Table 1-1. WineDbg's misc. commands
| abort | aborts the debugger |
| quit | exits the debugger |
| attach N | attach to a W-process (N is its ID, numeric or hexadecimal (0xN)). IDs can be obtained using the info process command. Note the info process command returns hexadecimal values. |
| detach | detach from a W-process. |
| help | prints some help on the commands |
| help info | prints some help on info commands |
Table 1-2. WineDbg's flow control commands
| cont, c | continue execution until next breakpoint or exception. |
| pass | pass the exception event up to the filter chain. |
| step, s | continue execution until next 'C' line of code (enters function call) |
| next, n | continue execution until next 'C' line of code (doesn't enter function call) |
| stepi, si | execute next assembly instruction (enters function call) |
| nexti, ni | execute next assembly instruction (doesn't enter function call) |
| finish, f | execute until current function is exited |
cont, step, next, stepi, nexti can be postfixed by a number (N), meaning that the command must be executed N times.
Table 1-3. WineDbg's break & watch points
| enable N | enables (break|watch)point #N |
| disable N | disables (break|watch)point #N |
| delete N | deletes (break|watch)point #N |
| cond N | removes any existing condition to (break|watch)point N |
| cond N <expr> | adds condition <expr> to (break|watch)point N. <expr> will be evaluated each time the breakpoint is hit. If the result is a zero value, the breakpoint isn't triggered |
| break * N | adds a breakpoint at address N |
| break <id> | adds a breakpoint at the address of symbol <id> |
| break <id> N | adds a breakpoint at the address of symbol <id> (N ?) |
| break N | adds a breakpoint at line N of current source file |
| break | adds a breakpoint at current $PC address |
| watch * N | adds a watch command (on write) at address N (on 4 bytes) |
| watch <id> | adds a watch command (on write) at the address of symbol <id> |
| info break | lists all (break|watch)points (with state) |
You can use the symbol EntryPoint to stand for the entry point of the Dll.
When setting a break/watch-point by <id>, if the symbol cannot be found (for example, the symbol is contained in a not yet loaded module), winedbg will recall the name of the symbol and will try to set the breakpoint each time a new module is loaded (until it succeeds).
Table 1-4. WineDbg's stack manipulation
| bt | print calling stack of current thread |
| bt N | print calling stack of thread of ID N (note: this doesn't change the position of the current frame as manipulated by the up and dn commands) |
| up | goes up one frame in current thread's stack |
| up N | goes up N frames in current thread's stack |
| dn | goes down one frame in current thread's stack |
| dn N | goes down N frames in current thread's stack |
| frame N | set N as the current frame for current thread's stack |
| info local | prints information on local variables for current function frame |
Table 1-5. WineDbg's directory & source file manipulation
| show dir | prints the list of dir:s where source files are looked for |
| dir <pathname> | adds <pathname> to the list of dir:s where to look for source files |
| dir | deletes the list of dir:s where to look for source files |
| symbolfile <pathname> | loads external symbol definition |
| symbolfile <pathname> N | loads external symbol definition (applying an offset of N to addresses) |
| list | lists 10 source lines forwards from current position |
| list - | lists 10 source lines backwards from current position |
| list N | lists 10 source lines from line N in current file |
| list <path>:N | lists 10 source lines from line N in file <path> |
| list <id> | lists 10 source lines of function <id> |
| list * N | lists 10 source lines from address N |
You can specify the end target (to change the 10 lines value) using the ','. For example:
A display is an expression that's evaluated and printed after the execution of any winedbg command.
Table 1-7. WineDbg's displays
| display, info display | lists the active displays |
| display <expr> | adds a display for expression <expr> |
| display /fmt <expr> | adds a display for expression <expr>. Printing evaluated <expr> is done using the given format (see print command for more on formats) |
| del display N, undisplay N | deletes display #N |
Table 1-9. WineDbg's memory management
| x <expr> | examines memory at <expr> address |
| x /fmt <expr> | examines memory at <expr> address using format /fmt |
| print <expr> | prints the value of <expr> (possibly using its type) |
| print /fmt <expr> | prints the value of <expr> (possibly using its type) |
| set <lval> = <expr> | writes the value of <expr> in <lval> |
| whatis <expr> | prints the C type of expression <expr> |
/fmt is either /<letter> or /<count><letter> letter can be
| s | an ASCII string |
| u | an Unicode UTF16 string |
| i | instructions (disassemble) |
| x | 32 bit unsigned hexadecimal integer |
| d | 32 bit signed decimal integer |
| w | 16 bit unsigned hexadecimal integer |
| c | character (only printable 0x20-0x7f are actually printed) |
| b | 8 bit unsigned hexadecimal integer |
| g | GUID |
Table 1-10. WineDbg's Win32 objects management
| info class | lists all Windows' classes registered in Wine |
| info class <id> | prints information on Windows's class <id> |
| info share; | lists all the dynamic libraries loaded in the debugged program (including .so files, NE and PE DLLs) |
| info share <N>; | prints information on module at address <N> |
| info regs; | prints the value of the CPU registers |
| info segment <N>; | prints information on segment <N> (i386 only) |
| info segment; | lists all allocated segments (i386 only) |
| info stack; | prints the values on top of the stack |
| info map; | lists all virtual mappings used by the debugged program |
| info map <N> | lists all virtual mappings used by the program of pid <N> |
| info wnd <N> | prints information of Window of handle <N> |
| info wnd | lists all the window hierarchy starting from the desktop window |
| info process | lists all w-processes in Wine session |
| info thread | lists all w-threads in Wine session |
| info exception | lists the exception frames (starting from current stack frame) |
It is possible to turn on and off debug messages as you are debugging using the set command. See Chapter 8 for more details on debug channels.