GDB 和 windbg 命令对照(转载)

时间:2024-11-03 13:07:44

From:http://blog.****.net/joeleechj/article/details/10020501

命令                                          windbg                                   gdb 
附加                                          attach                                      attach 
脱离附加                                  detach                                     detach 
运行                                          g/F5                                          run/r 
继续                                          g/F5                                          continue/c 
步过                                          p/F10                                         n/ni 
步进                                          F11                                            s/si 
执行到返回                             gu                                               finish 
下断点                                     bp ba                                         break/br 
查看断点                                 bl                                                info break 
禁止断点                                 bd                                              disable breakpoint 
开启断点                                be                                               enable breakpoint 
删除断点                                bc                                               delete breakpoints 
查看寄存器                            r                                                  info register/i r 
修改寄存器                            r                                                  set 
查看内存                               db dw dd                                      x 
修改内存                               eb ew ed                                     set {type}address 
查看调用栈                           k kb kb kPL                                bt 
查看全部线程                       ~*                                                 info threads 
线程切换                             ~ threadid s                                 thread threadid

查看进程                                   | *                                             info inferior

进程切换                                   | pid s                                      inferior

查看符号                                   x module!symbol                   info symbol

反汇编                                       u uf                                           x /i            disassemble

寄存器表示                                eax....                                      $eax  ...

条件断点举例,设置断点当esp+4指向的四字节内存值为31时停下:

windbg:   bp address if(poi(@esp+4)=0x1f)

gdb:         break *address if {int}($esp+4)  == 0x1f