Windows 10 使用WinDbgX进行时间旅行调试,如何启动它?
使用WinDbg预览(又名WinDbgX)——即商店应用程序——我们可以选择使用(TTD)。我以前在Linux上使用过GDB中的相应功能,在旧的Windows 10点版本上只尝试过一次 现在我正试图在Windows1020H2(应用了最新补丁)上实现这一点,当然这需要提升。然而,就我的一生而言,我不知道如何开始使用TTD 当我尝试时,会出现以下错误:Windows 10 使用WinDbgX进行时间旅行调试,如何启动它?,windows-10,windbg,Windows 10,Windbg,使用WinDbg预览(又名WinDbgX)——即商店应用程序——我们可以选择使用(TTD)。我以前在Linux上使用过GDB中的相应功能,在旧的Windows 10点版本上只尝试过一次 现在我正试图在Windows1020H2(应用了最新补丁)上实现这一点,当然这需要提升。然而,就我的一生而言,我不知道如何开始使用TTD 当我尝试时,会出现以下错误: --------------------------- Fatal error --------------------------- Windo
---------------------------
Fatal error
---------------------------
WindowsDebugger.WindowsDebuggerException: Could not load dbghelp.dll from C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2103.1004.0_neutral__8wekyb3d8bbwe\amd64 : System.ComponentModel.Win32Exception (0x80004005): Access is denied
at DbgX.DbgEngModule.LoadLibraryFromDirectory(String directory, String library)
at DbgX.DbgEngModule.LoadDbgEngModule()
at DbgX.EngineThread.ThreadProc()
---------------------------
OK
---------------------------
C:\Program Files\WindowsApps对于其他遇到这个问题的人来说,有一个变通方法——然而——破坏了应用程序容器的整个概念(但它是有效的)。如果使用诸如
psexecnt authority\systemC:\Program Files\WindowsAppsDbgX.Shell.exe按windows键+s
键入windbg预览
右键单击runas administrator 编辑 您还可以尝试使用runas/user:{machine}\Administrator windbgx,如下所示 您可以在%userpath%中阅读有关重解析点和添加这些ExecutionAlias路径的一些详细信息 使用DeviceIoControl()转储重分析点的示例代码
您还可以使用fsutil repassepoints query filename获取此数据 main()
#包括
#包括
void hextump(无符号字符*buff,整数大小);
int main(int argc,char*argv[])
{
如果(argc==2)
{
if(GetFileAttributesA(argv[1])&文件属性重分析点)
{
HANDLE hFile=CreateFileA(argv[1],泛型\u读取,0,NULL,打开\u现有,
文件\属性\正常\文件\标志\打开\重新分析\点,空);
if(hFile!=无效的句柄值)
{
printf(“打开了重新分析点%p\n”,hFile);
无符号字符重分组buff[0x1000]={0};
DWORD字节返回=0;
BOOL dcret=DeviceIoControl(hFile,FSCTL\u GET\u repasse\u POINT,NULL,0,
reparsebuff,0x1000,&字节返回,NULL);
如果(dcret)
{
printf(“返回%x字节\n”,字节返回);
hextump(reparsebuff,bytesfurned);
}
}
}
返回0;
}
printf(“用法%s”,argv[0]);
退出过程(0);
}
void hextump(无符号字符*buff,整数大小)
{
int j=0;
而(j126)
{
printf(“.”);
}
其他的
{
printf(“%c”,buff[i]);
}
}
printf(“\n”);
j=j+16;
}
}
:\>cl /Zi /analyze /W4 /EHsc /Od /nologo reparsedumper.cpp /link /release
reparsedumper.cpp
:\>reparsedumper.exe
usage reparsedumper.exe <path to a reparse file like windbgx.exe>
:\>reparsedumper.exe "c:\Users\xxxxx\AppData\Local\Microsoft\WindowsApps\WinDbgX.exe"
opened the reparse point 00000000000000A8
returned 172 bytes
1b 00 00 80 6a 01 00 00 03 00 00 00 4d 00 69 00 . . . . j . . . . . . . M . i .
63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 c . r . o . s . o . f . t . . .
57 00 69 00 6e 00 44 00 62 00 67 00 5f 00 38 00 W . i . n . D . b . g . _ . 8 .
77 00 65 00 6b 00 79 00 62 00 33 00 64 00 38 00 w . e . k . y . b . 3 . d . 8 .
62 00 62 00 77 00 65 00 00 00 4d 00 69 00 63 00 b . b . w . e . . . M . i . c .
