Windbg 预览版 kd dump 命令执行不正确

Windbg preview kd dump command don't perform correctly

我正在使用 Windbg Preview 调试一个普通程序。我正在使用 kd command 转储堆栈, 但我发现它并没有从esp down打印出相应的内存, 由于 r 命令显示 esp 指向 0x29af810,kd 只是向我显示了 0x29af814 及更高版本的内存,我认为单步执行一条指令会使它自行纠正,但它似乎保持不变。这是 Windbg 预览版的已知错误吗?

即使在第一次休息时似乎也会产生错误的答案。

(3f44.87c): Break instruction exception - code 80000003 (first 
chance)
eax=00000000 ebx=00000000 ecx=189c0000 edx=00000000 esi=77d52054 
edi=77d5261c
eip=77df1ba2 esp=005bf984 ebp=005bf9b0 iopl=0         nv up ei pl zr 
na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             
efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2b:
77df1ba2 cc              int     3
0:000> kd 10
005bf9b0  005bfc10
005bf9b4  77dec0a8 ntdll!LdrpInitializeProcess+0x1c98
005bf9b8  c12453e3
005bf9bc  0286d000
005bf9c0  00000000
005bf9c4  02870000
005bf9c8  00640062
005bf9cc  02af2738
005bf9d0  005bfb44
005bf9d4  00000000
005bf9d8  00000201
005bf9dc  00000000
005bf9e0  005bfb40
005bf9e4  00000000
005bf9e8  02af4198
005bf9ec  77e65d00 ntdll!LdrpWorkQueue

kd 从 Frame Offset 或 ChildEBP 打印原始双字(见编辑)
您可以使用 .frame 命令检查帧偏移
@esp 可以不同

你观察到一些不同的东西吗?

0:000> .frame
00 00a3fc94 00f367ba cdb!wmain+0xb
0:000> k 1
ChildEBP RetAddr
00a3fc94 00f367ba cdb!wmain+0xb
0:000> kd 4
00a3fc94  00a3fcd4
00a3fc98  00f367ba cdb!__wmainCRTStartup+0x107
00a3fc9c  00000001
00a3fca0  050f2210
0:000> ?@esp
Evaluate expression: 10746476 = 00a3fa6c
0:000>   

一个随机过程的完整调用堆栈,它的帧或 ChildEBP 和 RegisterContext 中的 esp 寄存器,如果打印如下

0:000> .frame 0
00 00a3fc94 00f367ba cdb!wmain+0xb
0:000> .frame 1
01 00a3fcd4 75346359 cdb!__wmainCRTStartup+0x107
0:000> .frame 2
02 00a3fce4 776687a4 KERNEL32!BaseThreadInitThunk+0x19
0:000> .frame 3
03 00a3fd40 77668774 ntdll!__RtlUserThreadStart+0x2f
0:000> .frame 4
04 00a3fd50 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> .frame 5
Cannot find frame 0x5, previous scope unchanged
04 00a3fd50 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> .frame /c 0 ; kd 2
00 00a3fc94 00f367ba cdb!wmain+0xb
eax=00a40000 ebx=00000000 ecx=00f3f2f8 edx=00000080 esi=00000001 edi=00000000
eip=00f33c99 esp=00a3fa6c ebp=00a3fc94 iopl=0         nv up ei pl nz ac pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000216
cdb!wmain+0xb:
00f33c99 a1448ff300      mov     eax,dword ptr [cdb!__security_cookie (00f38f44)] ds:002b:00f38f44=4d19f94c
00a3fc94  00a3fcd4
00a3fc98  00f367ba cdb!__wmainCRTStartup+0x107
0:000> .frame /c 1 ; kd 2
01 00a3fcd4 75346359 cdb!__wmainCRTStartup+0x107
eax=00a40000 ebx=00000000 ecx=00f3f2f8 edx=00000080 esi=00000001 edi=00000000
eip=00f367ba esp=00a3fc9c ebp=00a3fcd4 iopl=0         nv up ei pl nz ac pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000216
cdb!__wmainCRTStartup+0x107:
00f367ba 83c40c          add     esp,0Ch
00a3fcd4  00a3fce4
00a3fcd8  75346359 KERNEL32!BaseThreadInitThunk+0x19
0:000> .frame /c 2 ; kd 2
02 00a3fce4 776687a4 KERNEL32!BaseThreadInitThunk+0x19
eax=00a40000 ebx=0095f000 ecx=00f3f2f8 edx=00000080 esi=00f368c0 edi=00f368c0
eip=75346359 esp=00a3fcdc ebp=00a3fce4 iopl=0         nv up ei pl nz ac pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000216
KERNEL32!BaseThreadInitThunk+0x19:
75346359 50              push    eax
00a3fce4  00a3fd40
00a3fce8  776687a4 ntdll!__RtlUserThreadStart+0x2f
0:000> .frame /c 3 ; kd 2
03 00a3fd40 77668774 ntdll!__RtlUserThreadStart+0x2f
eax=00a40000 ebx=0095f000 ecx=00f3f2f8 edx=00000080 esi=75346340 edi=00f368c0
eip=776687a4 esp=00a3fcec ebp=00a3fd40 iopl=0         nv up ei pl nz ac pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000216
ntdll!__RtlUserThreadStart+0x2f:
776687a4 e9fea00300      jmp     ntdll!__RtlUserThreadStart+0x3a132 (776a28a7)
00a3fd40  00a3fd50
00a3fd44  77668774 ntdll!_RtlUserThreadStart+0x1b
0:000> .frame /c 4 ; kd 2
04 00a3fd50 00000000 ntdll!_RtlUserThreadStart+0x1b
eax=00a40000 ebx=0095f000 ecx=00f3f2f8 edx=00000080 esi=00000000 edi=00000000
eip=77668774 esp=00a3fd48 ebp=00a3fd50 iopl=0         nv up ei pl nz ac pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000216
ntdll!_RtlUserThreadStart+0x1b:
77668774 cc              int     3
00a3fd50  00000000
00a3fd54  00000000
0:000> .frame /c 5 ; kd 2
Cannot find frame 0x1, previous scope unchanged
04 00a3fd50 00000000 ntdll!_RtlUserThreadStart+0x1b
eax=00a40000 ebx=0095f000 ecx=00f3f2f8 edx=00000080 esi=00000000 edi=00000000
eip=77668774 esp=00a3fd48 ebp=00a3fd50 iopl=0         nv up ei pl nz ac pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000216
ntdll!_RtlUserThreadStart+0x1b:
77668774 cc              int     3
00a3fd50  00000000
00a3fd54  00000000
0:000>