| blob | 3568faecea696498dc420e5b139b0de9fd5a4693 |
7 <para>
10 </para>
11 <para>
13 </para>
15 <sect2>
18 <para>
19 Before going into the depths of debugging in Wine, here's
20 a small overview of process and thread handling in Wine.
21 It has to be clear that there are two different beasts:
22 processes/threads from the Unix point of view and
23 processes/threads from a Windows point of view.
24 </para>
25 <para>
26 Each Windows' thread is implemented as a Unix process (under
28 that all threads of a same Windows' process share the same
29 (unix) address space.
30 </para>
31 <para>
32 In the following:
33 </para>
34 <itemizedlist>
35 <listitem>
37 </listitem>
38 <listitem>
40 </listitem>
41 <listitem>
43 </listitem>
44 </itemizedlist>
45 <para>
52 </para>
53 <para>
54 Each Unix process can be identified by two values:
55 </para>
56 <itemizedlist>
57 <listitem>
59 </listitem>
60 <listitem>
62 </listitem>
63 </itemizedlist>
64 <para>
65 Each Windows' process has also a Windows' process id
68 different and shall not be used instead of the other.
69 </para>
70 <para>
72 defined (Windows) system wide. They must not be confused
73 with process or thread handles which, as any handle, is an
74 indirection to a system object (in this case process or
75 thread). A same process can have several different handles
76 on the same kernel object. The handles can be defined as
77 local (the values is only valid in a process), or system
78 wide (the same handle can be used by any
80 </para>
81 </sect2>
83 <sect2>
86 <para>
87 When talking of debugging in Wine, there are at least two
88 levels to think of:
89 </para>
90 <itemizedlist>
91 <listitem>
93 </listitem>
94 <listitem>
95 <para>the Wine integrated debugger, dubbed
97 </listitem>
98 </itemizedlist>
99 <para>
100 Wine implements most of the Windows' debugging API (the
103 (emulated or Winelib) using that API to debug a
105 </para>
106 <para>
108 use of this API to allow debugging both any Wine or Winelib
109 applications as well as Wine itself (kernel and all DLLs).
110 </para>
111 </sect2>
112 </sect1>
118 <sect2>
121 <para>
122 Any application (either a Windows' native executable, or a
123 Winelib application) can be run through
125 are the same as for wine:
126 </para>
127 <screen>
128 winedbg telnet.exe
129 winedbg "hl.exe -windowed"
130 </screen>
131 </sect2>
133 <sect2>
136 <para>
139 without any attached process. You can get a list of running
142 process</command> command, and then, with the
145 you want to debug. This is (for now) a neat feature for the
146 following reasons:
147 </para>
148 <itemizedlist>
149 <listitem>
151 </listitem>
152 </itemizedlist>
153 </sect2>
158 <para>
159 When something goes wrong, Windows tracks this as an
160 exception. Exceptions exist for segmentation violation,
161 stack overflow, division by zero...
162 </para>
163 <para>
165 debugged. If so, the exception event is sent to the
166 debugger, which takes care of it: end of the story. This
167 mechanism is part of the standard Windows' debugging API.
168 </para>
169 <para>
171 tries to launch a debugger. This debugger (normally
173 details), at startup, attaches to the
175 event. In this case, you are able to look at the causes of
176 the exception, and either fix the causes (and continue
177 further the execution) or dig deeper to understand what went
178 wrong.
179 </para>
180 <para>
183 are the two ways to let the process go further for the
184 handling of the exception event.
185 </para>
186 <para>
187 To be more precise on the way Wine (and Windows) generates
188 exception events, when a fault occurs (segmentation
189 violation, stack overflow...), the event is first sent to
190 the debugger (this is known as a first chance exception).
191 The debugger can give two answers:
192 </para>
194 <variablelist>
195 <varlistentry>
197 <listitem>
198 <para>
199 the debugger had the ability to correct what's
200 generated the exception, and is now able to continue
201 process execution.
202 </para>
203 </listitem>
204 </varlistentry>
205 <varlistentry>
207 <listitem>
208 <para>
209 the debugger couldn't correct the cause of the
210 first chance exception. Wine will now try to walk
211 the list of exception handlers to see if one of them
212 can handle the exception. If no exception handler is
213 found, the exception is sent once again to the
214 debugger to indicate the failure of the exception
215 handling.
216 </para>
217 </listitem>
218 </varlistentry>
219 </variablelist>
220 <note>
221 <para>
222 since some of Wine's code uses exceptions and
225 in such cases with segv exceptions. This happens, for
228 used, to let the handling of the exception to be done by
231 </para>
232 </note>
233 </sect2>
238 <para>
239 You can stop the debugger while it's running by hitting
240 Ctrl-C in its window. This will stop the debugged process,
241 and let you manipulate the current context
242 </para>
243 </sect2>
245 <sect2>
248 <para>
249 Wine supports the new XP APIs, allowing for a debugger to
250 detach from a program being debugged (see
252 debugger cannot, for now, neither clear its internal
253 information, nor restart a new process, the debugger, after
254 detaching itself, cannot do much except being quited.
255 </para>
256 </sect2>
257 </sect1>
263 <para>
265 additions welcome.
266 </para>
267 <para>
269 </para>
271 <para>
272 This file describes where to start debugging Wine. If at any
273 point you get stuck and want to ask for help, please read the
276 useful bug reports.
277 </para>
279 <sect2>
282 <para>
283 These usually show up like this:
284 </para>
285 <screen>
286 |Unexpected Windows program segfault - opcode = 8b
287 |Segmentation fault in Windows program 1b7:c41.
288 |Loading symbols from ELF file /root/wine/wine...
289 |....more Loading symbols from ...
290 |In 16 bit mode.
291 |Register dump:
295 |Stack dump:
300 |
302 |Backtrace:
309 |
311 </screen>
312 <para>
313 Steps to debug a crash. You may stop at any step, but please
314 report the bug and provide as much of the information
315 gathered to the bug report as feasible.
316 </para>
318 <orderedlist>
319 <listitem>
320 <para>
321 Get the reason for the crash. This is usually an access to
322 an invalid selector, an access to an out of range address
323 in a valid selector, popping a segmentregister from the
324 stack or the like. When reporting a crash, report this
326 make sense to you.
327 </para>
328 <para>
329 (In this case it is access to an invalid selector, for
331 seen in the register dump).
332 </para>
333 </listitem>
334 <listitem>
335 <para>
336 Determine the cause of the crash. Since this is usually
337 a primary/secondary reaction to a failed or misbehaving
338 Wine function, rerun Wine with <parameter>-debugmsg
339 +relay</parameter> added to the commandline. This will
340 generate quite a lot of output, but usually the reason is
341 located in the last call(s). Those lines usually look like
342 this:
343 </para>
344 <screen>
346 ^^^^^^^^^ ^ ^^^^^^^^^ ^^^^^^ ^^^^^^^^^ ^^^^
347 | | | | | |Datasegment
348 | | | | |Return address
349 | | | |textual parameter
350 | | |
351 | | |Argument(s). This one is a win16 segmented pointer.
352 | |Function called.
353 |The module, the function is called in. In this case it is KERNEL.
356 ^^^^^^
358 </screen>
359 </listitem>
360 <listitem>
361 <para>
362 If you have found a misbehaving function, try to find out
363 why it misbehaves. Find the function in the source code.
364 Try to make sense of the arguments passed. Usually there is
366 at the beginning of the file. Rerun wine with
368 commandline.
369 </para>
370 <para>
371 Occasionally there are additional debug channels defined at the
372 begining of the file in the form.
374 If so the offending fuction may also uses one of these alternate
375 channels. Look through the the function for
377 additional channels to the commandline.
378 </para>
379 </listitem>
380 <listitem>
381 <para>
382 Additional information on how to debug using the internal
383 debugger can be found in
385 </para>
386 </listitem>
387 <listitem>
388 <para>
389 If this information isn't clear enough or if you want to
390 know more about what's happening in the function itself,
391 try running wine with <parameter>-debugmsg
392 +all</parameter>, which dumps ALL included debug
393 information in wine.
394 </para>
395 </listitem>
396 <listitem>
397 <para>
398 If even that isn't enough, add more debug output for yourself
399 into the functions you find relevant. See The section on Debug
400 Logging in this guide for more information. You might
402 instead of using the Wine debugger. If you do that, use
404 disable the handling of seg faults inside
406 </para>
407 </listitem>
408 <listitem>
409 <para>
410 You can also set a breakpoint for that function. Start wine
414 (replace by function you want to debug, CASE IS RELEVANT)
415 to set a breakpoint. Then
417 program-execution. Wine will stop if it reaches the
418 breakpoint. If the program isn't yet at the crashing call
420 until you are about to enter that function. You may now
421 proceed with single-stepping the function until you reach
422 the point of crash. Use the other debugger commands to
423 print registers and the like.
424 </para>
425 </listitem>
426 </orderedlist>
427 </sect2>
429 <sect2>
432 <para>
435 winedbg terminal and press
437 will stop the program and let you debug the program as you would for
438 a crash.
439 </para>
440 </sect2>
442 <sect2>
445 <para>
446 Sometimes programs are reporting failure using more or
447 less nondescript messageboxes. We can debug this using the
448 same method as Crashes, but there is one problem... For
449 setting up a message box the program also calls Wine
450 producing huge chunks of debug code.
451 </para>
452 <para>
453 Since the failure happens usually directly before setting up
454 the Messagebox you can start winedbg and set a
456 and win32 programs) and proceed with
458 +all</parameter> Wine will now stop directly before setting
459 up the Messagebox. Proceed as explained above.
460 </para>
461 <para>
462 You can also run wine using <command>wine -debugmsg +relay
465 </para>
466 </sect2>
468 <sect2>
471 <para>
472 You may also try to disassemble the offending program to
473 check for undocumented features and/or use of them.
474 </para>
475 <para>
476 The best, freely available, disassembler for Win16 programs is
481 </para>
482 <para>
483 Disassembling win32 programs is possible using
487 and mirrors. The shareware version does not allow saving of
488 disassembly listings. You can also use the newer (and in the
489 full version better) <application>Interactive
490 Disassembler</application> (IDA) from the ftp sites mentioned
491 at the end of the document. Understanding disassembled code is
492 mostly a question of exercise.
493 </para>
494 <para>
495 Most code out there uses standard C function entries (for it
496 is usually written in C). Win16 function entries usually
497 look like that:
498 </para>
499 <programlisting>
500 push bp
501 mov bp, sp
502 ... function code ..
503 retf XXXX <--------- XXXX is number of bytes of arguments
504 </programlisting>
505 <para>
507 storage. The arguments usually start at
511 functions use the PASCAL calling convention. So, if we use
516 </para>
517 <para>
518 Most functions make also use of local storage in the stackframe:
519 </para>
520 <programlisting>
522 ... function code ...
523 leave
524 retf XXXX
525 </programlisting>
526 <para>
527 This does mostly the same as above, but also adds
530 function, arguments are pushed on the stack using something
531 like this:
532 </para>
533 <programlisting>
536 call KERNEL.LSTRLEN
537 </programlisting>
538 <para>
539 Here first the selector and then the offset to the passed
540 string are pushed.
541 </para>
542 </sect2>
544 <sect2>
547 <para>
549 messagebox:
550 </para>
551 <screen>
552 |marcus@jet $ wine winword.exe
553 | +---------------------------------------------+
554 | | ! You must leave Windows and load SHARE.EXE|
555 | | before starting Word. |
556 | +---------------------------------------------+
557 </screen>
558 <screen>
559 |marcus@jet $ wine winword.exe -debugmsg +relay -debug
567 |Loading symbols: /home/marcus/wine/wine...
569 |In 16 bit mode.
576 |... <----- Much debugoutput
578 ^^^^^^ Drive 0 (A:)
580 ^^^^^^ DRIVE_REMOVEABLE
581 (It is a floppy diskdrive.)
584 ^^^^^^ Drive 1 (B:)
586 ^^^^^^ DRIVE_CANNOTDETERMINE
587 (I don't have drive B: assigned)
590 ^^^^^^^ Drive 2 (C:)
592 ^^^^^^ DRIVE_FIXED
593 (specified as a harddisk)
596 ^^^^^^ ^^^^^ ^^^^^^^^^
597 | | |buffer for fname
598 | |temporary name ~docXXXX.tmp
599 |Force use of Drive C:.
601 |Warning: GetTempFileName returns 'C:~doc9281.tmp', which doesn't seem to be writeable.
602 |Please check your configuration file if this generates a failure.
603 </screen>
604 <para>
605 Whoops, it even detects that something is wrong!
606 </para>
607 <screen>
609 ^^^^^^ Temporary storage ID
612 ^^^^^^^^^^^^^^^^ ^^^^^^^^^ ^^^^^^^
613 |filename |OFSTRUCT |open mode:
615 OF_CREATE|OF_SHARE_EXCLUSIVE|OF_READWRITE
616 </screen>
617 <para>
619 this case mounted readonly.
620 </para>
621 <screen>
623 ^^^^^^ HFILE_ERROR16, yes, it failed.
625 |Call USER.1: MESSAGEBOX(0x0000,0x09278376"Sie mussen Windows verlassen und SHARE.EXE laden bevor Sie Word starten.",0x00000000,0x1030) ret=060f:084f ds=0927
626 </screen>
627 <para>
628 And MessageBox'ed.
629 </para>
630 <screen>
633 In 32 bit mode.
634 Wine-dbg>
635 </screen>
636 <para>
637 The code seems to find a writeable harddisk and tries to create
638 a file there. To work around this bug, you can define
640 by the code above.
641 </para>
642 </sect2>
644 <sect2>
647 <para>
648 Here are some useful debugging tips, added by Andreas Mohr:
649 </para>
651 <itemizedlist>
652 <listitem>
653 <para>
654 If you have a program crashing at such an early loader phase that you can't
655 use the Wine debugger normally, but Wine already executes the program's
656 start code, then you may use a special trick. You should do a
657 <programlisting>
658 wine --debugmsg +relay program
659 </programlisting>
660 to get a listing of the functions the program calls in its start function.
661 Now you do a
662 <programlisting>
663 winedbg winfile.exe
664 </programlisting>
665 </para>
666 <para>
668 can set a breakpoint on any function the program calls in
670 to bypass the eventual calls of Winfile to this function
671 until you are finally at the place where this function gets
672 called by the crashing start function. Now you can proceed
673 with your debugging as usual.
674 </para>
675 </listitem>
676 <listitem>
677 <para>
678 If you try to run a program and it quits after showing an error messagebox,
679 the problem can usually be identified in the return value of one of the
681 That's why you should re-run the program with e.g.
682 <programlisting>
684 </programlisting>
686 last occurrence of a call to the string "MESSAGEBOX". This is a line like
687 <programlisting>
688 Call USER.1: MESSAGEBOX(0x0000,0x01ff1246 "Runtime error 219 at 0004:1056.",0x00000000,0x1010) ret=01f7:2160 ds=01ff
689 </programlisting>
690 In my example the lines before the call to
692 <programlisting>
711 Call USER.1: MESSAGEBOX(0x0000,0x01ff1246 "Runtime error 219 at 0004:1056.",0x00000000,0x1010) ret=01f7:2160 ds=01ff
712 </programlisting>
713 </para>
714 <para>
717 wrong result value of some previously executed function
718 (it's happening quite often like that), but instead the
719 messagebox complains about a runtime error at
721 </para>
722 <para>
723 As the segment value of the address is only
725 program value. But the offset address reveals something
729 <programlisting>
731 ^^^^
732 </programlisting>
733 </para>
734 <para>
738 ftp://ftp.uni-koeln.de/pc/msdos/programming/assembler/ida35bx.zip</ulink>) to
739 disassemble the part that caused the error. We just have to find the address of
741 runtime error occurred. But be careful! In some cases you don't have to
742 disassemble the main program, but instead some DLL called by it in order to find
743 the correct place where the runtime error occurred. That can be determined by
745 </para>
746 </listitem>
747 <listitem>
748 <para>
749 If you have created a relay file of some crashing
750 program and want to set a breakpoint at a certain
751 location which is not yet available as the program loads
752 the breakpoint's segment during execution, you may set a
754 those functions are called very often.
755 </para>
756 <para>
758 set this breakpoint without error message.
759 </para>
760 </listitem>
761 <listitem>
762 <para>
763 Some useful programs:
764 </para>
765 <variablelist>
766 <varlistentry>
767 <term>
769 <filename>
771 ftp://ftp.uni-koeln.de/pc/msdos/programming/assembler/ida35bx.zip</ulink>
772 </filename>
773 </term>
774 <listitem>
775 <para>
777 for debugging Wine sometimes.
778 </para>
779 </listitem>
780 </varlistentry>
781 <varlistentry>
782 <term>
784 <filename>
786 ftp://ftp.th-darmstadt.de/pub/machines/ms-dos/SimTel/msdos/asmutil/xray15.zip</ulink>
787 </filename>
788 </term>
789 <listitem>
790 <para>
791 Traces DOS calls (Int 21h, DPMI, ...). Use it with
792 Windows to correct file management problems etc.
793 </para>
794 </listitem>
795 </varlistentry>
796 <varlistentry>
797 <term>
799 <filename>
801 http://oak.oakland.edu/pub/simtelnet/win95/prog/pedump.zip</ulink>
802 </filename>
803 </term>
804 <listitem>
805 <para>
806 Dumps the imports and exports of a PE (Portable
807 Executable) DLL.
808 </para>
809 </listitem>
810 </varlistentry>
811 <varlistentry>
812 <term>
814 </term>
815 <listitem>
816 <para>
817 Dumps the imports and exports of a PE (Portable
818 Executable) DLL (included in wine tree).
819 </para>
820 </listitem>
821 </varlistentry>
822 </variablelist>
823 </listitem>
824 </itemizedlist>
825 </sect2>
827 <sect2>
830 <para>
831 After starting your program with
832 </para>
833 <screen>
834 wine -debug myprog.exe
835 </screen>
836 <para>
837 the program loads and you get a prompt at the program
838 starting point. Then you can set breakpoints:
839 </para>
840 <screen>
841 b RoutineName (by outine name) OR
842 b *0x812575 (by address)
843 </screen>
844 <para>
846 program. It stops at the breakpoint. You can type
847 </para>
848 <screen>
849 step (to step one line) OR
850 stepi (to step one machine instruction at a time;
851 here, it helps to know the basic 386
852 instruction set)
853 info reg (to see registers)
854 info stack (to see hex values in the stack)
855 info local (to see local variables)
858 is not compiled with optimization)
859 x 0x4269978 (to examine a memory location)
860 ? (help)
861 q (quit)
862 </screen>
863 <para>
865 command.
866 </para>
867 </sect2>
868 </sect1>
873 <para>
875 </para>
876 <para>
877 Wine uses several different kinds of memory addresses.
878 </para>
879 <variablelist>
880 <varlistentry>
881 <term>
882 Win32/"normal" Wine addresses/Linux: linear addresses.
883 </term>
884 <listitem>
885 <para>
886 Linear addresses can be everything from 0x0 up to
887 0xffffffff. In Wine on Linux they are often around
889 address), 0x40000000. Every Win32 process has its own
891 0xffffffff).
892 </para>
893 </listitem>
894 </varlistentry>
895 <varlistentry>
896 <term>
897 Win16 "enhanced mode": segmented addresses.
898 </term>
899 <listitem>
900 <para>
901 These are the "normal" Win16 addresses, called SEGPTR.
903 The segment part usually is a "selector", which *always*
904 has the lowest 3 bits set. Some sample selectors are
906 the lowest bit, as e.g. with 0x1f6,xi then it might be a
907 handle to global memory. Just set the lowest bit to get
908 the selector in these cases. A selector kind of
909 "points" to a certain linear (see above) base address.
910 It has more or less three important attributes: segment
911 base address, segment limit, segment access rights.
912 </para>
913 <para>
914 Example:
915 </para>
916 <para>
918 has a base address of 0x40320000, the segment's last
921 the linear address of 0x40322300.
922 </para>
923 </listitem>
924 </varlistentry>
925 <varlistentry>
926 <term>
927 DOS/Win16 "standard mode"
928 </term>
929 <listitem>
930 <para>
931 They, too, have a segment:offset notation. But they are
932 completely different from "normal" Win16 addresses, as
933 they just represent at most 1MB of memory: The segment
935 with the offset part.
936 </para>
937 <para>
938 Now the strange thing is the calculation that's behind
939 these addresses: Just calculate segment*16 + offset in
940 order to get a "linear DOS" address. So
944 has to be added to the linear base address of the
945 corresponding DOS memory allocated for dosmod in order
946 to get the true linear address of a DOS seg:offs
947 address. And make sure that you're doing this in the
948 correct process with the correct linear address space,
949 of course ;-)
950 </para>
951 </listitem>
952 </varlistentry>
953 </variablelist>
954 </sect1>
959 <sect2>
962 <para>
963 The Windows' debugging API uses a registry entry to know
964 which debugger to invoke when an unhandled exception occurs
967 values in key
968 </para>
969 <programlisting>
970 "MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AeDebug"
971 </programlisting>
972 <para>
973 Determine the behavior:
974 </para>
975 <variablelist>
976 <varlistentry>
978 <listitem>
979 <para>
980 this is the command line used to launch the debugger
983 information to the debugger). You should put here a
984 complete path to your debugger
986 any other Windows' debugging API aware debugger will
987 do).
988 The path to the debugger you chose to use must be reachable
989 via a DOS drive in the Wine config file !
990 </para>
991 </listitem>
992 </varlistentry>
993 <varlistentry>
995 <listitem>
996 <para>
997 if this value is zero, a message box will ask the
998 user if he/she wishes to launch the debugger when an
999 unhandled exception occurs. Otherwise, the debugger
1000 is automatically started.
1001 </para>
1002 </listitem>
1003 </varlistentry>
1004 </variablelist>
1006 <para>
1007 A regular Wine registry looks like:
1008 </para>
1009 <programlisting>
1010 [MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AeDebug] 957636538
1013 </programlisting>
1015 <note>
1017 <para>
1018 creating this key is mandatory. Not doing so will not
1019 fire the debugger when an exception occurs.
1020 </para>
1021 </note>
1022 <note>
1024 <para>
1026 sets up this correctly.
1027 However, due to some limitation of the registry installed,
1028 if a previous Wine installation exists, it's safer to
1029 remove the whole
1030 </para>
1031 <programlisting>
1032 [MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AeDebug]
1033 </programlisting>
1034 <para>
1036 regenerate this key.
1037 </para>
1038 </note>
1039 </sect2>
1041 <sect2>
1044 <para>
1046 of options. Those options are stored in the registry, on a
1048 </para>
1049 <programlisting>
1050 [eric\\Software\\Wine\\WineDbg]
1051 </programlisting>
1052 <para>
1053 Those options can be read/written while inside
1055 expressions. To refer to one of these options, its name must
1057 </para>
1058 <programlisting>
1059 set $BreakAllThreadsStartup = 1
1060 </programlisting>
1061 <para>
1064 </para>
1065 <para>
1066 All the options are read from the registry when
1068 is found, a default value is used), and are written back to
1070 all modifications to those options are automatically saved
1072 </para>
1073 <para>
1074 Here's the list of all options:
1075 </para>
1077 <sect3>
1080 <variablelist>
1081 <varlistentry>
1083 <listitem>
1084 <para>
1086 start-up the debugger stops set to
1088 startup of a given process the debugger stops.
1090 </para>
1091 </listitem>
1092 </varlistentry>
1093 <varlistentry>
1095 <listitem>
1096 <para>
1098 when a critical section times out (5 minutes);
1100 </para>
1101 </listitem>
1102 </varlistentry>
1103 <varlistentry>
1105 <listitem>
1106 <para>
1109 process after an unhandled exception,
1111 first attach event. Since the attach event is
1112 meaningless in the context of an exception event
1113 (the next event which is the exception event is of
1114 course relevant), that option is likely to be
1116 </para>
1117 </listitem>
1118 </varlistentry>
1119 <varlistentry>
1121 <listitem>
1122 <para>
1123 An exception can generate two debug events. The
1124 first one is passed to the debugger (known as a
1125 first chance) just after the exception. The debugger
1126 can then decides either to resume execution (see
1128 command) or pass the exception up to the exception
1129 handler chain in the program (if it exists)
1132 exception handlers takes care of the exception, the
1133 exception event is sent again to the debugger (known
1134 as last chance exception). You cannot pass on a last
1135 exception. When the
1138 both first and last chance execptions (to
1140 chance exceptions).
1141 </para>
1142 </listitem>
1143 </varlistentry>
1144 <varlistentry>
1146 <listitem>
1147 <para>
1149 when a DLL is loaded into memory; when the debugger
1150 is invoked after a crash, the DLLs already mapped in
1151 memory will not trigger this break.
1153 </para>
1154 </listitem>
1155 </varlistentry>
1156 </variablelist>
1157 </sect3>
1159 <sect3>
1162 <variablelist>
1163 <varlistentry>
1165 <listitem>
1166 <para>
1167 Mask of active debugger output channels on console
1168 </para>
1169 </listitem>
1170 </varlistentry>
1171 <varlistentry>
1173 <listitem>
1174 <para>
1176 </para>
1177 </listitem>
1178 </varlistentry>
1179 </variablelist>
1181 <para>
1182 Those last 2 variables are jointly used in two generic ways:
1183 </para>
1185 <orderedlist>
1186 <listitem>
1188 <programlisting>
1189 ConChannelMask = DBG_CHN_MESG (1)
1190 StdChannelMask = 0
1191 </programlisting>
1192 <para>
1193 In this case, all input/output goes into the
1194 debugger's console (either the standard unix console
1195 if winedbg is started from the command line, or a
1196 specific windowed-console if the debugger is started
1197 upon an exception in a running program. All debug
1200 wine is run from).
1201 </para>
1202 </listitem>
1203 <listitem>
1204 <para>
1205 To have all input/output go into the tty where Wine
1206 was started from (to be used in a X11-free
1207 environment)
1208 </para>
1209 <screen>
1210 ConChannelMask = 0
1211 StdChannelMask = DBG_CHN_MESG (1)
1212 </screen>
1213 </listitem>
1214 </orderedlist>
1215 </sect3>
1217 <sect3>
1220 <variablelist>
1221 <varlistentry>
1223 <listitem>
1225 examined by the debugger</para>
1226 </listitem>
1227 </varlistentry>
1228 <varlistentry>
1230 <listitem>
1232 examined by the debugger</para>
1233 </listitem>
1234 </varlistentry>
1235 <varlistentry>
1237 <listitem>
1239 </listitem>
1240 </varlistentry>
1241 </variablelist>
1243 <para>
1246 conditional breakpoints on a given thread or process.
1247 </para>
1248 </sect3>
1249 </sect2>
1250 </sect1>
1256 <sect2>
1259 <screen>
1260 abort aborts the debugger
1261 quit exits the debugger
1263 attach N attach to a W-process (N is its ID). IDs can be
1264 obtained using the walk process command
1265 detach detach from a W-process. WineDbg will exit (this may
1266 be changed later on)
1267 </screen>
1268 <screen>
1269 help prints some help on the commands
1270 help info prints some help on info commands
1271 </screen>
1272 <screen>
1275 </screen>
1276 </sect2>
1278 <sect2>
1281 <screen>
1282 cont continue execution until next breakpoint or exception.
1283 pass pass the exception event up to the filter chain.
1284 step continue execution until next C line of code (enters
1285 function call)
1286 next continue execution until next C line of code (doesn't
1287 enter function call)
1288 stepi execute next assembly instruction (enters function
1289 call)
1290 nexti execute next assembly instruction (doesn't enter
1291 function call)
1292 finish do nexti commands until current function is exited
1293 </screen>
1294 <para>
1295 cont, step, next, stepi, nexti can be postfixed by a
1296 number (N), meaning that the command must be executed N
1297 times.
1298 </para>
1299 </sect2>
1301 <sect2>
1304 <screen>
1305 enable N enables (break|watch)point #N
1306 disable N disables (break|watch)point #N
1307 delete N deletes (break|watch)point #N
1308 cond N removes any a existing condition to (break|watch)point N
1310 will be evaluated each time the breakpoint is hit. If
1311 the result is a zero value, the breakpoint isn't
1312 triggered
1313 break * N adds a breakpoint at address N
1316 break N adds a breakpoint at line N of current source file
1317 break adds a breakpoint at current $pc address
1318 watch * N adds a watch command (on write) at address N (on 4 bytes)
1321 info break lists all (break|watch)points (with state)
1322 </screen>
1323 <para>
1326 Pick up the one you want from its number.
1327 </para>
1328 <para>
1330 MYDLL.DLL.myFunc for function myFunc of
1332 </para>
1333 <para>
1335 the entry point of the Dll.
