Hi all,
I am new to windbg, I used to use softice for debugging.
I leant that command ~ can show all threads, but it outputs in my windbg:
0: kd> ~
^ Syntax error in ‘~’
Could someone please tell me why?
Regards
Haibo
The ~ command is different between user mode and kernel mode debug session.
In a user mode debug session, ~ is used for switching/viewing thread state:
0:000> ~
. 0 Id: fc8.d14 Suspend: 1 Teb: 7efdd000 Unfrozen
1 Id: fc8.fc0 Suspend: 1 Teb: 7efda000 Unfrozen
2 Id: fc8.fa8 Suspend: 1 Teb: 7efd7000 Unfrozen
3 Id: fc8.fb4 Suspend: 1 Teb: 7efaf000 Unfrozen
4 Id: fc8.938 Suspend: 1 Teb: 7efac000 Unfrozen
In a kernel mode debug session, ~ is used to switch processors:
1: kd> r
eax=f86df13c ebx=00000002 ecx=00000001 edx=00000000 esi=f86df120
edi=afbcb8fa
eip=8088bdd3 esp=ba765a14 ebp=ba765a2c iopl=0 nv up ei ng nz na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000286
nt!KiTrap0E+0x2a7:
8088bdd3 833da0628a8000 cmp dword ptr [nt!KiFreezeFlag (808a62a0)],0
ds:0023:808a62a0=00000000
1: kd> ~0
0: kd> r
eax=00000000 ebx=ffaab7a0 ecx=00000000 edx=00000000 esi=ffaab790
edi=80a56be4
eip=80932c84 esp=ba13f5e4 ebp=ba13f5f0 iopl=0 nv up ei pl zr na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000246
nt!ObpRemoveObjectRoutine+0xde:
80932c84 8b4d08 mov ecx,dword ptr [ebp+8]
ss:0010:ba13f5f8=ffaab7b8
If you want to see every thread in a kernel debug session you can do a
!process 0 7 (which will take a while). If you just want the threads in a
particular process you can do !process 0 0 to get the process list and then
!process 7
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
“Haibo” wrote in message news:xxxxx@windbg…
Hi all,
I am new to windbg, I used to use softice for debugging.
I leant that command ~ can show all threads, but it outputs in my windbg:
0: kd> ~
^ Syntax error in ‘~’
Could someone please tell me why?
Regards
Haibo
Thank you very much, Scott.
Now I have a thread id return by PsGetCurrentThreadId. I break into windbg by Ctl+Break in a random context. Then how can I watch the stack of that thread? like “stack xxx” in softice.
!thread xxx (shows stack)
And
…thread xxx (switches context)
d
Sent from my phone with no t9, all spilling mistakes are not intentional.
-----Original Message-----
From: xxxxx@hotmail.com
Sent: Thursday, May 07, 2009 7:49 AM
To: Kernel Debugging Interest List
Subject: RE:[windbg] About command ~
Thank you very much, Scott.
Now I have a thread id return by PsGetCurrentThreadId. I break into windbg by Ctl+Break in a random context. Then how can I watch the stack of that thread? like “stack xxx” in softice.
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
If you have a thread HANDLE you’ll need to use !handle to convert it to an
ETHREAD address then feed that to !thread or .thread (as Doron mentioned).
You’ll save yourself some hassle if you change the code to call
PsGetCurrentThread so that you get the ETHREAD address directly.
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@windbg…
> Thank you very much, Scott.
> Now I have a thread id return by PsGetCurrentThreadId. I break into windbg
> by Ctl+Break in a random context. Then how can I watch the stack of that
> thread? like “stack xxx” in softice.
>
Got it, thanks.
Regards
Haibo
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: Friday, May 08, 2009 1:50 AM
To: Kernel Debugging Interest List
Subject: Re:[windbg] About command ~
If you have a thread HANDLE you’ll need to use !handle to convert it to an
ETHREAD address then feed that to !thread or .thread (as Doron mentioned).
You’ll save yourself some hassle if you change the code to call
PsGetCurrentThread so that you get the ETHREAD address directly.
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@windbg…
> Thank you very much, Scott.
> Now I have a thread id return by PsGetCurrentThreadId. I break into windbg
> by Ctl+Break in a random context. Then how can I watch the stack of that
> thread? like “stack xxx” in softice.
>
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer