winedbg - Wine debugger

       The first version was written by Eric Youngdale.

       See Wine developers list for the rest of contributors.

winedbg is part of the Wine  distribution,  which  is  available  through  WineHQ,  the  Winedevelopmentheadquarters.

       Bugs can be reported on the Winebugtracker.

Defaultmode,andwhilereloadingaminidumpfile:
       Most of commands used in winedbg are similar to the ones from gdb. Please refer to the gdb documentations
       for some more details. See the gdbdifferences section later on to get a  list  of  variations  from  gdb
       commands.

       Misc.commandsabort  Aborts the debugger.

       quit   Exits the debugger.

       ProcesshandlingattachN
              Attach to a Wine process (N is its Windows ID, numeric or hexadecimal).  IDs can be obtained using
              the infoprocess command.  Note the infoprocess command returns hexadecimal values

       attachfile.mdmp
              Reload the state of a debuggee from the minidump file.mdmp.  See the minidump command to save such
              a file.

       detach Detach  the  current  Wine  process.  The  process  is no longer debugged by WineDbg, but is still
              running (for a live target).

       kill   Kills the current Wine process. The process  is  no  longer  debugged  by  WineDbg,  and  is  also
              terminated (for a live target).

       minidumpfile.mdmp
              Saves the debugging context of the debuggee into a minidump file called file.mdmp.

       run    Re-run  the  same process with the same arguments.  Note: all breakpoints of precedent process are
              no longer available.

       runarg1arg2...
              Re-run the same process with arguments arg1arg2....  Note: all breakpoints of  precedent  process
              are no longer available.

       threadN
              Change the current thread to N (its Windows TID, numeric or hexadecimal).

       Helpcommandshelp   Prints some help on the commands.

       helpinfo
              Prints some help on info commands

       Flowcontrolcommandscont   Continue execution until next breakpoint or exception.

       pass   Pass the exception event up to the filter chain.

       step   Continue execution until next C line of code (enters function call)

       next   Continue execution until next C line of code (doesn't enter function call)

       stepi  Execute next assembly instruction (enters function call)

       nexti  Execute next assembly instruction (doesn't enter function call)

       finish Execute until return of current function is reached.

       cont,  step,  next,  stepi,  nexti  can  be  postfixed  by a number (N), meaning that the command must be
       executed N times before control is returned to the user.

       Breakpoints,watchpointsenableN
              Enables (break|watch)-point NdisableN
              Disables (break|watch)-point NdeleteN
              Deletes (break|watch)-point NcondN Removes any existing condition to (break|watch)-point NcondNexpr
              Adds  condition  expr  to  (break|watch)-point  N.  expr  will  be   evaluated   each   time   the
              (break|watch)-point is hit. If the result is a zero value, the breakpoint isn't triggered.

       break*N
              Adds a breakpoint at address Nbreakid
              Adds a breakpoint at the address of symbol idbreakidN
              Adds a breakpoint at the line N inside symbol id.

       breakN
              Adds a breakpoint at line N of current source file.

       break  Adds a breakpoint at current $PC address.

       watch*N
              Adds a watch command (on write) at address N (on 4 bytes).

       watchid
              Adds a watch command (on write) at the address of symbol id. Size depends on size of id.

       rwatch*N
              Adds a watch command (on read) at address N (on 4 bytes).

       rwatchid
              Adds a watch command (on read) at the address of symbol id. Size depends on size of id.

       infobreak
              Lists all (break|watch)-points (with their state).

       You can use the symbol EntryPoint to stand for the entry point of the Dll.

       When  setting  a  (break|watch)-point  by  id,  if the symbol cannot be found (for example, the symbol is
       contained in a not yet loaded module), winedbg will recall the name of the symbol and will try to set the
       breakpoint each time a new module is loaded (until it succeeds).

       Stackmanipulationbt     Print calling stack of current thread.

       btN   Print calling stack of thread of ID N. Note: this doesn't change the position of the current frame
              as manipulated by the up & dn commands).

       up     Goes up one frame in current thread's stack

       upN   Goes up N frames in current thread's stack

       dn     Goes down one frame in current thread's stack

       dnN   Goes down N frames in current thread's stack

       frameN
              Sets N as the current frame for current thread's stack.

       infolocals
              Prints information on local variables for current function frame.

