The following is a quick reference list of System Debugger commands, in order of Command Type.
| Command | Command Type | Additional Arguments | Description |
|---|---|---|---|
| ? | print help menu | ||
| ? | <expr> | [h|d|t|o|q|b].<expr> | display expression (h = hex, d or t = decimal, o or q = octal, b = binary) | |
| ? | "printf string", <expr>, <expr>, | printf command | |
| BC | Breakpoint/Step | [<bp list> | *] | clear breakpoint(s) |
| BD | Breakpoint/Step | [<bp list> | *] | disable breakpoint(s) |
| BE | Breakpoint/Step | [<bp list> | *] | enable breakpoint(s) |
| BL | Breakpoint/Step | list breakpoint(s) | |
| BP | Breakpoint/Step | [<bp>] [<addr>] [<passcnt>] ["<bp cmds>"] | set a breakpoint |
| BR | Breakpoint/Step | [<bp>] E|W|R|1|2|4 [<addr>] [<passcnt>] ["<bp cmds>"] | set a Pentium processor debug register (hardware breakpoint). |
| C | Register, Memory, Port | <range> <addr> | compare bytes |
| D | Register, Memory, Port | [<range>] | dump memory |
| DA | Register, Memory, Port | [<range>] | dump asciiz string |
| DB | Register, Memory, Port | [<range>] | dump memory in bytes |
| DD | Register, Memory, Port | [<range>] | dump memory in dwords |
| DG[A] | 80386 Data Structure | [<range>] | dump GDT entries |
| DI[A] | 80386 Data Structure | [<range>] | dump IDT entries |
| DL[A|P|S|H] | 80386 Data Structure | [<range>] | dump LDT entries |
| DP[A|D] | 80386 Data Structure | [<range>] | dump page directory/table entries |
| DT | 80386 Data Structure | [<addr>] | dump TSS |
| DW | Register, Memory, Port | [<range>] | dump memory in words |
| DX | Miscellaneous | dump contents of loadall buffer | |
| E | Register, Memory, Port | <addr> [<list>] | enter memory |
| F | Register, Memory, Port | <range> <list> | fill memory |
| G[S|H||T|Z] | Breakpoint/Step | [=<addr> [<addr> ...]] | go |
| H | Miscellaneous | <word> <word> | hexadd |
| I | Register, Memory, Port | <word> | input a byte from port |
| ID | Register, Memory, Port | <word> | input a dword from port |
| IW | Register, Memory, Port | <word> | input a word from port |
| J | Breakpoint/Step | <expr> [<cmds>] | execute <cmds> if <expr> is true (non-zero) |
| K[V|S|B] | Disassemble / Stack Trace | [<SS:BPaddr>] [<CS:IPaddr>] | stack trace |
| K[V|S|B]T | Disassemble / Stack Trace | [TDB] | task stack trace |
| KA | Disassemble / Stack Trace | <numargs> | set number of stack dump arguments |
| LA | Symbol, Symbol Map | [<mapname>] | list absolute symbols in active maps |
| LG | Symbol, Symbol Map | [<mapname>] | list groups in active maps |
| LM | Symbol, Symbol Map | list linked and active maps | |
| LN | Symbol, Symbol Map | [<addr>] | list near symbols |
| LS | Symbol, Symbol Map | [<addr>] | list symbols in group |
| LSE | Symbol, Symbol Map | <re> | list symbols specified by regular expression |
| M | Register, Memory, Port | <range> <addr> | move |
| O | Register, Memory, Port | <word> <byte> | output a byte to port |
| OD | Register, Memory, Port | <word> <dword> | output a dword to port |
| OW | Register, Memory, Port | <word> <word> | output a word to port |
| P[N|T|Z] | Breakpoint/Step | [=<addr>] [<word>] | program step |
| R[T]|[<reg>] | Register, Memory, Port | [[=] <word>] | Register
