zoukankan html css js c++ java

windbg调试命令3(sx、ld)

1.sx

sx* 命令用来控制被调试的程序发生某个异常或特定事件时，调试器要采取的动作

sx 命令显示当前进程的异常列表和所有非异常的事件列表，并且显示调试器遇到每个异常和事件时的行为。

sxr 命令将所有异常和事件过滤器的状态重设为默认值。命令被清除、中断和继续选项被重设为默认值，等等。

sx这个命令的输出信息可以分为三个部分：

第一部分是事件处理与相应处理模式的交互，第二部分是标准的异常交互和处理行为，最后一部分是用户自定义的异常交互和处理行为

以下面为例，我们先输入sxr再输入sx看下默认的处理行为都是怎么样的:

0:000> sxr

sx state reset to defaults
0:000> sx
ct - Create thread - ignore
et - Exit thread - ignore
cpr - Create process - ignore
epr - Exit process - ignore
ld - Load module - output
ud - Unload module - ignore
ser - System error - ignore
ibp - Initial breakpoint - ignore
iml - Initial module load - ignore
out - Debuggee output - output
av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
aph - Application hang - break - not handled
bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
eh - C++ EH exception - second-chance break - not handled
clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
cce - Control-Break exception - break
cc - Control-Break exception continue - handled
cce - Control-C exception - break
cc - Control-C exception continue - handled
dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
gp - Guard page violation - break - not handled
ii - Illegal instruction - second-chance break - not handled
ip - In-page I/O error - break - not handled
dz - Integer divide-by-zero - break - not handled
iov - Integer overflow - break - not handled
ch - Invalid handle - break
hc - Invalid handle continue - not handled
lsq - Invalid lock sequence - break - not handled
isc - Invalid system call - break - not handled
3c - Port disconnected - second-chance break - not handled
svh - Service hang - break - not handled
sse - Single step exception - break
ssec - Single step exception continue - handled
sbo - Stack buffer overflow - break - not handled
sov - Stack overflow - break - not handled
vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
wkd - Wake debugger - break - not handled
wob - WOW64 breakpoint - break - handled
wos - WOW64 single step exception - break - handled
* - Other exception - second-chance break - not handled

0:000> sxr
sx state reset to defaults
0:000> sx
  ct - Create thread - ignore
  et - Exit thread - ignore
 cpr - Create process - ignore
 epr - Exit process - ignore
  ld - Load module - output
  ud - Unload module - ignore
 ser - System error - ignore
 ibp - Initial breakpoint - ignore
 iml - Initial module load - ignore
 out - Debuggee output - output

  av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
 aph - Application hang - break - not handled
 bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
  eh - C++ EH exception - second-chance break - not handled
 clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
 cce - Control-Break exception - break
  cc - Control-Break exception continue - handled
 cce - Control-C exception - break
  cc - Control-C exception continue - handled
  dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
  gp - Guard page violation - break - not handled
  ii - Illegal instruction - second-chance break - not handled
  ip - In-page I/O error - break - not handled
  dz - Integer divide-by-zero - break - not handled
 iov - Integer overflow - break - not handled
  ch - Invalid handle - break
  hc - Invalid handle continue - not handled
 lsq - Invalid lock sequence - break - not handled
 isc - Invalid system call - break - not handled
  3c - Port disconnected - second-chance break - not handled
 svh - Service hang - break - not handled
 sse - Single step exception - break
ssec - Single step exception continue - handled
 sbo - Stack buffer overflow - break - not handled
 sov - Stack overflow - break - not handled
  vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
 wkd - Wake debugger - break - not handled
 wob - WOW64 breakpoint - break - handled
 wos - WOW64 single step exception - break - handled

   * - Other exception - second-chance break - not handled

随便找个出来ld - Load module - output,说明在加载模块时的行为是输出，OK,我们把它断掉:

sxe	Break (Enabled)	当发生该异常时，在任何错误处理器被激活之前目标立即中断到调试器中。这种处理类型称为第一次处理机会。
sxd	Second chance break (Disabled)	发生该类异常时，调试器不会在第一次处理机会时中断(虽然会显示信息)。如果其他错误处理器没有处理掉该异常，执行会停止下来并中断到调试器。这种处理类型称为第二次处理机会。
sxn	Output (Notify)	当该异常发生时，目标程序不中断到调试器中。但是，会通过一条消息提示发生了异常。
sxi	Ignore	异常发生时，目标程序不中断到调试器，并且不会显示信息。