72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 57 00 r . o . s . o . f . t . . . W .
69 00 6e 00 44 00 62 00 67 00 5f 00 38 00 77 00 i . n . D . b . g . _ . 8 . w .
65 00 6b 00 79 00 62 00 33 00 64 00 38 00 62 00 e . k . y . b . 3 . d . 8 . b .
62 00 77 00 65 00 21 00 4d 00 69 00 63 00 72 00 b . w . e . ! . M . i . c . r .
6f 00 73 00 6f 00 66 00 74 00 2e 00 57 00 69 00 o . s . o . f . t . . . W . i .
6e 00 44 00 62 00 67 00 00 00 43 00 3a 00 5c 00 n . D . b . g . . . C . : . \ .
50 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 P . r . o . g . r . a . m . .
46 00 69 00 6c 00 65 00 73 00 5c 00 57 00 69 00 F . i . l . e . s . \ . W . i .
6e 00 64 00 6f 00 77 00 73 00 41 00 70 00 70 00 n . d . o . w . s . A . p . p .
73 00 5c 00 4d 00 69 00 63 00 72 00 6f 00 73 00 s . \ . M . i . c . r . o . s .
6f 00 66 00 74 00 2e 00 57 00 69 00 6e 00 44 00 o . f . t . . . W . i . n . D .
62 00 67 00 5f 00 31 00 2e 00 32 00 30 00 30 00 b . g . _ . 1 . . . 2 . 0 . 0 .
37 00 2e 00 36 00 30 00 30 00 31 00 2e 00 30 00 7 . . . 6 . 0 . 0 . 1 . . . 0 .
5f 00 6e 00 65 00 75 00 74 00 72 00 61 00 6c 00 _ . n . e . u . t . r . a . l .
5f 00 5f 00 38 00 77 00 65 00 6b 00 79 00 62 00 _ . _ . 8 . w . e . k . y . b .
33 00 64 00 38 00 62 00 62 00 77 00 65 00 5c 00 3 . d . 8 . b . b . w . e . \ .
44 00 62 00 67 00 58 00 2e 00 53 00 68 00 65 00 D . b . g . X . . . S . h . e .
6c 00 6c 00 2e 00 65 00 78 00 65 00 00 00 30 00 l . l . . . e . x . e . . . 0 .
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . . . . . . . . . .
:\>
:\>cl/Zi/analyze/W4/EHsc/Od/nologo repassetumper.cpp/link/release
reparsedumper.cpp
:\>reparsedumper.exe
使用reparsedumper.exe
:\>reparsedumper.exe“c:\Users\xxxxx\AppData\Local\Microsoft\WindowsApps\WinDbgX.exe”
打开重新分析点00000000000000 A8
返回172字节
1b 00 00 80 6a 01 00 00 03 00 00 00 00 00 4d 00 69 00…j…M.i。
63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 c.r.o.s.o.f.t。
57 00 69 00 6e 00 44 00 62 00 67 00 5f 00 38 00 W.i.n.D.b.g.\u8。
77 00 65 00 6b 00 79 00 62 00 33 00 64 00 38 00 w.e.k.y.b.3.d.8。
62 00 62 00 77 00 65 00 00 00 4d 00 69 00 63 00 b.b.w.e...M.i.c。
72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 57 00 r.o.s.o.f.t…W。
69 00 6e 00 44 00 62 00 67 00 5f 00 38 00 77 00 i.n.D.b.g.\u8.w。
65 00 6b 00 79 00 62 00 33 00 64 00 38 00 62 00 e.k.y.b.3.d.8.b。
62 00 77 00 65 00 21 00 4d 00 69 00 63 00 72 00 b.w.e.!.M.i.c.r。
6f 00 73 00 6f 00 66 00 74 00 2e 00 57 00 69 00 o.s.o.f.t…W.i。
6e 00 44 00 62 00 67 00 00 00 43 00 3a 00 5c 00 n.D.b.g…C.:\。
50 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 P.r.o.g.r.a.m。
46 00 69 00 6c 00 65 00 73 00 5c 00 57 00 69 00 F.i.l.e.s.\.W.i。
6e 00 64 00 6f 00 77 00 73 00 41 00 70 00 70 00 n.d.o.w.s.A.p.p。
73 00 5c 00 4d 00 69 00 63 00 72 00 6f 00 73 00 s.\.M.i.c.r.o.s。
6f 0066 0074 002E 0057 0069 006E 0044 00O.f.t.....西印度洋。
620067005F0031002E002300300BG.uu1…2.0.0。
370002E03600300300031002E0030007…6.0.0.1…0。
5f 00 6e 00 65 00 75 00 74 00 72 00 61 00 6c 00 u.n.e.u.t.r.a.l。
5f 00 5f 00 38 00 77 00 65 00 6b 00 79 00 62 00 u.8 w.e.k.y.b。
33 00 64 00 38 00 62 00 62 00 77 00 65 00 5c 00 3.d.8.b.b.w.e.\。
44 00 62 00 67 00 58 00 2e 00 53 00 68 00 65 00 D.b.g.X…S.h.e。
6c 00 6c 00 2e 00 65 00 78 00 65 00 00 30 00 l.l…e.x.e…0。
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . . . . . . . . . .
:\>
void hexdump(unsigned char *buff, int size)
{
int j = 0;
while (j < size)
{
for (int i = j; i < j + 16; i++)
{
printf("%02x ", buff[i]);
}
printf("\t");
for (int i = j; i < j + 16; i++)
{
if (buff[i] < 32 || buff[i] > 126)
{
printf(". ");
}
else
{
printf("%c ", buff[i]);
}
}
printf("\n");
j = j + 16;
}
}
:\>cl /Zi /analyze /W4 /EHsc /Od /nologo reparsedumper.cpp /link /release
reparsedumper.cpp
:\>reparsedumper.exe
usage reparsedumper.exe <path to a reparse file like windbgx.exe>
:\>reparsedumper.exe "c:\Users\xxxxx\AppData\Local\Microsoft\WindowsApps\WinDbgX.exe"
opened the reparse point 00000000000000A8
returned 172 bytes
1b 00 00 80 6a 01 00 00 03 00 00 00 4d 00 69 00 . . . . j . . . . . . . M . i .
63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 c . r . o . s . o . f . t . . .
57 00 69 00 6e 00 44 00 62 00 67 00 5f 00 38 00 W . i . n . D . b . g . _ . 8 .
77 00 65 00 6b 00 79 00 62 00 33 00 64 00 38 00 w . e . k . y . b . 3 . d . 8 .
62 00 62 00 77 00 65 00 00 00 4d 00 69 00 63 00 b . b . w . e . . . M . i . c .
72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 57 00 r . o . s . o . f . t . . . W .
69 00 6e 00 44 00 62 00 67 00 5f 00 38 00 77 00 i . n . D . b . g . _ . 8 . w .
65 00 6b 00 79 00 62 00 33 00 64 00 38 00 62 00 e . k . y . b . 3 . d . 8 . b .
62 00 77 00 65 00 21 00 4d 00 69 00 63 00 72 00 b . w . e . ! . M . i . c . r .
6f 00 73 00 6f 00 66 00 74 00 2e 00 57 00 69 00 o . s . o . f . t . . . W . i .
6e 00 44 00 62 00 67 00 00 00 43 00 3a 00 5c 00 n . D . b . g . . . C . : . \ .
50 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 P . r . o . g . r . a . m . .
46 00 69 00 6c 00 65 00 73 00 5c 00 57 00 69 00 F . i . l . e . s . \ . W . i .
6e 00 64 00 6f 00 77 00 73 00 41 00 70 00 70 00 n . d . o . w . s . A . p . p .
73 00 5c 00 4d 00 69 00 63 00 72 00 6f 00 73 00 s . \ . M . i . c . r . o . s .
6f 00 66 00 74 00 2e 00 57 00 69 00 6e 00 44 00 o . f . t . . . W . i . n . D .
62 00 67 00 5f 00 31 00 2e 00 32 00 30 00 30 00 b . g . _ . 1 . . . 2 . 0 . 0 .
37 00 2e 00 36 00 30 00 30 00 31 00 2e 00 30 00 7 . . . 6 . 0 . 0 . 1 . . . 0 .
5f 00 6e 00 65 00 75 00 74 00 72 00 61 00 6c 00 _ . n . e . u . t . r . a . l .
5f 00 5f 00 38 00 77 00 65 00 6b 00 79 00 62 00 _ . _ . 8 . w . e . k . y . b .
33 00 64 00 38 00 62 00 62 00 77 00 65 00 5c 00 3 . d . 8 . b . b . w . e . \ .
44 00 62 00 67 00 58 00 2e 00 53 00 68 00 65 00 D . b . g . X . . . S . h . e .
6c 00 6c 00 2e 00 65 00 78 00 65 00 00 00 30 00 l . l . . . e . x . e . . . 0 .
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . . . . . . . . . .
:\>