如何将 WinDbg 附加到 Windows Docker 容器内的进程 运行?
How can you attach WinDbg to a process running inside a Windows Docker Container?
如何将 WinDbg 附加到 Windows Docker 容器内的进程 运行?
我试过用谷歌搜索它,但一切似乎都使用 Visual Studio 来做到这一点。我只想使用 WinDbg 或类似的东西来快速分析主机上的进程 运行。
第一次使用 Docker,所以这可能不是您想要的
我不做 c# asp.net iis 东西,Docker 似乎因
而闻名
所以开始了
安装 Docker 桌面
C:\>docker version
Client: Docker Engine - Community
Version: 20.10.2
API version: 1.41
Go version: go1.13.15
Git commit: 2291f61
Built: Mon Dec 28 16:14:16 2020
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.2
API version: 1.41 (minimum version 1.24)
Go version: go1.13.15
Git commit: 8891c58
Built: Mon Dec 28 16:26:48 2020
OS/Arch: windows/amd64
Experimental: false
浏览入门
docker run -d -p 80:80 docker/getting-started
拉 Microsoft/nanoserver:1803
C:\>docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
microsoft/nanoserver 1803 65194053090c 11 months ago 378MB
运行 后台分离容器与名称交互
C:\>docker run -d -it --name="mydoc" microsoft/nanoserver:1803
23b9265196659cc073bc05ec81f6b58be465db6e305645e1af13c5831c0ca4e3
停下来
C:\>docker stop mydoc
mydoc
复制 windbg x64 文件夹和 /MT 编译的控制台 c++ printf 应用程序进行测试
C:\>docker cp d:\doc_trans\ mydoc:c:\
启动容器
C:\>docker start mydoc
mydoc
在应用程序上执行 cdb
C:\>docker exec -it mydoc "c:\doc_trans\x64\cdb.exe" c:\doc_trans\printf.exe
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: c:\doc_trans\printf.exe
Symbol search path is: srv*
Executable search path is:
ModLoad: 00007ff7`76420000 00007ff7`76487000 printf.exe
ModLoad: 00007ff8`86e60000 00007ff8`87041000 ntdll.dll
ModLoad: 00007ff8`84290000 00007ff8`84503000 C:\Windows\System32\KERNELBASE.dll
ModLoad: 00007ff8`83b20000 00007ff8`83b45000 C:\Windows\SYSTEM32\forwarders\KERNEL32.dll
ModLoad: 00007ff8`83fd0000 00007ff8`84017000 C:\Windows\System32\kernel32legacy.dll
(660.664): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
ntdll!LdrInitShimEngineDynamic+0x34c:
00007ff8`86f2c8bc cc int 3
0:000> g 00007ff7`76420000+1000
*** ERROR: Module load completed but symbols could not be loaded for printf.exe
printf+0x1000:
00007ff7`76421000 4883ec28 sub rsp,28h
0:000> uf .
printf+0x1000:
00007ff7`76421000 4883ec28 sub rsp,28h
00007ff7`76421004 488d0d35c30400 lea rcx,[printf+0x4d340 (00007ff7`7646d340)]
00007ff7`7642100b e870000000 call printf+0x1080 (00007ff7`76421080)
00007ff7`76421010 33c0 xor eax,eax
00007ff7`76421012 4883c428 add rsp,28h
00007ff7`76421016 c3 ret
0:000> t
printf+0x1004:
00007ff7`76421004 488d0d35c30400 lea rcx,[printf+0x4d340 (00007ff7`7646d340)]
0:000> t
printf+0x100b:
00007ff7`7642100b e870000000 call printf+0x1080 (00007ff7`76421080)
0:000> da @rcx
00007ff7`7646d340 "hello jmp far."
0:000>
如何将 WinDbg 附加到 Windows Docker 容器内的进程 运行? 我试过用谷歌搜索它,但一切似乎都使用 Visual Studio 来做到这一点。我只想使用 WinDbg 或类似的东西来快速分析主机上的进程 运行。
第一次使用 Docker,所以这可能不是您想要的
我不做 c# asp.net iis 东西,Docker 似乎因
所以开始了
安装 Docker 桌面
C:\>docker version
Client: Docker Engine - Community
Version: 20.10.2
API version: 1.41
Go version: go1.13.15
Git commit: 2291f61
Built: Mon Dec 28 16:14:16 2020
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.2
API version: 1.41 (minimum version 1.24)
Go version: go1.13.15
Git commit: 8891c58
Built: Mon Dec 28 16:26:48 2020
OS/Arch: windows/amd64
Experimental: false
浏览入门
docker run -d -p 80:80 docker/getting-started
拉 Microsoft/nanoserver:1803
C:\>docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
microsoft/nanoserver 1803 65194053090c 11 months ago 378MB
运行 后台分离容器与名称交互
C:\>docker run -d -it --name="mydoc" microsoft/nanoserver:1803
23b9265196659cc073bc05ec81f6b58be465db6e305645e1af13c5831c0ca4e3
停下来
C:\>docker stop mydoc
mydoc
复制 windbg x64 文件夹和 /MT 编译的控制台 c++ printf 应用程序进行测试
C:\>docker cp d:\doc_trans\ mydoc:c:\
启动容器
C:\>docker start mydoc
mydoc
在应用程序上执行 cdb
C:\>docker exec -it mydoc "c:\doc_trans\x64\cdb.exe" c:\doc_trans\printf.exe
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: c:\doc_trans\printf.exe
Symbol search path is: srv*
Executable search path is:
ModLoad: 00007ff7`76420000 00007ff7`76487000 printf.exe
ModLoad: 00007ff8`86e60000 00007ff8`87041000 ntdll.dll
ModLoad: 00007ff8`84290000 00007ff8`84503000 C:\Windows\System32\KERNELBASE.dll
ModLoad: 00007ff8`83b20000 00007ff8`83b45000 C:\Windows\SYSTEM32\forwarders\KERNEL32.dll
ModLoad: 00007ff8`83fd0000 00007ff8`84017000 C:\Windows\System32\kernel32legacy.dll
(660.664): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
ntdll!LdrInitShimEngineDynamic+0x34c:
00007ff8`86f2c8bc cc int 3
0:000> g 00007ff7`76420000+1000
*** ERROR: Module load completed but symbols could not be loaded for printf.exe
printf+0x1000:
00007ff7`76421000 4883ec28 sub rsp,28h
0:000> uf .
printf+0x1000:
00007ff7`76421000 4883ec28 sub rsp,28h
00007ff7`76421004 488d0d35c30400 lea rcx,[printf+0x4d340 (00007ff7`7646d340)]
00007ff7`7642100b e870000000 call printf+0x1080 (00007ff7`76421080)
00007ff7`76421010 33c0 xor eax,eax
00007ff7`76421012 4883c428 add rsp,28h
00007ff7`76421016 c3 ret
0:000> t
printf+0x1004:
00007ff7`76421004 488d0d35c30400 lea rcx,[printf+0x4d340 (00007ff7`7646d340)]
0:000> t
printf+0x100b:
00007ff7`7642100b e870000000 call printf+0x1080 (00007ff7`76421080)
0:000> da @rcx
00007ff7`7646d340 "hello jmp far."
0:000>