使用sxe　ld试试

:000> sxe ld

0:000> sx
ct - Create thread - ignore
et - Exit thread - ignore
cpr - Create process - ignore
epr - Exit process - ignore
ld - Load module - break

:000> sxe ld
0:000> sx
  ct - Create thread - ignore
  et - Exit thread - ignore
 cpr - Create process - ignore
 epr - Exit process - ignore
  ld - Load module - break

再次调用sx查看，我们发现现在变成了ld - Load module - break，处理行为变成了break，运行试试

0:000> g

ModLoad: 73fa0000 7400b000 C:\WINDOWS\system32\USP10.dll
eax=77ef23d4 ebx=00000000 ecx=77ef7c79 edx=62c25200 esi=00000000 edi=00000000
eip=7c92e514 esp=0012e8c0 ebp=0012e9b4 iopl=0 nv up ei ng nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000296
ntdll!KiFastSystemCallRet:
7c92e514 c3 ret
0:000> kb
ChildEBP RetAddr Args to Child
0012e8bc 7c92d52a 7c93adfb 000007d0 ffffffff ntdll!KiFastSystemCallRet
0012e8c0 7c93adfb 000007d0 ffffffff 0012e998 ntdll!NtMapViewOfSection+0xc
0012e9b4 7c93c880 001531a0 7ffdfc00 00000000 ntdll!LdrpMapDll+0x330
0012ec14 7c9446f2 001531a0 62c202d4 62c20000 ntdll!LdrpLoadImportModule+0x174
0012ec58 7c94469b 7ffd9000 001531a0 00253128 ntdll!LdrpHandleOneNewFormatImportDescriptor+0x53
0012ec78 7c9447d5 7ffd9000 001531a0 00253128 ntdll!LdrpHandleNewFormatImportDescriptors+0x20
0012ecf4 7c936227 001531a0 00253128 c0150008 ntdll!LdrpWalkImportDescriptor+0x19e
0012efa4 7c93643d 00000000 001531a0 0012f298 ntdll!LdrpLoadDll+0x24e
0012f24c 7c801bbd 001531a0 0012f298 0012f278 ntdll!LdrLoadDll+0x230
0012f2b4 7c80aefc 77ef1a1c 00000000 00000000 kernel32!LoadLibraryExW+0x18e
0012f2c8 77f1da06 77ef1a1c 00000000 7ffdf000 kernel32!LoadLibraryW+0x11
0012f2f0 77f14361 0000001f 00000000 77d712a0 GDI32!GdiInitializeLanguagePack+0x15
0012f304 77d1a03d 00000000 00000000 7c946102 GDI32!GdiProcessSetup+0x11d
0012f444 77d1a143 7c92e473 0012f458 00000000 USER32!ClientThreadSetup+0x33
0012f448 7c92e473 0012f458 00000000 77ef67c4 USER32!__ClientThreadSetup+0x5
0012f454 77ef67c4 77ef6553 0012f5a8 0012f9f0 ntdll!KiUserCallbackDispatcher+0x13
0012f464 77d1b473 77d10000 00000001 0012fd30 GDI32!NtGdiInit+0xc
0012f9f0 7c92118a 77d10000 00000001 0012fd30 USER32!_UserClientDllInitialize+0x315
0012fa10 7c93b5d2 77d1b217 77d10000 00000001 ntdll!LdrpCallInitRoutine+0x14
0012fb18 7c93fbdc 0012fd30 7ffdf000 7ffd9000 ntdll!LdrpRunInitializeRoutines+0x344
0:000> du 77ef1a1c
77ef1a1c "LPK.DLL"