1336 </para>
1337 <para>
1338 When setting a break/watch-point by <id>, if the symbol cannot be found (for example, the symbol is contained in a not yet loaded module), winedbg will
1339 recall the name of the symbol and will try to set the breakpoint each time a new module is loaded (until it succeeds).
1340 </para>
1341 </sect2>
1343 <sect2>
1346 <screen>
1347 bt print calling stack of current thread
1348 bt N print calling stack of thread of ID N (note: this
1349 doesn't change the position of the current frame as
1350 manipulated by the up & dn commands)
1351 up goes up one frame in current thread's stack
1352 up N goes up N frames in current thread's stack
1353 dn goes down one frame in current thread's stack
1354 dn N goes down N frames in current thread's stack
1355 frame N set N as the current frame for current thread's stack
1356 info local prints information on local variables for current
1357 function
1358 </screen>
1359 </sect2>
1361 <sect2>
1364 <screen>
1365 show dir
1367 dir
1370 (applying an offset of N to addresses)
1371 </screen>
1372 <screen>
1373 list lists 10 source lines from current position
1374 list - lists 10 source lines before current position
1375 list N lists 10 source lines from line N in current file
1378 list * N lists 10 source lines from address N
1379 </screen>
1380 <para>
1381 You can specify the end target (to change the 10 lines
1382 value) using the ','. For example:
1383 </para>
1384 <screen>
1386 current file
1388 </screen>
1389 </sect2>
1391 <sect2>
1394 <para>
1395 A display is an expression that's evaluated and printed
1397 command.
1398 </para>
1399 <screen>
1400 display lists the active displays
1401 info display (same as above command)
1405 print command for more on formats)
1406 del display N deletes display #N
1407 undisplay N (same as del display)
1408 </screen>
1409 </sect2>
1411 <sect2>
1414 <screen>
1415 disas disassemble from current position
1419 </screen>
1420 </sect2>
1422 <sect2>
1425 <screen>
1427 walk class lists all Windows' class registered in Wine
1428 info share lists all the dynamic libraries loaded the debugged
1429 program (including .so files, NE and PE DLLs)
1431 walk module lists all modules loaded by debugged program
1432 info regs prints the value of CPU register
1434 info segment lists all allocated segments
1435 info stack prints the values on top of the stack
1436 walk map lists all virtual mappings used by the debugged
1437 program
1440 walk wnd lists all the window hierarchy starting from the
1441 desktop window
1444 walk process lists all w-processes in Wine session
1445 walk thread lists all w-threads in Wine session
1446 walk exception lists the exception frames (starting from current
1447 stack frame)
1448 </screen>
1449 </sect2>
1451 <sect2>
1454 <screen>
1459 type)
1462 </screen>
1463 <para>
1466 </para>
1467 <screen>
1468 s => an ASCII string
1469 u => an Unicode UTF16 string
1470 i => instructions (disassemble)
1476 g => GUID
1477 </screen>
1478 </sect2>
1480 <sect2>
1483 <para>
1484 Expressions in Wine Debugger are mostly written in a C form. However, there
1485 are a few discrepancies:
1486 <itemizedlist>
1487 <listitem>
1488 <para>
1489 Identifiers can take a '.' in their names. This allow
1490 mainly to access symbols from different DLLs like
1492 </para>
1493 </listitem>
1494 <listitem>
1495 <para>
1496 The debugger will try to distinguish this writing with structure operations.
1497 Therefore, you can only use the previous writing in operations manipulating
1498 symbols ({break|watch}points, type information command...).
1499 </para>
1500 </listitem>
1501 </itemizedlist>
1502 </para>
1503 </sect2>
1504 <sect2>
1506 <para>
1507 It is possible to turn on and off debug messages as you are debuging using
1508 the set command.
1509 </para>
1510 <screen>
1511 set + warn win => turn on warn on 'win' channel
1512 set + win => turn on warn/fixme/err/trace on 'win' channel
1513 set - win => turn off warn/fixme/err/trace on 'win' channel
1514 set - fixme => turn off the 'fixme' class
1515 </screen>
1516 </sect2>
1518 </sect1>
1523 <sect2>
1526 <para>
1527 WineDbg can act as a remote monitor for GDB. This allows to
1528 use all the power of GDB, but while debugging wine and/or
1529 any Win32 application. To enable this mode, just add
1531 end up on a GDB prompt. You'll have to use the GDB commands
1532 (not the wine nes).
