2.6. WineDbg Command Reference
2.6.1. Misc
abort aborts the debugger
quit exits the debugger
attach N attach to a W-process (N is its ID). IDs can be
obtained using the walk process command
detach detach from a W-process. WineDbg will exit (this may
be changed later on)
|
help prints some help on the commands
help info prints some help on info commands
|
mode 16 switch to 16 bit mode
mode 32 switch to 32 bit mode
|
2.6.2. Flow control
cont continue execution until next breakpoint or exception.
pass pass the exception event up to the filter chain.
step continue execution until next C line of code (enters
function call)
next continue execution until next C line of code (doesn't
enter function call)
stepi execute next assembly instruction (enters function
call)
nexti execute next assembly instruction (doesn't enter
function call)
finish do nexti commands until current function is exited
|
cont, step, next, stepi, nexti can be postfixed by a
number (N), meaning that the command must be executed N
times.
2.6.3. Breakpoints, watch points
enable N enables (break|watch)point #N
disable N disables (break|watch)point #N
delete N deletes (break|watch)point #N
cond N removes any a existing condition to (break|watch)point N
cond N <expr> adds condition <expr> to (break|watch)point N. <expr>
will be evaluated each time the breakpoint is hit. If
the result is a zero value, the breakpoint isn't
triggered
break * N adds a breakpoint at address N
break <id> adds a breakpoint at the address of symbol <id>
break <id> N adds a breakpoint at the address of symbol <id> (N ?)
break N adds a breakpoint at line N of current source file
break adds a breakpoint at current $pc address
watch * N adds a watch command (on write) at address N (on 4 bytes)
watch <id> adds a watch command (on write) at the address of
symbol <id>
info break lists all (break|watch)points (with state)
|
When setting a breakpoint on an <id>, if several symbols with this
<id> exist, the debugger will prompt for the symbol you want to use.
Pick up the one you want from its number.
Alternatively you can specify a DLL in the <id> (for example
MYDLL.DLL.myFunc for function myFunc of
G:\AnyPath\MyDll.dll).
You can use the symbol EntryPoint to stand for
the entry point of the Dll.
When setting a break/watch-point by <id>, if the symbol cannot be found (for example, the symbol is contained in a not yet loaded module), winedbg will
recall the name of the symbol and will try to set the breakpoint each time a new module is loaded (until it succeeds).
2.6.4. Stack manipulation
bt print calling stack of current thread
bt N print calling stack of thread of ID N (note: this
doesn't change the position of the current frame as
manipulated by the up & dn commands)
up goes up one frame in current thread's stack
up N goes up N frames in current thread's stack
dn goes down one frame in current thread's stack
dn N goes down N frames in current thread's stack
frame N set N as the current frame for current thread's stack
info local prints information on local variables for current
function
|
2.6.5. Directory & source file manipulation
show dir
dir <pathname>
dir
symbolfile <pathname> loads external symbol definition
symbolfile <pathname> N loads external symbol definition
(applying an offset of N to addresses)
|
list lists 10 source lines from current position
list - lists 10 source lines before current position
list N lists 10 source lines from line N in current file
list <path>:N lists 10 source lines from line N in file <path>
list <id> lists 10 source lines of function <id>
list * N lists 10 source lines from address N
|
You can specify the end target (to change the 10 lines
value) using the ','. For example:
list 123, 234 lists source lines from line 123 up to line 234 in
current file
list foo.c:1,56 lists source lines from line 1 up to 56 in file foo.c
|
2.6.6. Displaying
A display is an expression that's evaluated and printed
after the execution of any WineDbg
command.
display lists the active displays
info display (same as above command)
display <expr> adds a display for expression <expr>
display /fmt <expr> adds a display for expression <expr>. Printing
evaluated <expr> is done using the given format (see
print command for more on formats)
del display N deletes display #N
undisplay N (same as del display)
|
2.6.7. Disassembly
disas disassemble from current position
disas <expr> disassemble from address <expr>
disas <expr>,<expr>disassembles code between addresses specified by
the two <expr>
|
2.6.8. Information on Wine's internals
info class <id> prints information on Windows's class <id>
walk class lists all Windows' class registered in Wine
info share lists all the dynamic libraries loaded the debugged
program (including .so files, NE and PE DLLs)
info module <N> prints information on module of handle <N>
walk module lists all modules loaded by debugged program
info regs prints the value of CPU register
info segment <N>prints information on segment <N>
info segment lists all allocated segments
info stack prints the values on top of the stack
walk map lists all virtual mappings used by the debugged
program
walk map <N> lists all virtual mappings used by the program of pid <N>
info wnd <N> prints information of Window of handle <N>
walk wnd lists all the window hierarchy starting from the
desktop window
walk wnd <N> lists all the window hierarchy starting from the
window of handle <N>
walk process lists all w-processes in Wine session
walk thread lists all w-threads in Wine session
walk exception lists the exception frames (starting from current
stack frame)
|
2.6.9. Memory (reading, writing, typing)
x <expr> examines memory at <expr> address
x /fmt <expr> examines memory at <expr> address using format /fmt
print <expr> prints the value of <expr> (possibly using its type)
print /fmt <expr> prints the value of <expr> (possibly using its
type)
set <lval>=<expr> writes the value of <expr> in <lval>
whatis <expr> prints the C type of expression <expr>
|
/fmt is either /<letter> or
/<count><letter> letter can be
s => an ASCII string
u => an Unicode UTF16 string
i => instructions (disassemble)
x => 32 bit unsigned hexadecimal integer
d => 32 bit signed decimal integer
w => 16 bit unsigned hexadecimal integer
c => character (only printable 0x20-0x7f are actuallyprinted)
b => 8 bit unsigned hexadecimal integer
g => GUID
|
2.6.10. Expressions
Expressions in Wine Debugger are mostly written in a C form. However, there
are a few discrepancies:
Identifiers can take a '.' in their names. This allow
mainly to access symbols from different DLLs like
USER32.DLL.CreateWindowA.
The debugger will try to distinguish this writing with structure operations.
Therefore, you can only use the previous writing in operations manipulating
symbols ({break|watch}points, type information command...).
2.6.11. Debug channels
It is possible to turn on and off debug messages as you are debuging using
the set command.
set + warn win => turn on warn on 'win' channel
set + win => turn on warn/fixme/err/trace on 'win' channel
set - win => turn off warn/fixme/err/trace on 'win' channel
set - fixme => turn off the 'fixme' class
|