0:000> g
ModLoad: 73fa0000 7400b000   C:\WINDOWS\system32\USP10.dll
eax=77ef23d4 ebx=00000000 ecx=77ef7c79 edx=62c25200 esi=00000000 edi=00000000
eip=7c92e514 esp=0012e8c0 ebp=0012e9b4 iopl=0         nv up ei ng nz ac pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000296
ntdll!KiFastSystemCallRet:
7c92e514 c3              ret
0:000> kb
ChildEBP RetAddr  Args to Child              
0012e8bc 7c92d52a 7c93adfb 000007d0 ffffffff ntdll!KiFastSystemCallRet
0012e8c0 7c93adfb 000007d0 ffffffff 0012e998 ntdll!NtMapViewOfSection+0xc
0012e9b4 7c93c880 001531a0 7ffdfc00 00000000 ntdll!LdrpMapDll+0x330
0012ec14 7c9446f2 001531a0 62c202d4 62c20000 ntdll!LdrpLoadImportModule+0x174
0012ec58 7c94469b 7ffd9000 001531a0 00253128 ntdll!LdrpHandleOneNewFormatImportDescriptor+0x53
0012ec78 7c9447d5 7ffd9000 001531a0 00253128 ntdll!LdrpHandleNewFormatImportDescriptors+0x20
0012ecf4 7c936227 001531a0 00253128 c0150008 ntdll!LdrpWalkImportDescriptor+0x19e
0012efa4 7c93643d 00000000 001531a0 0012f298 ntdll!LdrpLoadDll+0x24e
0012f24c 7c801bbd 001531a0 0012f298 0012f278 ntdll!LdrLoadDll+0x230
0012f2b4 7c80aefc 77ef1a1c 00000000 00000000 kernel32!LoadLibraryExW+0x18e
0012f2c8 77f1da06 77ef1a1c 00000000 7ffdf000 kernel32!LoadLibraryW+0x11
0012f2f0 77f14361 0000001f 00000000 77d712a0 GDI32!GdiInitializeLanguagePack+0x15
0012f304 77d1a03d 00000000 00000000 7c946102 GDI32!GdiProcessSetup+0x11d
0012f444 77d1a143 7c92e473 0012f458 00000000 USER32!ClientThreadSetup+0x33
0012f448 7c92e473 0012f458 00000000 77ef67c4 USER32!__ClientThreadSetup+0x5
0012f454 77ef67c4 77ef6553 0012f5a8 0012f9f0 ntdll!KiUserCallbackDispatcher+0x13
0012f464 77d1b473 77d10000 00000001 0012fd30 GDI32!NtGdiInit+0xc
0012f9f0 7c92118a 77d10000 00000001 0012fd30 USER32!_UserClientDllInitialize+0x315
0012fa10 7c93b5d2 77d1b217 77d10000 00000001 ntdll!LdrpCallInitRoutine+0x14
0012fb18 7c93fbdc 0012fd30 7ffdf000 7ffd9000 ntdll!LdrpRunInitializeRoutines+0x344
0:000> du 77ef1a1c 
77ef1a1c  "LPK.DLL"

果然断下来了，断在加载LPK.dll模块时，那么如果我们只想让它在加载SkinHgy.dll时断下来怎么办呢？需要介绍下ld了

２.ld
ld(load symbols)命令加载指定模块的符号并刷新所有模块信息。

ModuleName 指定要加载符号的模块名。ModuleName 可以包含各种通配符和修饰符。可以包含通配符，这是个好消息

0:000> lm

start end module name
00400000 00b89000 Simple1Demo (deferred)
7c920000 7c9b6000 ntdll (pdb symbols) c:\mysymbol\ntdll.pdb\CEFC0863B1F84130A11E0F54180CD21A2\ntdll.pdb
0:000> ld Simple1Demo
*** WARNING: Unable to verify checksum for Simple1Demo.exe
Symbols loaded for Simple1Demo
0:000> lm
start end module name
00400000 00b89000 Simple1Demo C (private pdb symbols) D:\project\代码\新控件库\SkinHgy\Debug\Simple1Demo.pdb
7c920000 7c9b6000 ntdll (pdb symbols) c:\mysymbol\ntdll.pdb\CEFC0863B1F84130A11E0F54180CD21A2\ntdll.pdb

0:000> lm
start    end        module name
00400000 00b89000   Simple1Demo   (deferred)             
7c920000 7c9b6000   ntdll      (pdb symbols)          c:\mysymbol\ntdll.pdb\CEFC0863B1F84130A11E0F54180CD21A2\ntdll.pdb
0:000> ld Simple1Demo
*** WARNING: Unable to verify checksum for Simple1Demo.exe
Symbols loaded for Simple1Demo
0:000> lm
start    end        module name
00400000 00b89000   Simple1Demo C (private pdb symbols)  D:\project\代码\新控件库\SkinHgy\Debug\Simple1Demo.pdb
7c920000 7c9b6000   ntdll      (pdb symbols)          c:\mysymbol\ntdll.pdb\CEFC0863B1F84130A11E0F54180CD21A2\ntdll.pdb

再加载次试试:

0:000> ld Simple1Demo

Symbols already loaded for Simple1Demo

0:000> ld Simple1Demo
Symbols already loaded for Simple1Demo

提示已加载，看来还是.reload好用啊。那么接着１，我们来设置只在ld　skinhgy时断下来：

0:000> sx

ct - Create thread - ignore
et - Exit thread - ignore
cpr - Create process - ignore
epr - Exit process - ignore
ld - Load module - break
ud - Unload module - ignore
ser - System error - ignore
ibp - Initial breakpoint - ignore
iml - Initial module load - ignore
out - Debuggee output - output
av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
aph - Application hang - break - not handled
bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
eh - C++ EH exception - second-chance break - not handled
clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
cce - Control-Break exception - break
cc - Control-Break exception continue - handled
cce - Control-C exception - break
cc - Control-C exception continue - handled
dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
gp - Guard page violation - break - not handled
ii - Illegal instruction - second-chance break - not handled
ip - In-page I/O error - break - not handled
dz - Integer divide-by-zero - break - not handled
iov - Integer overflow - break - not handled
ch - Invalid handle - break
hc - Invalid handle continue - not handled
lsq - Invalid lock sequence - break - not handled
isc - Invalid system call - break - not handled
3c - Port disconnected - second-chance break - not handled
svh - Service hang - break - not handled
sse - Single step exception - break
ssec - Single step exception continue - handled
sbo - Stack buffer overflow - break - not handled
sov - Stack overflow - break - not handled
vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
wkd - Wake debugger - break - not handled
wob - WOW64 breakpoint - break - handled
wos - WOW64 single step exception - break - handled
* - Other exception - second-chance break - not handled
0:000> sex ld skinhgy.dll
Couldn't resolve error at 'ex '
0:000> sxe ld skinhgy.dll
0:000> sx
ct - Create thread - ignore
et - Exit thread - ignore
cpr - Create process - ignore
epr - Exit process - ignore
ld - Load module - break
(only break for skinhgy.dll)
ud - Unload module - ignore
ser - System error - ignore
ibp - Initial breakpoint - ignore
iml - Initial module load - ignore
out - Debuggee output - output
av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
aph - Application hang - break - not handled
bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
eh - C++ EH exception - second-chance break - not handled
clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
cce - Control-Break exception - break
cc - Control-Break exception continue - handled
cce - Control-C exception - break
cc - Control-C exception continue - handled
dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
gp - Guard page violation - break - not handled
ii - Illegal instruction - second-chance break - not handled
ip - In-page I/O error - break - not handled
dz - Integer divide-by-zero - break - not handled
iov - Integer overflow - break - not handled
ch - Invalid handle - break
hc - Invalid handle continue - not handled
lsq - Invalid lock sequence - break - not handled
isc - Invalid system call - break - not handled
3c - Port disconnected - second-chance break - not handled
svh - Service hang - break - not handled
sse - Single step exception - break
ssec - Single step exception continue - handled
sbo - Stack buffer overflow - break - not handled
sov - Stack overflow - break - not handled
vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
wkd - Wake debugger - break - not handled
wob - WOW64 breakpoint - break - handled
wos - WOW64 single step exception - break - handled
* - Other exception - second-chance break - not handled

0:000> sx
  ct - Create thread - ignore
  et - Exit thread - ignore
 cpr - Create process - ignore
 epr - Exit process - ignore
  ld - Load module - break
  ud - Unload module - ignore
 ser - System error - ignore
 ibp - Initial breakpoint - ignore
 iml - Initial module load - ignore
 out - Debuggee output - output

  av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
 aph - Application hang - break - not handled
 bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
  eh - C++ EH exception - second-chance break - not handled
 clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
 cce - Control-Break exception - break
  cc - Control-Break exception continue - handled
 cce - Control-C exception - break
  cc - Control-C exception continue - handled
  dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
  gp - Guard page violation - break - not handled
  ii - Illegal instruction - second-chance break - not handled
  ip - In-page I/O error - break - not handled
  dz - Integer divide-by-zero - break - not handled
 iov - Integer overflow - break - not handled
  ch - Invalid handle - break
  hc - Invalid handle continue - not handled
 lsq - Invalid lock sequence - break - not handled
 isc - Invalid system call - break - not handled
  3c - Port disconnected - second-chance break - not handled
 svh - Service hang - break - not handled
 sse - Single step exception - break
ssec - Single step exception continue - handled
 sbo - Stack buffer overflow - break - not handled
 sov - Stack overflow - break - not handled
  vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
 wkd - Wake debugger - break - not handled
 wob - WOW64 breakpoint - break - handled
 wos - WOW64 single step exception - break - handled

