我正在尝试使用Powerdbg模块来分析内核转储。我已经成功地安装了模块。但我无法开始新的会话。
New-DbgSession -dump F:Downloads�21715-61105-01.dmp
但它打开一个名为"CDB.exe"的空白命令提示符,什么也不做。我的机器上安装了Windbg。并且"debuggerroot"变量正确地指向了它的路径。我可能做错了什么?
codeplex Powerdbg讨论页未处于活动状态。
我一直打算尝试一下,所以我下载了最新的软件包并进行了测试,结果如下所示,看看你是否可以通过
我创建了一个bat文件,它将DebuggingTools环境变量设置为windows 8.0调试器安装(xp虚拟机)在bat文件中,我使用Import模块调用powershell当我得到ps命令提示符时,我会启动一个新的详细dbgSession,其中包含一个位于c:\的dumpfile test.dmp
:dir /b
Install_PowerDbg.bat
PowerDbg.psm1
PowerDbgConsole.ps1
PowerDbg_6.10.10.22.zip
runpdbg.bat
:type runpdbg.bat
set DebuggingTools=c:Program FilesWindows Kits8.0Debuggersx86
c:WINDOWSsystem32WindowsPowerShellv1.0powershell.exe -nologo -noexit -comma
nd "Import-Module" .powerdbg.psm1
:runpdbg.bat
:set DebuggingTools=c:Program FilesWindows Kits8.0Debuggersx86
:c:WINDOWSsystem32WindowsPowerShellv1.0powershell.exe -nologo -noexit -comm
and "Import-Module" .powerdbg.psm1
WARNING: Some imported command names include unapproved verbs which might make
them less discoverable. Use the Verbose parameter for more detail or type
Get-Verb to see the list of approved verbs.
WARNING: Some imported command names contain one or more of the following
restricted characters: # , ( ) {{ }} [ ] & - / $ ^ ; : " ' < > | ? @ ` * % +
= ~
PS C:Documents and SettingsAdminDesktopPowerDbg_6.10.10.22> New-DbgSession -
verbose -dump C:test.dmp
VERBOSE: Using debugging tools from c:Program FilesWindows
Kits8.0Debuggersx86
VERBOSE: c:Program FilesWindows Kits8.0Debuggersx86CDB.exe -z C:test.dmp
VERBOSE:
Verb :
Arguments : -z C:test.dmp
CreateNoWindow : False
EnvironmentVariables : {pathext, homepath, symbol_path, clientname...}
RedirectStandardInput : True
RedirectStandardOutput : True
RedirectStandardError : True
StandardErrorEncoding :
StandardOutputEncoding :
UseShellExecute : False
Verbs : {Enable/Disable Digital Signature Icons, open, Open
i
n PPEE (puppy), Open with CFF Explorer...}
UserName :
Password :
Domain :
LoadUserProfile : False
FileName : c:Program FilesWindows
Kits8.0Debuggersx86CDB.e
xe
WorkingDirectory : C:Documents and
SettingsAdminDesktopPowerDbg_6.10
.10.22
ErrorDialog : False
ErrorDialogParentHandle : 0
WindowStyle : Normal
VERBOSE: RX (discard)
VERBOSE: TX: .echo PowerDbg connected
VERBOSE: RX: PowerDbg connected
VERBOSE: RX: 0:000> PowerDbg_Complete_184742.640
VERBOSE: RX Complete
VERBOSE: RX (discard) 0:000>
VERBOSE: TX: .printf "%dn", @$ptrsize
VERBOSE: RX: 4
VERBOSE: RX: 0:000> PowerDbg_Complete_184742.656
VERBOSE: RX Complete
VERBOSE: Connected to 32 bit process/dump
PS C:Documents and SettingsAdminDesktopPowerDbg_6.10.10.22>
该命令似乎也能正确启动会话(您可能需要在函数Get-DbgToolsLocation()中powerdbg.psm1第440行的$searchpath中显式添加调试器路径
powershell.exe -nologo -noexit -File PowerDbgConsole.ps1 -verbose -dump c:test.dmp