windbg - 닷넷 개발자를 위한 MEX Debugging Extension 소개
초기 버전 때 써 보고는 그동안 소홀하다가 최근에 다시 다운로드해,
MEX Debugging Extension
; https://www.microsoft.com/en-us/download/details.aspx?id=53304
실습해 봤습니다. ^^
로드하고,
0:000> .load d:\wext\x64\mex.dll
Mex External 3.0.0.7172 Loaded!
help를 보니, 명령어가 너무 많이 추가되어 다 해 볼 엄두가 안 날 정도입니다. ^^;
!mex.help
몇 개 골라서 출력을 해볼까요? ^^
우선 aspnetcache는 신선하긴 하지만 출력 결과가 너무 많고 asp.net 자체가 쓰는 캐시도 많아서 실제 업무 프로그램을 대상으로 쓰게 될지는 잘 모르겠습니다.
0:074> !aspnetcache
CacheItem: 00000000ff2a2cc0
Key: 00000000ff2a2c48 "AResources.Resource" [19] (System.String)
Value: 00000000ff2a2ca0 (System.Web.Compilation.GlobalResXResourceProvider)
CacheItem: 00000000ff36e2c0
Key: 00000000ff36e280 "yapp_web_ymh0rpgj" [17] (System.String)
Value: 00000000ff36db00 (System.Reflection.RuntimeAssembly)
CacheItem: 00000000ff36e878
Key: 00000000ff36e810 "document.aspx.ac17e5c6" [37] (System.String)
Value: 00000001af315bc0 (System.Web.Compilation.BuildResultCompiledTemplateType)
CacheItem: 00000000ff400fd0
Key: 00000000ff400f90 "yapp_web_lfsxrg55" [17] (System.String)
Value: 00000000ff400600 (System.Reflection.RuntimeAssembly)
...[생략]...
"Dump All Exceptions"라는 의미의 "dae" 명령어도 예외가 제법 발생하는 현업 응용 프로그램에서는 시스템의 성능을 파악하기에는 너무 많은 출력에 난감할 수 있습니다. 단지 좋은 것은 예외 타입 별로 발생 빈도 수를 함께 출력해 주는 정도!
0:074> !dae
1 exceptions: 0x000000010f618470
In Generation: 0 from .NET v4.0.30319.296
HResult: 0x80131904
Type: System.Data.SqlClient.SqlException
Message: ...[생략]...
Stack Trace:
...[생략]...
29 exceptions: 0x00000000ff4acd00 0x00000000ff54a8e8 0x000000010fffc9e8 0x000000011f47fe90 0x000000011f4c3db0 0x000000012f4043a8 0x000000012f43bba8 0x000000012f469418 0x000000012f484fd8 0x000000013f5dfa20 ...
In Generation: 0 from .NET v4.0.30319.296
HResult: 0x80131530
Type: System.Threading.ThreadAbortException
Message: 스레드가 중단되었습니다.
Stack Trace:
SP IP Function
000000001b6ee820 0000000000000000 System.Threading.Thread.AbortInternal()
000000001b6ee820 000007ff029341c9 System.Threading.Thread.Abort(System.Object)
000000001b6ee870 000007ff0293402d System.Web.HttpResponse.End()
000000001b6ee8c0 000007ff02933eba DevExpress.Web.ASPxClasses.Internal.HttpUtils.EndResponse()
기존에 있던 sos 명령어에 "2"만 붙인 것은 외우기도 쉬우니 한번 써볼만합니다.
0:074> !clrstack2
DbgId ThreadId Apartment Kind CLR GC Mode GC Suspending?
74 b398 MTA Background v4.0.30319.296 Preemptive no
Failed to evaluate rule SocketRule: Object reference not set to an instance of an object.
SP IP Function Source
000000001b91cf38 0000000000000000 NDirectMethodFrameStandalone
000000001b91cf00 000007ff02870992 DomainNeutralILStubClass.IL_STUB_PInvoke(IntPtr, Byte*, Int32, System.Net.Sockets.SocketFlags)
000000001b91cfe0 000007ff02872890 System.Net.Sockets.Socket.Receive(Byte[], Int32, Int32, System.Net.Sockets.SocketFlags, System.Net.Sockets.SocketError ByRef)
000000001b91d0b0 000007ff028725b4 System.Net.Sockets.Socket.Receive(Byte[], Int32, Int32, System.Net.Sockets.SocketFlags)
...[생략]...
