1\Debugg~1\windbg.exe
2. For the debugger window to appear on your desktop, and to interact with the debugger, make your service interactive. If you do not make your service interactive, the debugger will start but you cannot see it and you cannot issue commands. To make your service interactive, use one of the following methods:
•
Method 1: Use the Services console
a. Click Start, and then point to Programs.
b. On the Programs menu, point to Administrative Tools, and then click Services. The Services console appears.
c. In the right pane of the Services console, right-click ServiceName, and then click Properties.
Note ServiceName is a placeholder for the name of the service that you want to debug.
d. On the Log On tab, click to select the Allow service to interact with desktop check box under Local System account, and then click OK.
•
Method 2: Use Registry Editor
a. In Registry Editor, locate, and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceName
Note Replace ServiceName with the name of the service that you want to debug. For example, if you want to debug a service named MyService, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyService
b. Under the Name field in the right pane of Registry Editor, right-click Type, and then click Modify. The Edit DWORD Value dialog box appears.
c. Change the text in the Value data text box to the result of the binary OR operation with the binary value of the current text and the binary value, 0x00000100, as the two operands. The binary value, 0x00000100, corresponds to the SERVICE_INTERACTIVE_PROCESS constant that is defined in the WinNT.h header file on your computer. This constant specifies that a service is interactive in nature.
3. When a service starts, the service communicates to the Service Control Manager how long the service must have to start (the time-out period for the service). If the Service Control Manager does not receive a "service started" notice from the service within this time-out period, the Service Control Manager terminates the process that hosts the service. This time-out period is typically less than 30 seconds. If you do not adjust this time-out period, the Service Control Manager ends the process and the attached debugger while you are trying to debug. To adjust this time-out period, follow these steps:
a. In Registry Editor, locate, and then right-click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
b. Point to New, and then click DWORD Value. In the right pane of Registry Editor, notice that New Value #1 (the name of a new registry entry) is selected for editing.
c. Type ServicesPipeTimeout to replace New Value #1, and then press ENTER.
d. Right-click the ServicesPipeTimeout registry entry that you created in step c, and then click Modify. The Edit DWORD Value dialog box appears.
e. In the Value data text box, type TimeoutPeriod, and then click OK
Note TimeoutPeriod is a placeholder for the value of the time-out period (in milliseconds) that you want to set for the service. For example, if you want to set the time-out period to 24 hours (86400000 milliseconds), type 86400000.
f. Restart the computer. You must restart the computer for Service Control Manager to apply this change.
4. Start your Windows service. To do this, follow these steps:
a. Click Start, and then point to Programs.
b. On the Programs menu, point to Administrative Tools, and then click Services. The Services console appears.
c. In the right pane of the Services console, right-click ServiceName, and then click Start.
Note ServiceName is a placeholder for the name of the service that you want to debug.
===================================================
Saving a memory dump
To resolve system crashes through the inspection of memory dumps, set your servers and PCs to automatically save them with these steps:
1. Right-click on My Computer
2. Select Properties
3. Select Advanced
4. In the Start up and Recovery section, select Settings; this displays the Startup and Recovery dialog box
5. In the Write debugging information section, select kernel memory dump
No comments:
Post a Comment