The values used in the R cmd for changing the flags register are: FLAG SET CLEAR OverFlow OV NV Direction DN(Decr.) UP(Incr) Interrupt EI(Enabled) DI(Disabled) Sign NG(Neg) PL(Plus) Zero ZR NZ Aux Carry AC NA Parity PE (Even) PO(Odd) Carry CY NC Nested Task NT (toggles) |
| S | Register, Memory, Port | <range> <list> | search |
| T[A|C|N|S|X|Z] | Breakpoint/Step | [=<addr>] [<word>] [<addr>] | trace |
| U | Disassemble / Stack Trace | [<range>] | unassemble |
| V | Miscellaneous | Display debugger version/date | |
| V[1 | 3] | Interrupt Vector | specify rings to intercept a trap vector | |
| V2 | enable/disable NMI trapping in Ring 0 | ||
| VC[N|P|V|R|F] | Interrupt Vector | <byte> ... | stop intercepting trap vector |
| VL[N|P|V|R|F] | Interrupt Vector | list trap vectors intercepted | |
| VO [N|P|R|V] | Interrupt Vector | lists interrupt vectors in the display format based on the newvec option. | |
| VS[N|P|V|R|F] | Interrupt Vector | <byte> ... | intercept trap vector, ring 3 only |
| VT[N|P|V|R|F] | Interrupt Vector | <byte> ... | intercept trap vector, all rings |
| W | Symbol, Symbol Map | [<map name>] | make named map active |
| WA | Symbol, Symbol Map | [<mapname> | *] | add a map to the active list |
| WR | Symbol, Symbol Map | [<mapname> | *] | remove a map from the active list |
| X | Miscellaneous | Dumps a listing of the current execution environment (Bug report info). | |
| Y[?] | Miscellaneous | display/modify debugger options | |
| Z | Breakpoint/Step | zap the previous INT 1 or the current INT 3 with NOP's | |
| ZD | Miscellaneous | execute the default command | |
| ZL | Miscellaneous | list the default command | |
| ZS | Miscellaneous | set the default command |
Dot commands
Dot commands are commands that are directed to the debugger entry point of a corresponding VxD. "System dot commands" are those commands that are always available There are dot commands for several debug binary VxDs. The "Required debug binary .VxD" column indicates the debug binary that must be loaded to use the corresponding dot command(s). Many of the following debugger dot commands first require the installation of their corresponding debug binary VXD version. The following system dot commands are applicable to Windows 95 Version B (OSR2), but are generally the same for Golden Windows 95.
| Command | Additional Argument(s) | Required debug binary .VxD | Description |
|---|---|---|---|
| ..<cmd> | - | Pass "cmd" directly to the VMM | |
| .? | (system) | Prints help message | |
| .<dev_name> | - | Display device (VxD) specific info (if supported by the VxD) | |
| .B | <baud rate> [<port addr>] | (system) | Set COM baud rate/port addr (1 = COM1, 2 = COM2) |
| ..BIOS | BIOS | BIOS (space for help)?
a Show all BIOS devnodes e Dump recent BIOS events l Show List (Show every PCI devnode) s Show selected devnode y Select devnode z Select devnode by index |
|
| .CSP | VMM | Toggles catch stray pointer flag | |
| .DF | (system) | Dumps the free list | |
| .DG | [handle | selector | arena(386)] | (system) | Dumps the global heap |
| .DH | [0 (from top) | -1 (from bottom)] | (system) | Dumps the local heap |
| .DM | (system) | Dumps the Win16 module list | |
| .DOSMGR | - | Dumps various data structures related to real-mode DOS.