000000001b91d3b0 000007ff00f205f8 System.Threading.ExecutionContext.runTryCode(System.Object)
000000001b91dad8 0000000000000000 HelperMethodFrame_PROTECTOBJ [System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)]
000000001b91dc00 000007ff00f1efe6 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
000000001b91dc60 000007ff00f1eebb System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
000000001b91dcb0 000007ff011264dd System.Threading.ThreadHelper.ThreadStart()
000000001b91e108 0000000000000000 GCFrame
000000001b91e4f0 0000000000000000 DebuggerU2MCatchHandlerFrame
000000001b91e6c8 0000000000000000 ContextTransitionFrame
"2"가 붙은 명령어 중에 sos.do에 대한 것도 있습니다.
0:074> !do2 00000001bf2fc148
0x00000001bf2fc148 TestApp.Timer
0000 _timer : 000000013f2e1ff0 (TestApp.Startup)
0008 _thread : 00000001bf2fc218 (System.Threading.Thread)
0010 _Packet : 00000001bf2fc180 (System.Collections.Generic.Dictionary<System.Int32,System.Int32>)
0018 _timeout : 60000 (System.Int32)
0020 _lastTick : 00000001bf2fc170 2018-07-30 오후 9:39:02 (System.DateTime)
sos.do에서는 DateTime 값을 알아내는 게 번거로웠는데,
windbg - 메모리 덤프로부터 DateTime 형식의 값을 알아내는 방법
; https://www.sysnet.pe.kr/2/0/11313
do2에서는 출력 결과에 DateTime을 풀어서 출력해 주므로 요긴하게 써먹을 수 있을 것 같습니다.
예전에 닷넷 모듈을 저장하는 방법을 python 스크립트를 이용해 설명하기도 했는데요,
windbg - 풀 덤프 파일로부터 .NET DLL을 추출/저장하는 방법
; https://www.sysnet.pe.kr/2/0/10943
windbg - 풀 덤프에 포함된 모든 닷넷 모듈을 파일로 저장하는 방법
; https://www.sysnet.pe.kr/2/0/11297
mex에 이를 위한 명령어가 있으니 활용하면 되겠습니다.
!mex.writemodule -a -p "destination path"
그런데 아쉽게도 닷넷 모듈에 대해서는 "
windbg - 풀 덤프 파일로부터 .NET DLL을 추출/저장하는 방법" 글에서 설명한 lm 명령어의 결과로 나오는 모듈만 저장하는 한계가 있습니다. 따라서 특별한 경우가 아니라면 결국 "
windbg - 풀 덤프에 포함된 모든 닷넷 모듈을 파일로 저장하는 방법" 글의 내용대로 pykd를 이용해 저장하는 것이 더 좋습니다.
SQL Connection 객체의 현황을 파악해 주는 명령어도 있습니다.
0:074> !sqlcn
Searching .NET Heap for SQL Pool Objects..
Pool Address Connections Active Connections Max Pool Size Min Pool Size Connection Info
================ =========== ================== ============= ============= =======================================================
000000010f328600 1 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB (more)
000000011f328178 1 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB (more)
000000013f428d10 2 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB2 (more)
000000018f333af0 1 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB (more)
00000001af2cf420 7 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB2 (more)
00000001bf32c910 1 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB2 (more)
00000001cf31a250 3 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB (more)
00000001cf393070 1 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB2 (more)
8 connection pools holding 17 connections
0 connections are active, where active means that Close() has not been called
서버 프로그램의 성능을 가장 크게 좌우하는 항목이다 보니 아마 제일 먼저 실행하고 싶은 명령어가 될 것입니다.
DebugDaig Analysis로 분석 시 호출 스택 별 스레드 모아주기 기능도 "unique stack"이라는 의미의 명령어로 제공하고 있습니다.
0:074> !us
1 thread [stats]: 0
000000007748f6fa ntdll!NtWaitForSingleObject+0xa
000007fefd6c10dc KERNELBASE!WaitForSingleObjectEx+0x79
000007fef9eb41bc w3wphost!AppHostInitialize+0x278
00000000ff273c60 w3wp!wmain+0x470
00000000ff2711f1 w3wp!PerfStopProvider+0x19b
000000007733f34d kernel32!BaseThreadInitThunk+0xd
0000000077472ca1 ntdll!RtlUserThreadStart+0x1d
4 threads [stats]: 22 23 24 25
000000007748f74a ntdll!NtRemoveIoCompletion+0xa
000007fefd6c162d KERNELBASE!GetQueuedCompletionStatus+0x39
000000007732bbd1 kernel32!GetQueuedCompletionStatusStub+0x11
000007fef3f752d3 iisfcgi!TRANSPORT::WorkerThread+0x2b
000000007733f34d kernel32!BaseThreadInitThunk+0xd
0000000077472ca1 ntdll!RtlUserThreadStart+0x1d
...[생략]...
프로세스의 다양한 정보와 명령행 인자를 확인하는 것도 가능합니다.
0:074> !mex.p
Name Ses PID PEB Mods Handle Thrd
======== === ============== ================ ==== ====== ====
w3wp.exe 0 6488 (0n25736) 000007fffffdb000 322 2755 126
CommandLine: c:\windows\system32\inetsrv\w3wp.exe -ap "AppPool_TestApp" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipmffbc8bd0-f622-4b2e-a64d-f27c02bca3c3 -h "C:\inetpub\temp\apppools\AppPool_TestApp.config" -w "" -m 0 -t 20
Last event: 6488.4da0: Break instruction exception - code 80000003 (first/second chance not available)
Show Threads: Unique Stacks !listthreads (!lt) ~*kv
부가적으로 환경 변수를 알고 싶을 땐 다음의 글을 참조하시고.
windbg - 덤프 파일로부터 PID와 환경 변수 등의 정보를 구하는 방법
; https://www.sysnet.pe.kr/2/0/11478
이외에도 다음과 같은 명령어가 있으니... 틈틈이 실행해 보시면 좋을 것입니다. ^^
0:074> !mex.help -all
Command Description Category Owner
=========================================== ======================================================================================================================================================== ============ ===========
addr Display information about an address Kernel mexfeedback
afd Afd Command Help Networking mexfeedback
aspnetcache (!aspnetcache) Display the ASP.NET Cache DotNet mexfeedback
aspxpagesext Like !aspxpages, but more powerful DotNet mexfeedback
atom Dumps user mode atom table Utility mexfeedback
backtrace (!bt) Displays the stack backtrace for the specified index into ntdll!RtlpStackTraceDatabase General mexfeedback
base64 (!b64) Displays or saves base64 data General mexfeedback
beep Beeps Utility mexfeedback
bin Displays binary information located at the given address Utility mexfeedback
bits2 (!b2) Executes a command with all possible values of a single bit flip Utility mexfeedback
bl Replaces the built in breakpoint list (bl) command with DML'd version Utility mexfeedback
bp Replaces the built in breakpoint (bp) command with a DML'd version Utility mexfeedback
cache (!c) Cache the output of a command to replay later Utility mexfeedback
chkall Shortcut for !chkimg against all modules Binaries mexfeedback
classtype (!ct) Tries to determine the C++ class type of a pointer General mexfeedback
clipboard2 Gets/Sets text on the clipboard, or enable/disable clipboard access Utility mexfeedback
clrstack2 (!ck2) Prints the stack trace of a managed thread DotNet mexfeedback
clusdisk Shows all the disk cluster is aware of for W2k3 - W28R2 General mexfeedback
codescope Prints all available code analysis checklists Decompile mexfeedback
commandline (!cl) Prints out the command line of a process General mexfeedback
comment Displays the comments for the dump Utility mexfeedback
computername (!cn) Computer Name Command Help Utility mexfeedback
conhost (!con) Displays console host (conhost.exe) info Process mexfeedback
context (!w) Prints out the current implicit process and thread context (e.g. where am I) General mexfeedback
cordll (!cordll) Displays available CLR versions DotNet mexfeedback
count Counts the number of lines returned by a command Utility mexfeedback
criticalsection (!cs) CS - Displays details for a critical section General mexfeedback
cut Filters output, removing unwanted areas Utility mexfeedback
da Displays an ANSI string Utility mexfeedback
dae (!DumpAllExceptions) Replacement for !dae DotNet mexfeedback
ddt Wrapper for dt that adds some DML Utility mexfeedback
decodeoplockstate (!dols) Decode an OpLockState to human readable values General mexfeedback
decompilemember Decompile and print psuedo-C# source code for the given [MemberName] Decompile mexfeedback
decompiletype Decompile and print psuedo-C# source code for the given [TypeName] Decompile mexfeedback
deferredready (!dfr) Shows the current deferredready threads Thread mexfeedback
delegaterefs (!drefs) Displays information about objects referenced by delegates DotNet mexfeedback
desktop (!desktops) Displays the desktops for the Windows Stations Kernel mexfeedback
deviceobject (!devo) Displays information about a device object Kernel mexfeedback
dhcp Displays information for the DHCP server process Networking mexfeedback
diffimg Compares the process' loaded module list with a scan of memory and displays any differences Binaries mexfeedback
displayobj (!do2) Display a managed object structure DotNet mexfeedback
dnsclient (!dnsc) Displays the DNS client cache, and includes many other features for the DNS Client service. Networking mexfeedback
dr Displays registers showing volatile registers highlighted with (*) General mexfeedback
driverobject (!drvo) Displays details about a driver object Kernel mexfeedback
dtpool (!dtp) Displays information about a pool allocation, if it is a known pooltag we will 1. Try to run the correct extension, or 2. Just dt the structure for you. Kernel mexfeedback
du Displays a Unicode string Utility mexfeedback
dumpaspnetsession Prints information on ASP.NET InProc Sessions DotNet mexfeedback
dumpdataset Dumps a list of all DataSet objects DotNet mexfeedback
dumpdotsourcedfiles Outputs any dot sourced Powershell files optionally with their accompanying script blocks PowerShell mexfeedback
dumpdynamicassemblies2 (!dda2) Like !DumpDynamicAssemblies, but better DotNet mexfeedback
dumphttpruntime2 Dumps the HttpRuntime objects on the heap DotNet mexfeedback
dumpinfo (!di) Display dump information Utility mexfeedback
dumppsvariables Outputs the Powershell Variables of the currently running script on the current thread PowerShell mexfeedback
dumpstackpscommands Outputs the commands, cmdlets, etc. found on the current thread including those referenced by other objects on the thread. PowerShell mexfeedback
dumpstackpsobjects Outputs the PSObjects found on the current thread including those referenced by other objects on the thread. PowerShell mexfeedback
dumpstackstrings (!dss) Displays all the strings on the stack Thread mexfeedback
dumptime Time Information Utility mexfeedback
dumpwcfmessage (!wcfmsg) Dumps information about a WCF buffered message DotNet mexfeedback
dumpwindowsurfaces (!dws) Dump window surfaces to a directory Kernel mexfeedback
eresource (!eres) Displays details for a nt!_ERESOURCE Kernel mexfeedback
evt Show detail for a nt!_KEVENT Kernel mexfeedback
exec Runs a series of commands. Use this instead of using semicolons Utility mexfeedback
executive Displays details on threads waiting on the executive Thread mexfeedback
fileobject (!fo) Displays information about a given file object Kernel mexfeedback
fileserver (!fs) Displays thread running the SRV.sys or SRV2.sys drivers, excluding threads waiting on inbound work General mexfeedback
finalizable (!finalizable) Displays information about finalizable objects in the GC Heap DotNet mexfeedback
fixthis Preface a broken command with this one to open an email and send it to the Mex team (e.g. !fixthis !otherMexCommandThatDidNotWork Mex mexfeedback
foreachcpu (!fec) Executes a command on each processor Kernel mexfeedback
foreachframe (!fef) An implementation of !for_each_frame that supports filtering and sets the context before executing Thread mexfeedback
foreachitem (!fei) Iterates through a list, executing a command for each item. Utility mexfeedback
foreachline (!fel) Runs a command against every line of data Utility mexfeedback
foreachmatchingstack (!fems) Run a command against identical stacks Thread mexfeedback
foreachmodule (!fem) An implementation of !for_each_module that supports filtering Binaries mexfeedback
foreachobject (!feo) Runs a command against each CLR object DotNet mexfeedback
foreachprocess (!fep) An implementation of !for_each_process that supports filtering and sets the context before executing Kernel mexfeedback
foreachthread (!fet) An implementation of .for_each_thread that works in user and kernel mode Thread mexfeedback
gatewait Shows threads with a state of GateWait Thread mexfeedback
gchandleinfo (!gchandle) Displays information on GC Handles DotNet mexfeedback
gcheapinfo (!gchi) Get info on the managed GC Heap DotNet mexfeedback
grep Search the output of a command for a specific string or pattern Utility mexfeedback
handlefind (!hf) Find handles for a given kernel object General mexfeedback)
head Displays the first X lines of a command's output Utility mexfeedback
help Help General mexfeedback
httpheaders Print the contents of an HttpHeaderCollection DotNet mexfeedback
if (!mif) Condition detection based on command output Utility mexfeedback
il Prints the IL for the specified method Decompile mexfeedback
ilspy Automatically extracts the module from the dump, and launches ILSpy DotNet mexfeedback
imports Displays the import table for a module Binaries mexfeedback
initialized (!init) Shows the current threads in the initialized state Thread mexfeedback
interpretrawstack (!irs) This command dumps the raw stack and interprets the values as symbols, and as unicode and ansi strings. It will also highlight start and end of frames General mexfeedback
ip Converts an address into an IP address format Networking mexfeedback
irpbyfilename (!ibfn) Dump any IRP containing the specified text in filename General mexfeedback
ldap Displays LDAP client or server details Process mexfeedback
listthreads (!lt) Displays a list of threads Thread mexfeedback
listticks (!lticks) Show tick counts for threads Kernel mexfeedback
loop Loops either forwards or backwards through a series of numbers with variable replacement Utility mexfeedback
managedthreads (!mthreads) A !threads look-alike, with !aspxpagexext-like output DotNet mexfeedback
mappeddrives (!mdrives) Displays mapped drives Process mexfeedback
messagequeue (!mq) Displays message queue Kernel mexfeedback
mheap A DML'd version of !heap. Process mexfeedback
mirp Displays IRP details (replaces !irp) Kernel mexfeedback
mirpfind Mex version of IRPFIND Kernel mexfeedback
mods Displays modules loaded in a process Binaries mexfeedback
more Runs a command in paged mode, asking for input every X lines Utility mexfeedback
mreg This is a DML'd version of !reg Kernel mexfeedback
mrmsg (!msg) Interprets a Windows message Utility mexfeedback
mup Displays info for the Multiple UNC Provider (MUP) Networking mexfeedback
ncsi Displays Network Connectivity Status Indicator (NCSI) configuration Networking mexfeedback
ndao Native Dump ALL Objects - Potentially very slow General mexfeedback
ndro Native Dump Register Objects General mexfeedback
ndso Native Dump Stack Objects Thread mexfeedback
net Net Command Help Networking mexfeedback
obj Displays details for a given kernel object (object manager) Kernel mexfeedback
objectsummary Outputs object analysis summary DotNet mexfeedback
obtrace Dumps the trace information for an object Kernel mexfeedback
oracleclientperfcounters Display System.Data.OracleClient performance counters DotNet mexfeedback
outline (!ol) Outlines the calls inside a given function Utility mexfeedback
p Displays process details Process mexfeedback
parsemem Walks a range of memory and counts unique byte sequences Kernel mexfeedback
phandles (!ph) Shows a list of currently open printer handles General mexfeedback
pingtrack Pingtrack command Networking mexfeedback
printdbcommand Prints information about a DBCommand object DotNet mexfeedback
printexception2 (!pe2) Like !PrintException, with DML DotNet mexfeedback
printmanifest Prints the assembly manifest for the specified module Decompile mexfeedback
printmembers Scans specified module and type [Module!TypeName] and prints all members Decompile mexfeedback
printtypes Scans specified [Module] and prints all types Decompile mexfeedback
psrunspace Outputs the runspaces in the process. PowerShell mexfeedback
psscriptblock Outputs the script blocks in the process. PowerShell mexfeedback
rasmans Displays the rasmans!ConnectionBlockList Networking mexfeedback
readfile Read a file from the filesystem and display the output in the debugger Utility mexfeedback
ready (!rdy) Shows the currently ready threads Thread mexfeedback
rollup (!ru) Takes an input value and rolls it up to the appropriate bucket (e.g. bytes to GB) Utility mexfeedback
runaway2 Runaway2.. Replacement for !runaway General mexfeedback
runcheck (!runchecks) runs the specified check(s) on the specified module(s) Decompile mexfeedback
runchecklist runs the specified checklist(s) on the specified module(s) Decompile mexfeedback
running (!cpu) (Kernel mode only) A brief overview of currently executing threads Thread mexfeedback
rxirps Displays the list of IRPs stored in rdbss!RxIrpsList Kernel mexfeedback
sccm SCCM SystemCenter mexfeedback
scom (!om) Utilities for SC Operations Manager. SystemCenter mexfeedback
scsm (!sm) Utilities for SC Service Manager SystemCenter mexfeedback
searchthreadstacks (!sts) Searches thread stacks for a value Thread mexfeedback
services (!service) Displays details about services. Requires access to the usermode address space of services.exe (userdump of services.exe or complete memory dump) General mexfeedback
settings Mex Settings Mex mexfeedback
sort Sort command Utility mexfeedback
spdisposecheck Executes the SharePoint Dispose and Do Not Dispose Checklist items Decompile mexfeedback
sqlclientperfcounters Display System.Data.SqlClient performance counters DotNet mexfeedback
sqlcmd Provides information about ADO.NET Commands to SQL Server DotNet mexfeedback
sqlcn Provides an overview of ADO.NET connections to SQL Server DotNet mexfeedback
sqlports (!sqlports) Gets the local and remote TCP ports from a SqlConnection object DotNet mexfeedback
srvnet Displays info on SRVNET Networking mexfeedback
standby (!sby) Shows the current standby threads Thread mexfeedback
staticfields Display static fields of a managed type DotNet mexfeedback
strings Prints out readable strings in an address range Utility mexfeedback
sum (!sum) Sums the output returned by a command Utility mexfeedback
suspended Displays details on suspended threads Thread mexfeedback
svcreg Dumps the passed in service/driver registry key General mexfeedback
svcthreads (!svcthreads) Find threads executing WCF services DotNet mexfeedback
t A new implementation of !thread for user & kernel mode Thread mexfeedback
tac Writes input to console, last line first. Utility mexfeedback
tag Searches kernel modules for a given pooltag Kernel mexfeedback
tail Displays the final X lines of a command's output Utility mexfeedback
tasklist (!tl) Displays information about running tasks (processes) Kernel mexfeedback
tasktriage (!tasks) Analyzes the System.Threading.Tasks.Task objects still on the heap. DotNet mexfeedback
tcpip (!tcp) TCP/IP - Gets TCP and UDP ports from Kernel Memory Networking mexfeedback
threadpool (!tp) Displays information regarding NTDLL thread pools Thread mexfeedback
threadreport (!trep) Displays a thread report. Thread mexfeedback
time Time how long a command takes to execute Utility mexfeedback
tr (!replace) Search and Replace. Translate a char/string into another char/string. Utility mexfeedback
transition (!trans) Shows the current threads in the transition state Thread mexfeedback
udescan (!manalyze) Scans dump for known issues and displays them in human-readable format. Utility mexfeedback
uniqlines (!ul) Prints each line of output and a count of how many times they appeared Utility mexfeedback
uniquestacks (!us) Like the built-in !uniqstacks except it associates thread IDs with the stack traces Thread mexfeedback
userrequest Displays details on threads with a wait reason of UserRequest Thread mexfeedback
vadmodules (!vadm) Lists the vads of a process. Kernel mexfeedback
ver Displays OS version info Utility mexfeedback
vss Vss Command Help Kernel mexfeedback
wcfperfcounters Dumps performance counters for WCF services DotNet mexfeedback
wcftcpconnectionpools (!wtcp) Display WCF Net.TCP connection pools DotNet mexfeedback
whocalls Scans all loaded managed modules and finds methods that call [MethodName] Decompile mexfeedback
whoimplements Scans all loaded managed modules and finds types that implement [InterfaceName] Decompile mexfeedback
whoinherits Scans all loaded managed modules and finds types that inherit [TypeName] Decompile mexfeedback
whonews Scans all loaded managed modules and finds methods that construct [TypeName] Decompile mexfeedback
whopins Scans managed modules and all finds methods that pin objects of a given [TypeName] or all types Decompile mexfeedback
window (!wnd) Displays windows for each desktop. You must be in the context of a given session to see that session's windows Kernel mexfeedback
windowstation (!winsta) Display details for windows station(s) Kernel mexfeedback
winnsi winnsi Command Help Networking mexfeedback
wq Displays executive work queue threads Kernel mexfeedback
wrcpuratecontrol Displays details on threads with a wait reason of WrCpuRateControl Thread mexfeedback
wrexecutive Displays details on threads waiting on the executive Thread mexfeedback
wrfastmutex Displays details on threads waiting for a Fast Mutex Thread mexfeedback
wrfreepage Displays details on threads with a wait reason of WrFreePage Thread mexfeedback
writefile Runs a command and writes the data to a file Utility mexfeedback
writemodule Writes a module to your temp directory Binaries mexfeedback
wrlpcreceive (!lpcs) Displays details on LPC/ALPC server threads Thread mexfeedback
wrresource Displays details on threads with a wait reason of WrResource Thread mexfeedback
x Wrapper for x that adds some DML General mexfeedback
xx (!x2) Replacement for !x General mexfeedback
[이 글에 대해서 여러분들과 의견을 공유하고 싶습니다. 틀리거나 미흡한 부분 또는 의문 사항이 있으시면 언제든 댓글 남겨주십시오.]