NAME
winedbg - Wine's debugger
SYNOPSIS
winedbg [ options ] [ program name [ program arguments ] | pid ]
winedbg --gdb [ options ] [ program name [ program arguments ] | pid ]
winedbg --auto pid
winedbg --minidump [ file.mdmp ] pid
winedbg file.mdmp
DESCRIPTION
winedbg is a debugger for Wine. It allows:
+ debugging native Win32 applications
+ debugging Winelib applications.
+ being a drop-in replacement for Dr Watson
MODES
winedbg can be used in five modes. The first argument to the program
determines the mode winedbg will run in.
default
Without any explicit mode, this is standard winedbg operating
mode. winedbg will act as the front end for the user.
--gdb winedbg will be used as a proxy for gdb. gdb will be the front
end for command handling, and winedbg will proxy all debugging
requests from gdb to the Win32 APIs.
--auto This mode is used when winedbg is set up in AeDebug registry
entry as the default debugger. winedbg will then display basic
information about a crash. This is useful for users who don't
want to debug a crash, but rather gather relevant information
about the crash to be sent to developers.
--minidump
This mode is similar to the --auto one, except that instead of
printing the information on the screen (as --auto does), it's
saved into a minidump file. The name of the file is either
passed on the command line, or generated by WineDbg when none is
given. This file could later on be reloaded into winedbg for
further examination.
file.mdmp
This mode allows to reload into winedbg the state of a debuggee
which has been saved into a minidump file. See either the
minidump command below, or the --minidump mode.
OPTIONS
When in default mode, the following options are available:
--command <string>
winedbg will execute the command <string> as if it was keyed on
winedbg's command line, and then will exit. This can be handy
for getting the pid of running processes (winedbg --command
"info proc").
--file <filename>
winedbg will execute the list of commands contained in file
<filename> as if they were keyed on winedbg's command line, and
then will exit.
When in gdb proxy mode, the following options are available:
--no-start
gdb will not be automatically started. Relevant information for
starting gdb are printed on screen. This is somehow useful when
not directly using gdb but some graphical front-ends, like ddd
or kgbd.
--with-xterm
This will run gdb in its own xterm instead of using the current
Unix console for textual display.
In all modes, the rest of the command line, when passed, is used to
identify which programs, if any, has to debugged:
program name
This is the name of an executable to start for a debugging
session. winedbg will actually create a process with this
executable. If programs arguments are also given, they will be
used as arguments for creating the process to be debugged.
pid winedbg will attach to the process which pid is pid (pids refer
to Win32 pids, not Unix pids). Use the info proc winedbg command
to list running processes and their Win32 pids.
default
If nothing is specified, you will enter the debugger without any
run nor attached process. You'll have to do the job yourself.
COMMANDS
Default mode, and while reloading a minidump file:
Most of commands used in winedbg are similar to the ones from gdb.
Please refer to the gdb documentations for some more details. See the
gdb differences section later on to get a list of variations from gdb
commands.
Misc. commands
abort Aborts the debugger.
quit Exits the debugger.
attach N
Attach to a Wine-process (N is its ID, numeric or hexadecimal).
IDs can be obtained using the info process command. Note the
info process command returns hexadecimal values
detach Detach from a Wine-process.
Help commands
help Prints some help on the commands.
help info
Prints some help on info commands
Flow control commands
cont Continue execution until next breakpoint or exception.
pass Pass the exception event up to the filter chain.
step Continue execution until next C line of code (enters function
call)
next Continue execution until next C line of code (doesn't enter
function call)
stepi Execute next assembly instruction (enters function call)
nexti Execute next assembly instruction (doesn't enter function call)
finish Execute until return of current function is reached.
cont, step, next, stepi, nexti can be postfixed by a number (N),
meaning that the command must be executed N times before control is
returned to the user.
Breakpoints, watchpoints
enable N
Enables (break|watch)-point #N
disable
Disables (break|watch)-point #N
delete Deletes (break|watch)-point #N
cond N Removes any existing condition to (break|watch)-point N
cond N <expr>
Adds condition <expr> to (break|watch)-point #N. <expr> will be
evaluated each time the (break|watch)-point is hit. If the
result is a zero value, the breakpoint isn't triggered.
break * N
Adds a breakpoint at address N
break <id>
Adds a breakpoint at the address of symbol <id>
break <id> N
Adds a breakpoint at the line N inside symbol <id>.
break N
Adds a breakpoint at line N of current source file.
break Adds a breakpoint at current PC address.
watch * N
Adds a watch command (on write) at address N (on 4 bytes).
watch <id>
Adds a watch command (on write) at the address of symbol <id>.
Size depends on size of <id>.
info break
Lists all (break|watch)-points (with their state).
You can use the symbol EntryPoint to stand for the entry point of the
Dll.
When setting a (break|watch)-point by <id>, if the symbol cannot be
found (for example, the symbol is contained in a not yet loaded
module), winedbg will recall the name of the symbol and will try to set
the breakpoint each time a new module is loaded (until it succeeds).