[1] Display SFTs [2] Display DPBs [3] Display MCBs (dump the real-mode memory map) [4] Display CDSs [5] Display PDBs (dump the real-mode process map) [6] Display DEVs [7] Display BDSs [8] Display INT 21h status |
|
| .DQ | (system) | Dumps the task queue | |
| .DS | (system) | Dumps protected mode stack with labels. Dumps the VMM stack. Shows the stack pointer value, the DWORD contents and tries to display a code label that is near to each DWORD value. The label dump is sometimes useful for determining what chain of procedures have been executed to get to the current point, but it sometimes displays labels for DWORD values that really don't apply (i.e. 80000028 might display VMM_TEXT:DEBUG_ValidateLinear, when the value may really be from pushing the segment value 28, because pushing a segment value just decrements ESP and doesn't force a zero word for the high word.) So, this command can be useful, but requires some programmer interpretation to identify the correct stack trace. | |
| .DU | (system) | Dumps the LRU list | |
| .I? | IOS | Help menu for IOS commands | |
| .IDCB | <addr> | IOS | Dumps I/O Subsystem Device Control Block structure. |
| .IIOP | <addr> | IOS | Dumps I/O Subsystem I/O Packet structure. |
| .IMED | IOS | Dumps I/O Subsystem Memory Element Descriptor structures. | |
| .IDV | DISKVSD & IOS | Display disk calldown/callup statistics | |
| .ISAPNP | ISAPNP | Display current read data port, followed by information about each ISA bus card (if any). | |
| .LQ | VMM | Displays the queue of messages queued with the macro Queue_Out. | |
| .M | (system) | Dump assorted memory manager structures. Type '.M?' for a list of memory structures, and additional information. | |
| .MEMCHECK | - | Display misc. memory layout | |
| .NTKERN | NTKERN | OSR 2.1 & Windows® 98 WDM (USB etc.) support. Typing this command supplies you with a menu, which includes the ability to dump its debug log ("D"). The debug log displays in LIFO order. | |
| .P | [?] | DEBUGCMD | Debugger tools when DEBUGCMD.VXD is installed (rename DEBUGCMD.TMP to DEBUGCMD.VXD, place it into \WINDOWS\SYSTEM, and load it by putting DEVICE=DEBUGCMD.VXD in the [386Enh] section of the SYSTEM.INI file):
.p? Main help menu .p<cmd>? For more extensive help on a cmd .p lists threads in system .p <*/thread id> lists status of one thread .pf lists threads and their flags .ps <Thread handle/id> Dumps ring 0 stack with labels .psx <Thread handle/id> Dumps 20 lines of ring0 stack and returns .pdev <Address> Finds nearest VXD name .plog <flags> Set scheduler query logging flags .pmtx <Mutex Address> display mutex state .psem <Semaphore Address> display semaphore state .pthcb <Thread handle/id> display thread control block .pprd Disables the logging of priority changes .ppre Enables the logging of priority changes .pprf <filter> Logs only boosts changing these bits .pprl <Thread handle/id> Lists priority changes recorded .pmax Show thread and VM maximum DOS386 stack usage |
| .PCI | PCI | PCI debug utility. Note that to use .PCI you must remove debugcmd.vxd from the system because its .P command prevents .PCI from being recognized.
"Welcome to PCI's debugger" A show All; Show every PCI devnodes B show Busses; Show PCI bus structure C Config space; Toggle full/partial config space D Enter dwdata; Enter data in config space in dwords E Enter data; Enter data in config space F FindIRQRoute; Help find the IRQ routing G Global info; Show global PCI info I IDE Test; See if secondary IDE is enabled L show List; Show every PCI devnodes (short) Q Quit; Quit the debugger R show Rom; Show ROM of selected devnode S Show selected; Show selected devnode T Trace CS; Trace config space access Y select devnode; Select DevNode Z select devnode; Select DevNode by index |
|
| .R | [#] | - | Displays the registers of the current thread. For example, if you used <ctrl c> to break into the system, this will show you the debugger's <ctrl c> handler. |
| .REBOOT | (system) | reboots machine | |
| .S | [#] | VMM | Displays short logged exceptions starting at #, if specified. |
| .SL | [#] | VMM | Displays long logged exceptions just #, if specified. |
| .T | VMM | Toggles the trace switch. | |
| .VC | [#] ------ | (system) | Displays the current VMs control block |
| .VDMAD | VDMAD | Virtual DMA Device State Dump | |
| .VDD | VDD | Virtual Display Device State Dump. Also offers additional options:
Select Option 1 - display VM register states 2 - display VM memory usage 3 - dump video page info 4 - display msg mode register state 5 - display planar mode register state 6 - read DAC 7 - display VM DAC states 8 - enable Queue_Outs 9 - enable MemC debug event |
