设置JIT调试器
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]
"Auto"="1"
"Debugger"="\"C:\\Program Files\\Immunity Inc\\Immunity Debugger\\ImmunityDebugger.exe\" -AEDEBUG %ld %ld"
"UserDebuggerHotKey"=dword:00000000
程序崩溃自动导出dump
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps]
"DumpCount"=dword:0000000a
"DumpFolder"=hex(2):43,00,3a,00,5c,00,44,00,75,00,6d,00,70,00,00,00
"DumpType"=dword:00000002
DumpFolder是可扩展字符串"C:\dump"
设置符号路径
SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
进程启动时附加调试器
以IEXPLORE.EXE为例 需要在注册表中创建一项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEXPLORE.EXE 同时在该项下面添加一个字符串类型的key Debugger,值为windbg的位置:”C:\Program Files\Debugging Tools for Windows\windbg.exe”