       Directory&sourcefilemanipulationshowdir
              Prints the list of dirs where source files are looked for.

       dirpathname
              Adds pathname to the list of dirs where to look for source files

       dir    Deletes the list of dirs where to look for source files

       symbolfilepathname
              Loads external symbol definition file pathnamesymbolfilepathnameN
              Loads external symbol definition file pathname (applying an offset of N to addresses)

       list   Lists 10 source lines forwards from current position.

       list- Lists 10 source lines backwards from current position

       listN Lists 10 source lines from line N in current file

       listpathname:N
              Lists 10 source lines from line N in file pathnamelistid
              Lists 10 source lines of function idlist*N
              Lists 10 source lines from address N

       You can specify the end target (to change the 10 lines value) using the ',' separator. For example:

       list123,234
              lists source lines from line 123 up to line 234 in current file

       listfoo.c:1,56
              lists source lines from line 1 up to 56 in file foo.c

       Displaying

       A display is an expression that's evaluated and printed after the execution of any winedbg command.

       displayinfodisplay
              Lists the active displays

       displayexpr
              Adds a display for expression exprdisplay/fmtexpr
              Adds a display for expression expr. Printing evaluated expr is done using the  given  format  (see
              printcommand for more on formats)

       deldisplayNundisplayN
              Deletes display NDisassemblydisas  Disassemble from current position

       disasexpr
              Disassemble from address exprdisasexpr,expr
              Disassembles code between addresses specified by the two expressions

       Memory(reading,writing,typing)xexpr Examines memory at address exprx/fmtexpr
              Examines memory at address expr using format fmtprintexpr
              Prints the value of expr (possibly using its type)

       print/fmtexpr
              Prints the value of expr (possibly using its type)

       setvar=expr
              Writes the value of expr in var variable

       whatisexpr
              Prints the C type of expression exprfmt    is either letter or countletter, where letter can be:

           s      an ASCII string

           u      a UTF16 Unicode string

           i      instructions (disassemble)

           x      32-bit unsigned hexadecimal integer

           d      32-bit signed decimal integer

           w      16-bit unsigned hexadecimal integer

           c      character (only printable 0x20-0x7f are actually printed)

           b      8-bit unsigned hexadecimal integer

           g      Win32 GUID

       Expressions

       Expressions in Wine Debugger are mostly written in a C form. However, there are a few discrepancies:

           Identifiers  can  take a '!' in their names. This allows mainly to specify a module where to look the
           ID from, e.g. USER32!CreateWindowExA.

           In a cast operation, when specifying a structure or a union, you must use the struct or union keyword
           (even if your program uses a typedef).

       When specifying an identifier, if several symbols with this name exist, the debugger will prompt for  the
       symbol you want to use. Pick up the one you want from its number.

       InformationonWineinternalsinfoclass
              Lists all Windows classes registered in Wine

       infoclassid
              Prints information on Windows class idinfoshare
              Lists  all  the  dynamic  libraries loaded in the debugged program (including .so files, NE and PE
              DLLs)

       infoshareN
              Prints information on module at address Ninforegs
              Prints the value of the CPU registers

       infoall-regs
              Prints the value of the CPU and Floating Point registers

       infosegment
              Lists all allocated segments (i386 only)

       infosegmentN
              Prints information on segment N (i386 only)

       infostack
              Prints the values on top of the stack

       infomap
              Lists all virtual mappings used by the debugged program

       infomapN
              Lists all virtual mappings used by the program of Windows pid Ninfownd
              Displays the window hierarchy starting from the desktop window

       infowndN
              Prints information of Window of handle Ninfoprocess
              Lists all w-processes in Wine session

       infothread
              Lists all w-threads in Wine session

       infoframe
              Lists the exception frames (starting from current stack frame). You can  also  pass,  as  optional
              argument, a thread id (instead of current thread) to examine its exception frames.

       Debug messages can be turned on and off as you are debugging using the set command, but only for channels
       initialized with the WINEDEBUG environment variable.

       setwarn+win
              Turns on warn on win channel

       set+win
              Turns on warn/fixme/err/trace on win channel

       set-win
              Turns off warn/fixme/err/trace on win channel

       setfixme-all
              Turns off fixme class on all channels

   Gdbmode:
       See the gdb documentation for all the gdb commands.

       However, a few Wine extensions are available, through the monitor command:

       monitorwnd
              Lists all windows in the Wine session

       monitorproc
              Lists all processes in the Wine session

       monitormem
              Displays memory mapping of debugged process

   Autoandminidumpmodes:
       Since no user input is possible, no commands are available.

winedbg is a debugger for Wine. It allows:

           - debugging native Win32 applications
           - debugging Winelib applications
           - being a drop-in replacement for Dr Watson

WINE_GDB
              When  used  in  gdb proxy mode, WINE_GDB specifies the name (and the path) of the executable to be
              used for gdb. "gdb" is used by default.

winedbg  can  be  used in five modes.  The first argument to the program determines the mode winedbg will
       run in.

       default
              Without any explicit mode, this is standard winedbg operating mode. winedbg will act as the  front
              end for the user.

       --gdbwinedbg  will  be  used  as  a  proxy for gdb. gdb will be the front end for command handling, and
              winedbg will proxy all debugging requests from gdb to the Win32 APIs.

       --auto This mode is used when winedbg is set up in  AeDebug  registry  entry  as  the  default  debugger.
              winedbg will then display basic information about a crash. This is useful for users who don't want
              to debug a crash, but rather gather relevant information about the crash to be sent to developers.

       --minidump
              This  mode  is  similar  to the --auto one, except that instead of printing the information on the
              screen (as --auto does), it's saved into a minidump file. The name of the file is either passed on
              the command line, or generated by WineDbg when none  is  given.   This  file  could  later  on  be
              reloaded into winedbg for further examination.

       file.mdmp
              In  this  mode  winedbg reloads the state of a debuggee which has been saved into a minidump file.
              See either the minidump command below, or the --minidumpmode.

       winedbg - Wine debugger

       When in default mode, the following options are available:

       --commandstringwinedbg will execute the command string as if it was keyed on winedbg command line, and then  will
              exit. This can be handy for getting the pid of running processes (winedbg --command "info proc").

       --execfilename
              Sets the executable name, without starting the executable.

       --filefilenamewinedbg  will  execute  the  list  of commands contained in file filename as if they were keyed on
              winedbg command line, and then will exit.

       When in gdb proxy mode, the following options are available:

       --no-start
              Don't launch gdb directly; instead, print the targetremote GDB command to execute and listen  for
              connection  from any GDB-compatible debugger.  Normally, --gdb will start both the proxy debugging
              server and an instance of gdb for the front end.  This option instructs winedbg to skip  launching
              of  gdb,  and  instead  prints the GDB command that can be used to manually connect to the server.
              This command is in the form

                     target remote localhost:<port>

              where <port> is the TCP port winedbg's proxy debugging server is bound to.

              This option allows the user to replace gdb with some other debugger front end, such as ddd,  kgdb,
              gdbgui, or Qt Creator.  Regardless of whether --no-start is specified, winedbg will quit after the
              first connection is hung up (e.g. gdb detaches from the debuggee).

       --portport
              Start  the GDB proxy debugging server on the given port.  If this option is not specified, winedbg
              will let the operating system choose any available port.  This option can be used  in  conjunction
              with --no-start to specify the port the server shall be bound to.

       --with-xterm
              This  will  run  the  gdb  front  end  in  a new xterm(1) window instead of using the current Unix
              terminal for its interface.  This option is ignored if --no-start is specified.

       In all modes, the rest of the command line, when passed, is used to identify which program, if any, is to
       be debugged:

       program_name
              This is the name of an executable to start for a debugging session.  winedbg will actually  create
              a  process  with  this  executable.  If  program_arguments  are  also  given, they will be used as
              arguments for creating the process to be debugged.

       wpidwinedbg will attach to the process whose Windows pid is wpid.  Use the infoproc  command  within
              winedbg to list running processes and their Windows pids.

       default
              If  nothing is specified, you will enter the debugger without any run nor attached process. You'll
              have to do the job yourself.

wine(1),
       Winedocumentationandsupport.

Wine 10.0                                         October 2005                                        WINEDBG(1)

winedbg [ options ] [ program_name [ program_arguments ] | wpid ]

       winedbg--gdb [ options ] [ program_name [ program_arguments ] | wpid ]

       winedbg--autowpidwinedbg--minidump [ file.mdmp ] wpidwinedbgfile.mdmp