小華的部落格: 2018/1/14 - 2018/1/21

搜尋此網誌

網頁

星期一, 1月 15, 2018

紀錄一下WinDbg裡面比較常用到的指令集

AMLI裡面比較常用到的指令集

AMLI(? for help)-> ?
?

Help                     - ? [<Cmd>]
Clear Breakpoints        - bc <bp list> | *
Disable Breakpoints      - bd <bp list> | *
Enable Breakpoints       - be <bp list> | *
List Breakpoints         - bl
Set Breakpoints          - bp <MethodName> | <CodeAddr> ...
Clear Event Log          - cl
Dump Event Log           - dl
Dump Object Count Table  - dc
Dump Heap                - dh [<Addr>]
Dump Stack               - ds [/v] [<Addr>]
Dump Name Space Object   - dns [[/s] [<NameStr> | <Addr>]]
Dump Data Object         - do <Addr>
Find NameSpace Object    - find <NameSeg>
Continue Execution       - g
Read Byte from Port      - i <Port>
Read Word from Port      - iw <Port>
Read DWord from Port     - id <Port>
List All Contexts        - lc
Display Nearest Method   - ln [<MethodName> | <CodeAddr>]
Notify NameSpace Object  - notify <Obj> <Value>
Write Byte to Port       - o <Port> <Byte>
Write Word to Port       - ow <Port> <Word>
Write DWord to Port      - od <Port> <DWord>
Step Over AML Code       - p
Quit to Kernel Debugger  - q
Display Context Info.    - r <Context>
Run Method               - run <MethodName> | <CodeAddr> [<ArgList>]
Set Debugger Options     - set [traceon | traceoff] [nesttraceon | nesttraceoff] [spewon | spewoff]
                               [dbgbrkon | dbgbrkoff] [lbrkon | lbrkoff] [errbrkon | errbrkoff] 
                               [verboseon | verboseoff] [logon | logoff] [logmuton | logmutoff] 
Trace Into AML Code      - t
Interpreter Trace Mode   - trace [trigon] [trigoff] [level=<n>]
                                 [add=<TrigPtStr] [zap=<TrigPtList>]
Unassemble AML code      - u [<MethodName> | <CodeAddr>]


AMLI(? for help)-> 

ACPI 裡面比較常用到的指令集
!acpicache displays all of the ACPI tables cached by the hardware application layer (HAL)

!acpiinf displays information on the configuration of the ACPI

!acpiirqarb displays the contents of the ACPI IRQ arbiter structure

!facs displays a Firmware ACPI Control Structure

!fadt displays a Fixed ACPI Description Table

!mapic displays an ACPI Multiple APIC Table

!nsobj displays an ACPI namespace object

!nstree displays a section of the ACPI namespace tree


!rsdt displays the ACPI Root System Description Table

!acpikd.help  For a complete list of ACPI-related extensions.

Reference
https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/acpi-debugging