NTSD简介
?
前言:既然Drwtsn32存在若干缺陷,需要尋找新的技術替代Drwtsn32。NTSD是一個不錯的選擇。本文將從Drwtsn32的幾個缺點,分別介紹NTSD中?的解決方法。主要介紹以下三個方面的內容:
1、NTSD配置
2、NTSD優點
3、NTSD缺點
一、 NTSD配置
There are two options to deploy NTSD!
Option 1-Share Model
所有的應用程序異常崩潰都用調用的方式,drwtsn32一樣,修改注冊表中Debugger的值為:
C:/WINDOWS/system32/ntsd.exe -p %ld -e %ld -g -c ".dump D:/Dump/jit.dmp;q"
其中第一個路徑為ntsd.exe程序目錄,最后一個路徑為生成的dmp文件存儲路徑,該目錄必須存在,否則文件將生成失敗。
圖1.1 Share Model 參數設置
?
Option 2-Unshared Model
為特定某個應用程序崩潰指定調試程序,在鍵
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WindowsNT/CurrentVersion/Image File Execution Options下建一個項;比如為GPTLog進行特殊設置,取名為GPTLog.EXE,而后增加Debugger鍵,類型為string,鍵值為:
C:/WINDOWS/system32/ntsd.exe -g -c ".dump D:/Dump/jit.dmp;q"
圖1.2 UnShared Mode 參數設置
Note: If value name Debugger doesn’t exist under the new key, create it; if path of NTSD contains space, a quote is needed.
二、NTSD優點
??? NTSD可以解決 drwtsn32中的所有缺陷!
1、? JIT debugging under any user account(在任何帳戶下可以使用)
-noio 命令行參數,允許任何用戶訪問WinSta0,使其可以使用ntsd,修改后命令:
C:/WINDOWS/system32/ntsd.exe -p %ld -e %ld -g -noio -c ".dump D:/Dump/jit.dmp;q"
????????
2、? Crash dump files with unique names(生成唯一的dmp文件名)
If we use /u option with .dump command, the command will create a crash dump with unique name (based on the specified file name, current date and time, and some additional information; for example, jit_0648_2005-06-13_23-42-49-834_0638.dmp). Here is the new command line:
C:/WINDOWS/system32/ntsd.exe -p %ld -e %ld -g -noio -c ".dump –u D:/Dump/jit.dmp;q"
?
3、? Customizing the minidump format(定制minidump格式)
Other options of .dump command allow to customize the format and contents of the minidump. Complete list can be found in Debugging Tools' documentation (search for .dump command), and here I will show the most popular ones:
/f
Full user dump (old format, not recommended)
/m
Standard minidump (equivalent of MiniDumpNormal minidump type; this option is used by default)
/ma
Minidump with all possible options (memory, handles, unloaded modules, etc.)
/mFhutwd
Minidump with data sections, non-shared read/write memory pages and other useful information (my personal favorite when size of the minidump is important)
?
You can Find more information about contents of minidumps in this article:
http://www.debuginfo.com/articles/ntsdwatson.html#jitregister
and here is the new command line that creates a minidump with as much information as possible:
c:/dbgtools/ntsd.exe -p %ld -e %ld -g -noio -c ".dump /ma /u D:/dumps/jit.dmp;q"
????????
4、? Sending notifications(發送告示)
Finally, let's notify ourselves when an application crashes on another system in the network (e.g. in test lab). NTSD makes it possible with the help of !net_send command, which allows to send a message to another computer over the network. This command line takes the following parameters:
!net_send SenderMachine TargetMachine SenderMachine MessageText
Assuming that NTSD is running on the computer called TestPc, and we want to send a message to the computer called DevPc, the command would look like this:
c:/dbgtools/ntsd.exe -p %ld -e %ld -g -noio -c ".dump /ma /u D:/dumps/jit.dmp;!net_send TestPc DevPc TestPc Crash dump created;q"
;q 表示退出Dos窗口
三、NTSD缺點
這也是drwtsn32(Dr. Watson)的一個優點,drwtsn32被安裝于到現在為止的所有操作系統。NTSD也存在于以Windows NT為內核的操作系統中,但在大多數操作系統中存在的是她的老版本,不支持此處討論的絕大部分參數。然而,NTSD仍是JIT(Just In Time) Debugger的強有力的競爭者之一。
?
參考文章:
http://blog.csdn.net/yeming81/archive/2008/05/03/2370803.aspx
http://www.debuginfo.com/articles/ntsdwatson.html
?
總結
- 上一篇: 十二国记的经典名句
- 下一篇: 第十一期:30秒内便能学会的30个实用P