WINEDBG(1) Wine Developers Manual WINEDBG(1) NAME winedbg - Wine debugger SYNOPSIS winedbg [ options ] [ program_name [ program_arguments ] | wpid ] winedbg --gdb [ options ] [ program_name [ program_arguments ] | wpid ] winedbg --auto wpid winedbg --minidump [ file.mdmp ] wpid winedbg file.mdmp DESCRIPTION winedbg is a debugger for Wine. It allows: + debugging native Win32 applications + debugging Winelib applications + being a drop-in replacement for Dr Watson MODES winedbg can be used in five modes. The first argument to the program determines the mode winedbg will run in. default Without any explicit mode, this is standard winedbg operating mode. winedbg will act as the front end for the user. --gdb winedbg will be used as a proxy for gdb. gdb will be the front end for command handling, and winedbg will proxy all debugging requests from gdb to the Win32 APIs. --auto This mode is used when winedbg is set up in AeDebug registry entry as the default debugger. winedbg will then display basic information about a crash. This is useful for users who don't want to debug a crash, but rather gather relevant information about the crash to be sent to developers. --minidump This mode is similar to the --auto one, except that instead of printing the information on the screen (as --auto does), it's saved into a minidump file. The name of the file is either passed on the command line, or generated by WineDbg when none is given. This file could later on be reloaded into winedbg for further examination. file.mdmp In this mode winedbg reloads the state of a debuggee which has been saved into a minidump file. See either the minidump command below, or the --minidump mode. OPTIONS When in default mode, the following options are available: --command string winedbg will execute the command string as if it was keyed on winedbg command line, and then will exit. This can be handy for getting the pid of running processes (winedbg --command "info proc"). --exec filename Sets the executable name, without starting the executable. --file filename winedbg will execute the list of commands contained in file filename as if they were keyed on winedbg command line, and then will exit. When in gdb proxy mode, the following options are available: --no-start Don't launch gdb directly; instead, print the target remote GDB command to execute and listen for connection from any GDB- compatible debugger. Normally, --gdb will start both the proxy debugging server and an instance of gdb for the front end. This option instructs winedbg to skip launching of gdb, and instead prints the GDB command that can be used to manually connect to the server. This command is in the form target remote localhost: where is the TCP port winedbg's proxy debugging server is bound to. This option allows the user to replace gdb with some other debugger front end, such as ddd, kgdb, gdbgui, or Qt Creator. Regardless of whether --no-start is specified, winedbg will quit after the first connection is hung up (e.g. gdb detaches from the debuggee). --port port Start the GDB proxy debugging server on the given port. If this option is not specified, winedbg will let the operating system choose any available port. This option can be used in conjunction with --no-start to specify the port the server shall be bound to. --with-xterm This will run the gdb front end in a new xterm(1) window instead of using the current Unix terminal for its interface. This option is ignored if --no-start is specified. In all modes, the rest of the command line, when passed, is used to identify which program, if any, is to be debugged: program_name This is the name of an executable to start for a debugging session. winedbg will actually create a process with this executable. If program_arguments are also given, they will be used as arguments for creating the process to be debugged. wpid winedbg will attach to the process whose Windows pid is wpid. Use the info proc command within winedbg to list running processes and their Windows pids. default If nothing is specified, you will enter the debugger without any run nor attached process. You'll have to do the job yourself. COMMANDS Default mode, and while reloading a minidump file: Most of commands used in winedbg are similar to the ones from gdb. Please refer to the gdb documentations for some more details. See the gdb differences section later on to get a list of variations from gdb commands. Misc. commands abort Aborts the debugger. quit Exits the debugger. Process handling attach N Attach to a Wine process (N is its Windows ID, numeric or hexadecimal). IDs can be obtained using the info process command. Note the info process command returns hexadecimal values attach file.mdmp Reload the state of a debuggee from the minidump file.mdmp. See the minidump command to save such a file. detach Detach the current Wine-process. The process is no longer debugged by WineDbg, but is still running (for a live target). kill Kills the current Wine-process. The process is no longer debugged by WineDbg, and is also terminated (for a live target). minidump file.mdmp Saves the debugging context of the debuggee into a minidump file called file.mdmp. run Re-run the same process with the same arguments. Note: all breakpoints of precedent process are no longer available. run arg1 arg2... Re-run the same process with arguments arg1 arg2.... Note: all breakpoints of precedent process are no longer available. thread N Change the current thread to N (its Windows TID, numeric or hexadecimal). Help commands help Prints some help on the commands. help info Prints some help on info commands Flow control commands cont Continue execution until next breakpoint or exception. pass Pass the exception event up to the filter chain. step Continue execution until next C line of code (enters function call) next Continue execution until next C line of code (doesn't enter function call) stepi Execute next assembly instruction (enters function call) nexti Execute next assembly instruction (doesn't enter function call) finish Execute until return of current function is reached. cont, step, next, stepi, nexti can be postfixed by a number (N), meaning that the command must be executed N times before control is returned to the user. Breakpoints, watchpoints enable N Enables (break|watch)-point N disable N Disables (break|watch)-point N delete N Deletes (break|watch)-point N cond N Removes any existing condition to (break|watch)-point N cond N expr Adds condition expr to (break|watch)-point N. expr will be evaluated each time the (break|watch)-point is hit. If the result is a zero value, the breakpoint isn't triggered. break * N Adds a breakpoint at address N break id Adds a breakpoint at the address of