drwtsn32.exe和adplus.vbs进行dump文件抓取

转自：http://hi.baidu.com/justin_wu2010/blog/item/cc31641fa8d84f0f314e15b1.html

以前只在linux和unix下面才用过dump文件抓取的方式进行程序执行异常的分析。对windows却是没有用，因为windows下的调试工具实在是太方便了，基本可以不用其它的工具。其实在windows下对底层和无征兆性的异常很大程度上，dump可以帮忙我们确定问题所在。

在windows下，进行dump文件获取，常用的工具为drwtsn32.exe和adplus.vbs。drwtsn32.exe是windows系统自带的，在命令行里输入即可调起，比较适合在没有开发环境下的截取；adplus.vbs是windbg带的一个小工具，功能比drwtsn32.exe强大，可以自由(任意时刻)对执行的进程进行dump文件的提取。

    drwtsn32.exe（dr.watson）(dr即doctor)界面比较简单，没多少内容，在命令行调起后进行一定的配置，再将它设置为默认调试工具就行了，那么执行程序异常时，就会生成dump文件。注册表中的位置可以进行开关:HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/CurrentVersion/AeDebug/Auto
drwtsn32 参数:
drwtsn32 [-i] [-g] [-p pid] [-e event] [-?]
-i 将 DrWtsn32 当作默认应用程序错误调试程序
-g 被忽略，但作为 WINDBG 和 NTSD 的兼容而被提供
-p pid 要调试的进程 id
-e event 表示进程附加完成的事件
-? 这个屏幕

    adplus.vbs参数:

ADPlus uses the following syntax:

adplus.vbs [-quiet] [-c ConfigurationFile] { -hang | -crash }
    { -iis | -pn Process | -p PID | -sc SpawningCommandLine }
    [-notify Name] [-o Directory] [-cdh] [-cdc]
    [-cdj] [-gs ScriptName] [ -ce CustomExceptionCode]
    [-bp BreakpointParameters] [-y SymbolPath]
    [-yp SymbolPathToAdd] [-FullOnFirst] [-MiniOnSecond]
    [-NoDumpOnFirst] [-NoDumpOnSecond] [-NoTlist]
    [-NoTsCheck] [-dbg Debugger]

adplus.vbs -Help

The command line is parsed from left to right. When a target is specified, ADPlus will use all the options it has parsed up to that point. This allows you to create a long command line with multiple targets, specifying different options for each target. One easy way to perform this task is to store options in configuration files and use the -c parameter to point to these files.

Parameters

-quiet

This option tells ADPlus to suppress all modal dialog boxes. This option is useful if you are running ADPlus from within a remote command shell where modal dialog boxes can cause ADPlus to wait indefinitely for a user to press OK.

For best results, make sure this is the first option passed to adplus.vbs.

-c ConfigurationFile

Allows you to provide an external configuration file with additional information. You can use more than one configuration file by using several -c switches. For example:

adplus -c c:/t/file1.cfg -c c:/t/file2.cfg

You may omit a required switch if the equivalent setting is specified in the configuration file. For details, see ADPlus Configuration Files.

-hang

Configures ADPlus to run in hang mode. When ADPlus is running in hang mode, ADPlus must be started after the process hangs or is consuming high CPU utilization.

-crash

Configures ADPlus to run in crash mode. When ADPlus is running in crash mode, ADPlus must be started before the process crashes or becomes unstable.

-iis

Used to debug Internet Information Server (IIS) 4.0 or later. When you use ADPlus with the -iis option, ADPlus monitors all of the IIS in-process (Inetinfo.exe) and out-of-process (Mtx.exe and Dllhost.exe) applications. This option can be used in addition to the -pn or -p options, or it can be used by itself to analyze IIS and all running MTS/COM+ applications in either crash mode or hang mode.

If you are trying to analyze an IIS 3.0 (or earlier), you should use the -pn option and specify Inetinfo.exe as the process to monitor.

-pn Process

Specifies a process name that ADPlus should analyze. Process should include the file extension. To specify more than one process, use multiple -pn options. For example, "-pn process1.exe -pn process2.exe".

-p PID

The -p option is used to specify the process ID (PID) of a process that ADPlus should analyze. To specify more than one process, use multiple -p options. For example, "-p 1896 -p 1702".

-sc SpawningCommandLine

Allows you to provide a command line. The debugger will spawn the process inside the debugger and start monitoring it. This is only allowed in crash mode, and the -sc switch must be the last one to be provided, as everything that is provided after it is considered the command line to be used to spawn the selected process. If you want to spawn more than one process use the -c switch and a configuration file.

-notify Name

This option is only valid when ADPlus is running in crash mode. This option tells ADPlus to send an alert if a crash occurs. Name is the computer or user that will receive the alert. Whenever the debugger detaches from the process due to a second chance exception, or whenever a user presses CTRL+C to stop debugging, a notification will be sent to this computer or remote user or computer through the local messenger service. The local messenger service must be running on the target computer for this to work.

-o Directory

This option tells ADPlus where to place the debug output files. Long file names and file names containing spaces should be placed within double quotation marks. If a UNC path (//server/share) is used, ADPlus creates a new folder immediately below the UNC path that is specified with the name of the server on which ADPlus is running (for example, //server/share/Web1 or //server/share/Web2). This option is useful if ADPlus is running on multiple computers in a Web farm that are all placing their output on the same network share.

-cdh

Signals ADPlus to use the default configuration file for hang mode. The default configuration file should be called ADP_Default_Hang.cfg and must be stored in the same directory of adplus.vbs.

-cdc

Signals ADPlus to use the default configuration file for crash mode. The default configuration file should be called ADP_Default_Crash.cfg and must be stored in the same directory as adplus.vbs.

