Most of commands used in winedbg are similar to the ones
from gdb. Please refer to the gdb documentations for some more
details. See the gdb differences section later on to get a
list of variations from gdb commands.
Misc. commands
- abort
- Aborts the debugger.
- quit
- Exits the debugger.
- attach N
- Attach to a Wine process (N is its Windows ID, numeric or
hexadecimal). IDs can be obtained using the info process
command. Note the info process command returns hexadecimal
values
- detach
- Detach from a Wine-process.
- thread N
- Change the current thread to N (its Windows TID, numeric or
hexadecimal).
Help commands
- help
- Prints some help on the commands.
- help info
- Prints some help on info commands
Flow control commands
- cont
- Continue execution until next breakpoint or exception.
- pass
- Pass the exception event up to the filter chain.
- step
- Continue execution until next C line of code (enters function call)
- next
- Continue execution until next C line of code (doesn't enter function
call)
- stepi
- Execute next assembly instruction (enters function call)
- nexti
- Execute next assembly instruction (doesn't enter function call)
- finish
- Execute until return of current function is reached.
cont, step, next, stepi, nexti
can be postfixed by a number (N), meaning that the command must be executed
N times before control is returned to the user.
Breakpoints, watchpoints
- enable N
- Enables (break|watch)-point N
- disable N
- Disables (break|watch)-point N
- delete N
- Deletes (break|watch)-point N
- cond N
- Removes any existing condition to (break|watch)-point N
- cond N expr
- Adds condition expr to (break|watch)-point N. expr
will be evaluated each time the (break|watch)-point is hit. If the result
is a zero value, the breakpoint isn't triggered.
- break * N
- Adds a breakpoint at address N
- break id
- Adds a breakpoint at the address of symbol id
- break id N
- Adds a breakpoint at the line N inside symbol id.
- break N
- Adds a breakpoint at line N of current source file.
- break
- Adds a breakpoint at current $PC address.
- watch * N
- Adds a watch command (on write) at address N (on 4 bytes).
- watch id
- Adds a watch command (on write) at the address of symbol id. Size
depends on size of id.
- rwatch * N
- Adds a watch command (on read) at address N (on 4 bytes).
- rwatch id
- Adds a watch command (on read) at the address of symbol id. Size
depends on size of id.
- info break
- Lists all (break|watch)-points (with their state).
You can use the symbol EntryPoint to stand for the entry
point of the Dll.
When setting a (break|watch)-point by id, if the symbol
cannot be found (for example, the symbol is contained in a not yet loaded
module), winedbg will recall the name of the symbol and will try to
set the breakpoint each time a new module is loaded (until it succeeds).
Stack manipulation
- bt
- Print calling stack of current thread.
- bt N
- Print calling stack of thread of ID N. Note: this doesn't change
the position of the current frame as manipulated by the up &
dn commands).
- up
- Goes up one frame in current thread's stack
- up N
- Goes up N frames in current thread's stack
- dn
- Goes down one frame in current thread's stack
- dn N
- Goes down N frames in current thread's stack
- frame N
- Sets N as the current frame for current thread's stack.
- info locals
- Prints information on local variables for current function frame.
Directory & source file manipulation
- show dir
- Prints the list of dirs where source files are looked for.
- dir pathname
- Adds pathname to the list of dirs where to look for source
files
- dir
- Deletes the list of dirs where to look for source files
- symbolfile pathname
- Loads external symbol definition file pathname
- symbolfile pathname N
- Loads external symbol definition file pathname (applying an offset
of N to addresses)
- list
- Lists 10 source lines forwards from current position.
- list -
- Lists 10 source lines backwards from current position
- list N
- Lists 10 source lines from line N in current file
- list pathname:N
- Lists 10 source lines from line N in file pathname
- list id
- Lists 10 source lines of function id
- list * N
- Lists 10 source lines from address N
You can specify the end target (to change the 10 lines value)
using the ',' separator. For example:
- list 123, 234
- lists source lines from line 123 up to line 234 in current file
- list foo.c:1,56
- lists source lines from line 1 up to 56 in file foo.c
Displaying
A display is an expression that's evaluated and printed after the
execution of any winedbg command.
- display
- info display
- Lists the active displays
- display expr
- Adds a display for expression expr
- display /fmt expr
- Adds a display for expression expr. Printing evaluated expr
is done using the given format (see print command for more
on formats)
- del display N
- undisplay N
- Deletes display N
Disassembly
- disas
- Disassemble from current position
- disas expr
- Disassemble from address expr
- disas expr,expr
- Disassembles code between addresses specified by the two expressions
Memory (reading, writing, typing)
- x expr
- Examines memory at address expr
- x /fmt expr
- Examines memory at address expr using format fmt
- print expr
- Prints the value of expr (possibly using its type)
- print /fmt expr
- Prints the value of expr (possibly using its type)
- set var = expr
- Writes the value of expr in var variable
- whatis expr
- Prints the C type of expression expr
- fmt
- is either letter or count letter, where letter can
be:
- s
- an ASCII string
- u
- a UTF16 Unicode string
- i
- instructions (disassemble)
- x
- 32-bit unsigned hexadecimal integer
- d
- 32-bit signed decimal integer
- w
- 16-bit unsigned hexadecimal integer
- c
- character (only printable 0x20-0x7f are actually printed)
- b
- 8-bit unsigned hexadecimal integer
- g
- Win32 GUID
Expressions
Expressions in Wine Debugger are mostly written in a C form.
However, there are a few discrepancies:
Identifiers can take a '!' in their names. This allows
mainly to specify a module where to look the ID from, e.g.
USER32!CreateWindowExA.
In a cast operation, when specifying a structure or a union, you
must use the struct or union keyword (even if your program uses a
typedef).
When specifying an identifier, if several symbols with this name
exist, the debugger will prompt for the symbol you want to use. Pick up the
one you want from its number.
Misc.
minidump file.mdmp saves the debugging context of
the debuggee into a minidump file called file.mdmp.
Information on Wine internals
- info class
- Lists all Windows classes registered in Wine
- info class id
- Prints information on Windows class id
- info share
- Lists all the dynamic libraries loaded in the debugged program (including
.so files, NE and PE DLLs)
- info share N
- Prints information on module at address N
- info regs
- Prints the value of the CPU registers
- info all-regs
- Prints the value of the CPU and Floating Point registers
- info segment
- Lists all allocated segments (i386 only)
- info segment N
- Prints information on segment N (i386 only)
- info stack
- Prints the values on top of the stack
- info map
- Lists all virtual mappings used by the debugged program
- info map N
- Lists all virtual mappings used by the program of Windows pid
N
- info wnd
- Displays the window hierarchy starting from the desktop window
- info wnd N
- Prints information of Window of handle N
- info process
- Lists all w-processes in Wine session
- info thread
- Lists all w-threads in Wine session
- info frame
- Lists the exception frames (starting from current stack frame). You can
also pass, as optional argument, a thread id (instead of current thread)
to examine its exception frames.
Debug messages can be turned on and off as you are debugging using
the set command, but only for channels initialized with the
WINEDEBUG environment variable.
- set warn + win
- Turns on warn on win channel
- set + win
- Turns on warn/fixme/err/trace on win channel
- set - win
- Turns off warn/fixme/err/trace on win channel
- set fixme - all
- Turns off fixme class on all channels