   * - Other exception - second-chance break - not handled
0:000> sex ld skinhgy.dll
Couldn't resolve error at 'ex '
0:000> sxe ld skinhgy.dll
0:000> sx
  ct - Create thread - ignore
  et - Exit thread - ignore
 cpr - Create process - ignore
 epr - Exit process - ignore
  ld - Load module - break
       (only break for skinhgy.dll)
  ud - Unload module - ignore
 ser - System error - ignore
 ibp - Initial breakpoint - ignore
 iml - Initial module load - ignore
 out - Debuggee output - output

  av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
 aph - Application hang - break - not handled
 bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
  eh - C++ EH exception - second-chance break - not handled
 clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
 cce - Control-Break exception - break
  cc - Control-Break exception continue - handled
 cce - Control-C exception - break
  cc - Control-C exception continue - handled
  dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
  gp - Guard page violation - break - not handled
  ii - Illegal instruction - second-chance break - not handled
  ip - In-page I/O error - break - not handled
  dz - Integer divide-by-zero - break - not handled
 iov - Integer overflow - break - not handled
  ch - Invalid handle - break
  hc - Invalid handle continue - not handled
 lsq - Invalid lock sequence - break - not handled
 isc - Invalid system call - break - not handled
  3c - Port disconnected - second-chance break - not handled
 svh - Service hang - break - not handled
 sse - Single step exception - break
ssec - Single step exception continue - handled
 sbo - Stack buffer overflow - break - not handled
 sov - Stack overflow - break - not handled
  vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
 wkd - Wake debugger - break - not handled
 wob - WOW64 breakpoint - break - handled
 wos - WOW64 single step exception - break - handled

   * - Other exception - second-chance break - not handled

我们已经restart了，但ld的状态还没有变，所以WinDBG会自动把一些东西记录到工作空间（Workspace）里，因为工作空间是隐式管理的，所以容易让初用WinDBG的人摸不着头脑，像MJ说的那样操作一下，并且保存到工作空间中（结束调试时，WinDBG询问要不要保存工作空间时选YES），或者干脆删除工作空间就可以了，当然也可以写成

0:000> sxe ld skin*

0:000> sx
ct - Create thread - ignore
et - Exit thread - ignore
cpr - Create process - ignore
epr - Exit process - ignore
ld - Load module - break
(only break for skin*)
ud - Unload module - ignore
ser - System error - ignore
ibp - Initial breakpoint - ignore
iml - Initial module load - ignore
out - Debuggee output - output
av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
aph - Application hang - break - not handled
bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
eh - C++ EH exception - second-chance break - not handled
clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
cce - Control-Break exception - break
cc - Control-Break exception continue - handled
cce - Control-C exception - break
cc - Control-C exception continue - handled
dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
gp - Guard page violation - break - not handled
ii - Illegal instruction - second-chance break - not handled
ip - In-page I/O error - break - not handled
dz - Integer divide-by-zero - break - not handled
iov - Integer overflow - break - not handled
ch - Invalid handle - break
hc - Invalid handle continue - not handled
lsq - Invalid lock sequence - break - not handled
isc - Invalid system call - break - not handled
3c - Port disconnected - second-chance break - not handled
svh - Service hang - break - not handled
sse - Single step exception - break
ssec - Single step exception continue - handled
sbo - Stack buffer overflow - break - not handled
sov - Stack overflow - break - not handled
vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
wkd - Wake debugger - break - not handled
wob - WOW64 breakpoint - break - handled
wos - WOW64 single step exception - break - handled
* - Other exception - second-chance break - not handled