1533 </para>
1535 <para>
1536 However, some limitation in GDB while debugging wine (see
1537 below) don't ppear in this mode:
1538 <itemizedlist>
1539 <listitem>
1540 <para>
1541 GDB will correctly present Win32 thread
1542 information and breakpoint behavior
1543 </para>
1544 </listitem>
1545 <listitem>
1546 <para>
1547 Moreover, it also provides support for the Dwarf II
1548 debug format (which became the default format (instead
1549 of stabs) in gcc 3.1).
1550 </para>
1551 </listitem>
1552 </itemizedlist>
1553 </para>
1555 <para>
1556 A few wine extensions available through the monitor command.
1557 <screen>
1558 monitor wnd lists all window in the Wine session
1559 monitor proc lists all processes in the Wine session
1560 monitor mem displays memory mapping of debugged process
1561 (doesn't work)
1562 </screen>
1563 </para>
1564 </sect2>
1566 <sect2>
1569 <para>
1570 You can also use other debuggers (like
1572 items:
1573 </para>
1574 <para>
1575 You need to attach the unix debugger to the correct unix
1576 process (representing the correct windows thread) (you can
1578 When running the emulator, usually the first two
1580 running the desktop, the first thread of the application is
1582 Winelib program, the first thread of the application is
1584 </para>
1585 <note>
1586 <para>
1588 notion of threads, it won't work with Wine because the
1589 thread abstraction used for implementing Windows' thread
1590 is not 100% mapped onto the linux posix threads
1591 implementation. It means that you'll have to spawn a
1593 thread you wish to debug.
1594 </para>
1595 </note>
1597 <!-- *** Extra content spliced in from article by Andreas Mohr *** -->
1598 <para>
1600 </para>
1601 <para>
1602 Here's how to get info about the current execution status of a
1603 certain Wine process:
1604 </para>
1605 <para>
1606 Change into your Wine source dir and enter:
1607 </para>
1608 <screen>
1609 $ gdb wine
1610 </screen>
1611 <para>
1612 Switch to another console and enter <command>ps ax | grep
1613 wine</command> to find all wine processes. Inside
1615 </para>
1616 <screen>
1618 </screen>
1619 <para>
1621 the Wine processes. Use
1622 </para>
1623 <screen>
1624 (gdb) bt
1625 </screen>
1626 <para>
1627 to get the backtrace of the current Wine process, i.e. the
1628 function call history. That way you can find out what the
1629 current process is doing right now. And then you can use
1630 several times:
1631 </para>
1632 <screen>
1633 (gdb) n
1634 </screen>
1635 <para>
1636 or maybe even
1637 </para>
1638 <screen>
1640 </screen>
1641 <para>
1642 and
1643 </para>
1644 <screen>
1645 (gdb) c
1646 </screen>
1647 <para>
1648 to set a breakpoint at a certain function and continue up to
1649 that function. Finally you can enter
1650 </para>
1651 <screen>
1652 (gdb) detach
1653 </screen>
1654 <para>
1655 to detach from the Wine process.
1656 </para>
1657 <!-- *** End of xtra content *** -->
1658 </sect2>
1660 <sect2>
1663 <para>
1664 You can use any Windows' debugging API compliant debugger
1665 with Wine. Some reports have been made of success with
1666 VisualStudio debugger (in remote mode, only the hub runs
1667 in Wine). GoVest fully runs in Wine.
1668 </para>
1669 </sect2>
1671 <sect2>
1675 <tbody>
1676 <row>
1678 </row>
1679 <row>
1680 <entry>
1681 WineDbg debugs a Windows' process: the various
1682 threads will be handled by the same WineDbg session,
1683 and a breakpoint will be triggered for any thread of
1684 the W-process
1685 </entry>
1686 <entry>
1687 gdb debugs a Windows' thread: a separate gdb session
1688 is needed for each thread of a Windows' process and
1689 a breakpoint will be triggered only for the w-thread
1690 debugged
1691 </entry>
1692 </row>
1693 <row>
1694 <entry>
1695 WineDbg supports debug information from stabs
1696 (standard Unix format) and Microsoft's C, CodeView,
1697 .DBG
1698 </entry>
1699 <entry>
1700 GDB supports debug information from stabs (standard
1701 Unix format) and Dwarf II.
1702 </entry>
1703 </row>
1704 </tbody>
1705 </tgroup>
1706 </table>
1707 </sect2>
1708 </sect1>
1714 <itemizedlist>
1715 <listitem>
1716 <para>
1718 code in 32 bit applications are).
1719 </para>
1720 </listitem>
1721 <listitem>
1722 <para>
1723 Function call in expression is no longer supported
1724 </para>
1725 </listitem>
1726 </itemizedlist>
1727 </sect1>
1728 </chapter>
1730 <!-- Keep this comment at the end of the file
1731 Local variables:
1732 mode: sgml
1733 sgml-parent-document:("wine-doc.sgml" "set" "book" "part" "chapter" "")
1734 End:
1735 -->