Stack manipulation
bt Print calling stack of current thread.
bt N Print calling stack of thread of ID N. Note: this doesn't change
the position of the current frame as manipulated by the up & dn
commands).
up Goes up one frame in current thread's stack
up N Goes up N frames in current thread's stack
dn Goes down one frame in current thread's stack
dn N Goes down N frames in current thread's stack
frame N
Sets N as the current frame for current thread's stack.
info locals
Prints information on local variables for current function
frame.
Directory & source file manipulation
show dir
Prints the list of dir:s where source files are looked for.
dir <pathname>
Adds <pathname> to the list of dir:s where to look for source
files
dir Deletes the list of dir:s where to look for source files
symbolfile <pathname>
Loads external symbol definition symbolfile <pathname>
symbolfile <pathname> N
Loads external symbol definition symbolfile <pathname> (applying
an offset of N to addresses)
list Lists 10 source lines forwards from current position.
list - Lists 10 source lines backwards from current position
list N Lists 10 source lines from line #N in current file
list <pathname>:N
Lists 10 source lines from line #N in file <pathname>
list <id>
Lists 10 source lines of function <id>
list * N
Lists 10 source lines from address N
You can specify the end target (to change the 10 lines value) using the
',' separator. For example:
list 123, 234
lists source lines from line 123 up to line 234 in current file
list foo.c:1,56
lists source lines from line 1 up to 56 in file foo.c
Displaying
A display is an expression that's evaluated and printed after the
execution of any winedbg's command.
display
info display
Lists the active displays
display <expr>
Adds a display for expression expr>
display /fmt <expr>
Adds a display for expression <expr>. Printing evaluated
<expr> is done using the given format (see print command
for more on formats)
del display N
undisplay N
Deletes display #N
Disassembly
disas Disassemble from current position
disas <expr>
Disassemble from address <expr>
disas <expr>,<expr>
Disassembles code between addresses specified by the two <expr>:s
Memory (reading, writing, typing)
x <expr>
Examines memory at <expr> address
x /fmt <expr>
Examines memory at <expr> address using format /fmt
print <expr>
Prints the value of <expr> (possibly using its type)
print /fmt <expr>
Prints the value of <expr> (possibly using its type)
set <var> = <expr>
Writes the value of <expr> in <var> variable.
whatis <expr>
Prints the C type of expression <expr>
/fmt is either /<letter> or /<count><letter>. <letter>
can be:
s an ASCII string
u an Unicode UTF16 string
i instructions (disassemble)
x 32 bit unsigned hexadecimal integer
d 32 bit signed decimal integer
w 16 bit unsigned hexadecimal integer
c character (only printable 0x20-0x7f are actually printed)
b 8 bit unsigned hexadecimal integer
g Win32 GUID
Expressions
Expressions in Wine Debugger are mostly written in a C form. However,
there are a few discrepancies:
Identifiers can take a '!' in their names. This allows mainly to
specify a module where to look the module from: USER32!CreateWindowExA.
In cast operation, when specifying a structure or an union, you must
use the struct or union key word (even if your program uses a typedef).
When specifying an identifier <id>, if several symbols with
this name exist, the debugger will prompt for the symbol you want to
use. Pick up the one you want from its number.
Misc.
minidump file.mdmp
saves the debugging context of the debuggee into a minidump file called
file.mdmp
Information on Wine's internals
info class
Lists all Windows' class registered in Wine
info class <id>
Prints information on Windows's class <id>
info share
Lists all the dynamic libraries loaded in the debugged program
(including .so files, NE and PE DLLs)
info share N
Prints information on module at address N
info regs
Prints the value of the CPU registers
info all-regs
Prints the value of the CPU and Floating Point registers
info segment
Lists all allocated segments (i386 only)
info segment N
Prints information on segment N (i386 only)
info stack
Prints the values on top of the stack
info map
Lists all virtual mappings used by the debugged program
info map N
Lists all virtual mappings used by the program of pid N
info wnd
Displays the window hierarchy starting from the desktop window
info wnd N
Prints information of Window of handle N
info process
Lists all w-processes in Wine session
info thread
Lists all w-threads in Wine session
info exception
Lists the exception frames (starting from current stack frame)
It is possible to turn on and off Wine's debug messages as you are
debugging using the set command.
set + warn win
Turns on warn on 'win' channel
set + win
Turns on warn/fixme/err/trace on 'win' channel
set - win
Turns off warn/fixme/err/trace on 'win' channel
set - fixme
Turns off the 'fixme' class on all channels
Gdb mode:
See the gdb documentation for all the gdb commands.
However, a few Wine's extension are available, through the monitor
command:
monitor wnd
Lists all window in the Wine session
monitor proc
Lists all processes in the Wine session
monitor mem
Displays memory mapping of debugged process
Auto and minidump modes:
Since no user input is possible, no commands are available.
ENVIRONMENT
WINE_GDB
When used in gdb proxy mode, WINE_GDB specifies the name (and
the path) of the executable to be used for gdb. "gdb" is used by
default.
FILES
No specific files are used (yet).
BUGS
A lot.
AUTHORS
The first version was written by Eric Youngdale.
See Wine developer's list for the rest of contributors.
SEE ALSO
winedbg's README file
The Winelib User Guide
The Wine Developers Guide