?
查看基本命令帮助
对基本命令的简单说明,输出一般如下:
B[C|D|E][<bps>] - clear/disable/enable breakpoint(s)
BL - list breakpoints
BA <access> <size> <addr> - set processor breakpoint
BP <address> - set soft breakpoint
D[type][<range>] - dump memory
DT [-n|y] [[mod!]name] [[-n|y]fields]
[address] [-l list] [-a[]|c|i|o|r[#]|v] - dump using type information
DV [<name>] - dump local variables
DX [-r[#]] <expr> - display C++ expression using extension model (e.g.: NatVis)
E[type] <address> [<values>] - enter memory values
G[H|N] [=<address> [<address>...]] - go
K <count> - stacktrace
KP <count> - stacktrace with source arguments
LM[k|l|u|v] - list modules
LN <expr> - list nearest symbols
P [=<addr>] [<value>] - step over
Q - quit
R [[<reg> [= <expr>]]] - view or set registers
S[<opts>] <range> <values> - search memory
SX [{e|d|i|n} [-c "Cmd1"] [-c2 "Cmd2"] [-h] {Exception|Event|*}] - event filter
T [=<address>] [<expr>] - trace into
U [<range>] - unassemble
version - show debuggee and debugger version
X [<*|module>!]<*|symbol> - view symbols
? <expr> - display expression
?? <expr> - display C++ expression
$< <filename> - take input from a command file
Hit Enter...
<expr> unary ops: + - not by wo dwo qwo poi hi low
binary ops: + - * / mod(%) and(&) xor(^) or(|)
comparisons: == (=) < > !=
operands: number in current radix, public symbol, <reg>
<type> : b (byte), w (word), d[s] (doubleword [with symbols]),
a (ascii), c (dword and Char), u (unicode), l (list)
f (float), D (double), s|S (ascii/unicode string)
q (quadword)
<pattern> : [(nt | <dll-name>)!]<var-name> (<var-name> can include ? and *)
<range> : <address> <address>
: <address> L <count>
User-mode options:
~ - list threads status
~#s - set default thread
| - list processes status
|#s - set default process
x64 options:
DG <selector> - dump selector
<reg> : [r|e]ax, [r|e]bx, [r|e]cx, [r|e]dx, [r|e]si, [r|e]di, [r|e]bp, [r|e]sp, [r|e]ip, [e]fl,
r8-r15 with b/w/d subregisters
al, ah, bl, bh, cl, ch, dl, dh, cs, ds, es, fs, gs, ss
sil, dil, bpl, spl
dr0, dr1, dr2, dr3, dr6, dr7
fpcw, fpsw, fptw, st0-st7, mm0-mm7
xmm0-xmm15
<flag> : iopl, of, df, if, tf, sf, zf, af, pf, cf
<addr> : #<16-bit protect-mode [seg:]address>,
&<V86-mode [seg:]address>
.help
查看元命令帮助信息
.help <option> <command> 显示 command的帮助信息 option 可选,可以为 /D(使用DML output输出 关于DML,debug 10.0.10586.567版本 。无论加不加 /D选项 都是使用 DML方式输出)
.help /D help 输出关于 .help(查看的command不需要添加 .)的帮助信息:
也可以输入 .help /D h* 查看所有以 h 开头的命令的帮助信息
.hh
打开帮助文档
.hh <helptext>
打开帮助文档并定位到helptext相关的信息
还是以查看 .help元命令帮助为例,输入 .hh .help:
.chain
列出加载的扩展列表
.extmatch
.extmatch /e <ExtDLL> <FunctionFilter>
显示 扩展中(extdll)的命令(FunctionFilter)
!help
扩展中定义的帮助,在help前加扩展名,调用对用扩展的help命令。
例如
!sos.help
!sosex.help