0:000> sxe ld skin*
0:000> sx
  ct - Create thread - ignore
  et - Exit thread - ignore
 cpr - Create process - ignore
 epr - Exit process - ignore
  ld - Load module - break
       (only break for skin*)
  ud - Unload module - ignore
 ser - System error - ignore
 ibp - Initial breakpoint - ignore
 iml - Initial module load - ignore
 out - Debuggee output - output

  av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
 aph - Application hang - break - not handled
 bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
  eh - C++ EH exception - second-chance break - not handled
 clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
 cce - Control-Break exception - break
  cc - Control-Break exception continue - handled
 cce - Control-C exception - break
  cc - Control-C exception continue - handled
  dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
  gp - Guard page violation - break - not handled
  ii - Illegal instruction - second-chance break - not handled
  ip - In-page I/O error - break - not handled
  dz - Integer divide-by-zero - break - not handled
 iov - Integer overflow - break - not handled
  ch - Invalid handle - break
  hc - Invalid handle continue - not handled
 lsq - Invalid lock sequence - break - not handled
 isc - Invalid system call - break - not handled
  3c - Port disconnected - second-chance break - not handled
 svh - Service hang - break - not handled
 sse - Single step exception - break
ssec - Single step exception continue - handled
 sbo - Stack buffer overflow - break - not handled
 sov - Stack overflow - break - not handled
  vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
 wkd - Wake debugger - break - not handled
 wob - WOW64 breakpoint - break - handled
 wos - WOW64 single step exception - break - handled

   * - Other exception - second-chance break - not handled

这样所有的Skin＊模块都会触发断点

sx{e|d|i|n} [-c "Cmd1"] [-c2 "Cmd2"] [-h] {Exception|Event|*}

-c "Cmd1"

指定一个当异常或事件发生时要执行的命令。该命令在异常的第一次处理机会时执行（也就是第一轮异常），不管该异常是否会中断到调试器。Cmd1 字符串必须包含在引号中。该字符串可以包含多条用分号分隔的命令。-c和括起来的命令字符串之间的空格是可选的。

-c2 "Cmd2"

指定当异常或事件发生并且没有在第一次处理机会被处理时执行的命令。该命令在异常的第二次处理机会时执行，（也就是第二轮异常），不管它是否会中断到调试器。Cmd2 字符串必须包含在引号中。该字符串可以包含多条用分号分隔的命令。-c2 和括起来的命令字符串之间的空格是可选的。

-h

改变指定事件的处理状态而不是中断状态。如果Event 是cc、hc、bpec或ssec，-h 选项不是一定需要。

比如我要在第一次加载SkinHgy.dll时断下来并打印ＭＳＧ:

0:000> sxe -c".echo 'skinhgy.dll loading'" ld:skinhgy.dll

0:000> sx
ct - Create thread - ignore
et - Exit thread - ignore
cpr - Create process - ignore
epr - Exit process - break
ld - Load module - break
Command: ".echo 'skinhgy.dll loading'"
(only break for skinhgy.dll)
ud - Unload module - ignore

0:000> sxe -c".echo 'skinhgy.dll loading'" ld:skinhgy.dll 
0:000> sx
  ct - Create thread - ignore
  et - Exit thread - ignore
 cpr - Create process - ignore
 epr - Exit process - break
  ld - Load module - break
       Command: ".echo 'skinhgy.dll loading'"
       (only break for skinhgy.dll)
  ud - Unload module - ignore

运行后：

0:000> g

ModLoad: 10000000 10301000 D:\project\代码\新控件库\SkinHgy\Debug\SkinHgy.dll
'skinhgy.dll loading'

0:000> g
ModLoad: 10000000 10301000   D:\project\代码\新控件库\SkinHgy\Debug\SkinHgy.dll
'skinhgy.dll loading'

这里介绍种ＧＵＩ使用的方法：

Debug--Event Filters打开：

我们看到我们先前加载的SkinHgy.dll都在,事件(-c和-c2）对应Commands按钮来修改，中断状态可以通过"Execution"来修改,还可以通过Add和Remove来增加或删除异常码.

至于

Enabled对应Break

Disabled对应Second chance break

sxe	Handled	执行返回时，事件被标识为已处理。
sxd, sxn, sxi	Not Handled	执行返回时，事件被标识为未处理。

windbg帮助上写得很清楚了.

补充点：

Sxe av //当access violation发生就停止

Sxd eh//当C++ exception发生，调试器什么都不做

这两个很有用，今天在调程序时发现内存访问一直被断，用sxi av就行了，不过为什么windbg帮助文档查不到av

查看全文

相关阅读:
简单家庭记账本app开发进度四
 简单家庭记账本app开发进度三
 简单家庭记账本app开发进度二
 构建之法阅读笔记一
 寒假学习进度七
 简单家庭记账本app开发进度一
 【Java每日一题】20170328
【Java每日一题】20170327
【Java每日一题】20170324
【Java每日一题】20170323

原文地址：https://www.cnblogs.com/guanlaiy/p/2822920.html