symbol id break id N Adds a breakpoint at the line N inside symbol id. break N Adds a breakpoint at line N of current source file. break Adds a breakpoint at current $PC address. watch * N Adds a watch command (on write) at address N (on 4 bytes). watch id Adds a watch command (on write) at the address of symbol id. Size depends on size of id. rwatch * N Adds a watch command (on read) at address N (on 4 bytes). rwatch id Adds a watch command (on read) at the address of symbol id. Size depends on size of id. info break Lists all (break|watch)-points (with their state). You can use the symbol EntryPoint to stand for the entry point of the Dll. When setting a (break|watch)-point by id, if the symbol cannot be found (for example, the symbol is contained in a not yet loaded module), winedbg will recall the name of the symbol and will try to set the breakpoint each time a new module is loaded (until it succeeds). Stack manipulation bt Print calling stack of current thread. bt N Print calling stack of thread of ID N. Note: this doesn't change the position of the current frame as manipulated by the up & dn commands). up Goes up one frame in current thread's stack up N Goes up N frames in current thread's stack dn Goes down one frame in current thread's stack dn N Goes down N frames in current thread's stack frame N Sets N as the current frame for current thread's stack. info locals Prints information on local variables for current function frame. Directory & source file manipulation show dir Prints the list of dirs where source files are looked for. dir pathname Adds pathname to the list of dirs where to look for source files dir Deletes the list of dirs where to look for source files symbolfile pathname Loads external symbol definition file pathname symbolfile pathname N Loads external symbol definition file pathname (applying an offset of N to addresses) list Lists 10 source lines forwards from current position. list - Lists 10 source lines backwards from current position list N Lists 10 source lines from line N in current file list pathname:N Lists 10 source lines from line N in file pathname list id Lists 10 source lines of function id list * N Lists 10 source lines from address N You can specify the end target (to change the 10 lines value) using the ',' separator. For example: list 123, 234 lists source lines from line 123 up to line 234 in current file list foo.c:1,56 lists source lines from line 1 up to 56 in file foo.c Displaying A display is an expression that's evaluated and printed after the execution of any winedbg command. display info display Lists the active displays display expr Adds a display for expression expr display /fmt expr Adds a display for expression expr. Printing evaluated expr is done using the given format (see print command for more on formats) del display N undisplay N Deletes display N Disassembly disas Disassemble from current position disas expr Disassemble from address expr disas expr,expr Disassembles code between addresses specified by the two expressions Memory (reading, writing, typing) x expr Examines memory at address expr x /fmt expr Examines memory at address expr using format fmt print expr Prints the value of expr (possibly using its type) print /fmt expr Prints the value of expr (possibly using its type) set var = expr Writes the value of expr in var variable whatis expr Prints the C type of expression expr fmt is either letter or count letter, where letter can be: s an ASCII string u a UTF16 Unicode string i instructions (disassemble) x 32-bit unsigned hexadecimal integer d 32-bit signed decimal integer w 16-bit unsigned hexadecimal integer c character (only printable 0x20-0x7f are actually printed) b 8-bit unsigned hexadecimal integer g Win32 GUID Expressions Expressions in Wine Debugger are mostly written in a C form. However, there are a few discrepancies: Identifiers can take a '!' in their names. This allows mainly to specify a module where to look the ID from, e.g. USER32!CreateWindowExA. In a cast operation, when specifying a structure or a union, you must use the struct or union keyword (even if your program uses a typedef). When specifying an identifier, if several symbols with this name exist, the debugger will prompt for the symbol you want to use. Pick up the one you want from its number. Information on Wine internals info class Lists all Windows classes registered in Wine info class id Prints information on Windows class id info share Lists all the dynamic libraries loaded in the debugged program (including .so files, NE and PE DLLs) info share N Prints information on module at address N info regs Prints the value of the CPU registers info all-regs Prints the value of the CPU and Floating Point registers info segment Lists all allocated segments (i386 only) info segment N Prints information on segment N (i386 only) info stack Prints the values on top of the stack info map Lists all virtual mappings used by the debugged program info map N Lists all virtual mappings used by the program of Windows pid N info wnd Displays the window hierarchy starting from the desktop window info wnd N Prints information of Window of handle N info process Lists all w-processes in Wine session info thread Lists all w-threads in Wine session info frame Lists the exception frames (starting from current stack frame). You can also pass, as optional argument, a thread id (instead of current thread) to examine its exception frames. Debug messages can be turned on and off as you are debugging using the set command, but only for channels initialized with the WINEDEBUG environment variable. set warn + win Turns on warn on win channel set + win Turns on warn/fixme/err/trace on win channel set - win Turns off warn/fixme/err/trace on win channel set fixme - all Turns off fixme class on all channels Gdb mode: See the gdb documentation for all the gdb commands. However, a few Wine extensions are available, through the monitor command: monitor wnd Lists all windows in the Wine session monitor proc Lists all processes in the Wine session monitor mem Displays memory mapping of debugged process Auto and minidump modes: Since no user input is possible, no commands are available. ENVIRONMENT WINE_GDB When used in gdb proxy mode, WINE_GDB specifies the name (and the path) of the executable to be used for gdb. "gdb" is used by default. AUTHORS The first version was written by Eric Youngdale. See Wine developers list for the rest of contributors. BUGS Bugs can be reported on the Wine bug tracker . AVAILABILITY winedbg is part of the Wine distribution, which is available through WineHQ, the Wine development headquarters . SEE ALSO wine(1), Wine documentation and support . Wine 9.7 October 2005 WINEDBG(1)