|
| .VFLATD | VFLATD | Virtual Flat Video Buffer Device statistics and event log | |
| .VH | [#] ------ | (system) | Displays a VMM linked list, given list handle |
| .VKD | VKD | Virtual Keyboard Device
[0] - General info [1] - Hot Key info [2] - Per VM info [3] - Set VKD queue_outs [ESC] - Exit VKD debug query |
|
| .VL | (system) | Displays a list of all valid VM handles | |
| .VM | [#] ------ | (system) | Displays complete VM status |
| .VMM | (system) | Menu VMM state information:
[A] System time [B] Display Critical Section info [C] Display blocked thread information [D] Reset dyna-link profile counts [E] I/O port trap information [F] Reset I/O profile counts [G] Turn procedure call trace logging on [H] V86 interrupt hook information [I] PM interrupt hook information [J] Reset PM and V86 interrupt profile counts [K] Display event lists [L] Display device list (all VxDs) [M] Display V86 break points [N] Display PM break points [O] Display interrupt profile [P] Reset interrupt profile counts [Q] Display GP fault profile [R] Reset GP fault profile counts [S] Toggle verbose device call trace [T] Dyna-link service profile information [U] Fault Hook information [V] Display time out queues [W] PM CLI/STI trace info [X] DPMI info |
|
| .VPICD | - | Virtual PIC Device status (status of hardware interrupts)
[1] Global PIC information (ring 0) [2] Per-VM PIC information (virtualized VM state) [3] IRQ handler information (hardware interrupts and who is responsible for each) |
|
| .VR | [#] ------ | (system) | Displays the registers of the current VM (both the current and alternate registers). Used to examine both V86 mode and protected mode portions of the VM. |
| .VS | [#] ------ | (system) | Displays the current VM's virtual mode stack |
| .VXDLDR | - | Displays the list of dynamically loaded devices | |
| .Y | <expr> | CONFIGMG | Displays CONFIGMG (Plug & Play) structures:
Welcome to CONFIGMG's debugger A Arbitrators Show the list of arbitrators B Block queue Prevent processing of events C Query remove Query removal at happy time d remove Removal at happy time e toggle Echo Set the echo to a specified level f show Free Show free resources g enumerate Enumerate a devnode h Reenable Appy Reenable checking of query remove i Show Log Show procedural logs j test walks Test our walk procedures k Show stack Show stack of procedure logs l show List Show devnode list m screen size Set screen size n Nuke logs Nuke the procedure logged p Problem List devnodes with problems q Quit Quit the debugger r show Range Show a Range s Show tree Show the hardware tree t toggle time Toggle the display of time u Unblock queue Restart processing of events v View status View the global status of CONFIGMG w show all range Show all the rangelists x eXclude Filter logging of procedure logs y force smthng Call some random HWProfile API z Allow DLL call Allow the DLLs to be called |
Where…
<range> = [<addr>] [<word>] | <addr> [L <word>]
<addr> = [& | #][<word>:]<word> | %<dword> | %%<dword>
<list> = <byte> <byte> ... | "string"
<binary ops> = : | * / MOD + . - << >> < > >= <= AND XOR OR && ||
<unary ops> = &seg #sel %lin %%phy ! NOT SEG OFF BY WO DW POI PORT WPORT
(OFF=offset, BY=byte, WO=word/16-bit near proc, DW=dword/32-bit proc, POI=16-bit FAR addr, PORT=I/O byte port, WPORT=I/O word port)
Regular expressions <re>:
. any character, [] character class, [a-z], [^a], etc
* match zero or more, # match zero or one, + match one or more
Supported printf format characters are:
%% %
%c character
%[-][+][ ][0][width][.precision][p][n]d decimal
%[-][0][width][.precision][p][n]u unsigned decimal
%[-][#][0][width][.precision][p][n]x hex
%[-][#][0][width][.precision][p][n]X hex
%[-][0][width][.precision][p][n]o octal
%[-][0][width][.precision][p][n]b binary
%[-][width][.precision][a]s string
%[-][width][.precision][a][p][n][L][H][N][Z]A address
%[-][width][.precision][a][p][n][L][H][N][Z]S symbol
%[-][width][.precision][a][p][n][L][H][N][Z]G group:symbol
%[-][width][.precision][a][p][n][L][H][N][Z]M map:group:symbol
%[-][width][.precision][a][p][n][L][H][N][Z]g group
%[-][width][.precision][a][p][n][L][H][N][Z]m map
a - pointer to a AddrS structure
H - 16 bit offset
L - 32 bit offset
N - offset only
Z - no address
p - gets the previous symbol, address or offset
n - gets the next symbol, address or offset
Prompts are: > real mode
- or -- virtual 8086 mode
# or ## protected mode
COMMON SELECTOR VALUES:
| CS | Area | CS | Area |
|---|---|---|---|
| 0028 | VxD code (ring 0) | 013F | Win32 flat code |
| 0030 | VxD data (ring 0) | 0147 | Win32 flat data |
| 0048 | debugger code | 011F | Krnl386 code |
| 0137 | Krnl386 data |