-cdj

Signals ADPlus to use the default configuration file for postmortem debugging mode. The default configuration file should be called ADP_Default_JIT.cfg and must be stored in the same directory of adplus.vbs. This is normally used if you decide to use ADPlus as the default postmortem debugger, and the configuration should be similar to hang mode.

-gs ScriptName

When you use this switch, ADPlus will create the script to be used with the debugger with the given name, and will save it to a file. When you use this switch there is no need to select any process to debug.

-ce CustomExceptionCode

Allows you to add custom exceptions to be monitored by the debugger.

-bp BreakpointParameters

Allows you to define breakpoints to be monitored by the debugger. BreakpointParameters has the syntax address;parameters. The additional parameters must be separated by semicolons and contain no spaces. They can be any of the following:

MiniDump, FullDump or NoDump

Indicates whether you want a dump. The default is no dump.

Integer

Indicates the number of passes to ignore.

Q or QD or G

Indicates whether you want to quit, quit and detach, or go after the action. The default is G.

BP or BU or BM

Indicates the type of debugger command used to create the breakpoint. The default is BP. If you use BM then you can define multiple breakpoints using wildcards in the address.

If you do not include any optional parameters, the default behavior is to create a log, list the call stack, and then let the target run.

-y SymbolPath

Alows you to define the symbol path. This accepts multiple folders separated by semicolons, including references to symbol servers.

-yp SymbolPathToAdd

Allows you to add a symbol path to the path already defined in the debugger . This accepts multiple folders separated by semicolons, including references to symbol servers.

-FullOnFirst

Chooses to have full dumps created on first chance for all defined exceptions. The default behavior is to have minidumps created on first chance. If several first-chance exceptions of the same type happens, the dump files will be overwritten. If you desire another type of behavior you can use the configuration file for additional options.

-MiniOnSecond

Chooses to have mini dumps created on second chance for all defined exceptions. The default behavior is to have full-dumps created on second chance.

-NoDumpOnFirst

Chooses to have no dumps created on first chance for all defined exceptions. The default behavior is to have mini-dumps created on first chance.

-NoDumpOnSecond

Chooses to have no dumps created on second chance for all defined exceptions. The default behavior is to have full-dumps created on second chance.

-NoTlist

If used, ADPlus will not use the TList tool to get the list of running processes. This option should be used only if you are experiencing problems with ADPlus that are related to the TList tool.

If -NoTlist is used, you cannot use the -pn switch. In addition, the dump file names will not include the package name for COM+ applications.

-NoTsCheck

Allows ADPlus to attach to a target in a Terminal Server session, as long as the target was started in the same session as ADPlus. This switch is only needed in Windows 2000 and earlier; if it is not included in those operating systems ADPlus will not be able to use ADPlus in a Terminal Server session. In Windows XP and later versions of Windows, ADPlus can freely attach to targets in Terminal Server, regardless of what session they were started on, and this switch is not needed.

-dbg Debugger

Allows you to select the debugger to be used. The default is CDB, but you can select WinDbg or NTSD instead. Debugger should include the debugger name and the .exe extension.

-Help

Displays help text for ADPlus.

可参考:support.microsoft.com/kb/286350/zh-cn

drwtsn32.exe和adplus.vbs进行dump文件抓取相关推荐

Thread dump文件抓取和分析(JCA工具)
Thread dump文件抓取和分析接下来分析CentOS下怎么抓取Thread dump文件,JCA怎么分析Thread dump文件. 1.CentOS下抓取Thread dump文件 Cent ...
嘘，我已经瞒着开发解锁APP日志文件抓取及分析啦！
------·今天距2020年87天·------ 这是ITester小栈第49次推文大家好,我是coco小锦鲤经过之前的APP系列我们知道了APP的测试流程也列举了APP通用测试用例还解答 ...
java内存 phd文件抓取,WAS 常常有heapdump.phd和javacore.txt文件产生
WAS 经常有heapdump.***.phd和javacore.***.txt文件产生问题描述: 发现在AppSvr01下面有heapdump.***.phd和javacore.***.txt文件 ...
java怎么抓取测试apk日志_Android测试日志文件抓取与分析
1.log文件分类简介实时打印的主要有:logcat main,logcat radio,logcat events,tcpdump,还有高通平台的还会有QXDM日志状态信息的有:adb shel ...
Android APP测试的日志文件抓取
1 log文件分类简介实时打印的主要有:logcat main,logcat radio,logcat events,tcpdump,还有高通平台的还会有QXDM日志状态信息的有: ...
java内存 phd文件抓取_您可以从IBM PHD Java堆转储中提取字符串的值吗？
我有一个来自IBM jvm的PHD格式堆转储,我希望检查一些字符串的值.使用Sun JVM的二进制hprof转储,这是可能的,但是我无法从IBM转储中恢复此信息. 我试过了: >具有IBM DT ...
java实现m3u8文件抓取器
首先需要导入需要的jar包: import java.awt.Toolkit; import java.awt.datatransfer.Clipboard; import java.awt.data ...
IBM内存分析工具JCA在windows环境下打开dump文件报错问题：Cannot find any thread dumps
问题描述:IBM内存分析工具JCA在windows环境下打开dump文件报错问题:Cannot find any thread dumps 原因:dump文件编码格式问题解决:修改dump.txt文 ...
VS2015调试dump文件时提示未找到xxx.exe或xxx.dll
前言游戏开发的过程中,经常会出现客户端宕机的问题,这时候一个小小的dump文件可以记录当时的内存及堆栈情况,对于解决崩溃的问题有巨大的帮助,之前用VS2008的时候调试过dump文件,但是最近客户端 ...

drwtsn32.exe和adplus.vbs进行dump文件抓取

Parameters

drwtsn32.exe和adplus.vbs进行dump文件抓取相关推荐

最新文章

热门文章