~ (Thread Status)
Tilde (~) command displays the specified thread or the current states of all threads in the process.
~ Thread
parameter:
- Thread
specified thread to be displayed. If you omit this parameter, all threads will be displayed.
surroundings:
| mode |
Only user mode |
| aims |
Real-time crash dump |
| platform |
Complete |
0:067> ~
0 Id: 2854.2fe8 Suspend: 1 Teb: 00dfc000 Unfrozen
1 Id: 2854.24c8 Suspend: 1 Teb: 00dff000 Unfrozen
2 Id: 2854.1fd4 Suspend: 1 Teb: 00c02000 Unfrozen
3 Id: 2854.1d60 Suspend: 1 Teb: 00c05000 Unfrozen
4 Id: 2854.5ac Suspend: 1 Teb: 00c08000 Unfrozen
5 Id: 2854.1504 Suspend: 1 Teb: 00c0e000 Unfrozen
6 Id: 2854.3200 Suspend: 1 Teb: 00c11000 Unfrozen
7 Id: 2854.290 Suspend: 1 Teb: 00c14000 Unfrozen
8 Id: 2854.2fbc Suspend: 1 Teb: 00c26000 Unfrozen
The following command also displays all the threads.
0:067> ~*
0 Id: 2854.2fe8 Suspend: 1 Teb: 00dfc000 Unfrozen
Start: DIYHome!WinMainCRTStartup (00a74f1b)
Priority: 0 Priority class: 32 Affinity: ff
1 Id: 2854.24c8 Suspend: 1 Teb: 00dff000 Unfrozen
Start: ntdll!TppWorkerThread (77711440)
Priority: 0 Priority class: 32 Affinity: ff
2 Id: 2854.1fd4 Suspend: 1 Teb: 00c02000 Unfrozen
Start: ntdll!TppWorkerThread (77711440)
Priority: 0 Priority class: 32 Affinity: ff
3 Id: 2854.1d60 Suspend: 1 Teb: 00c05000 Unfrozen
Start: ntdll!TppWorkerThread (77711440)
Priority: 0 Priority class: 32 Affinity: ff
4 Id: 2854.5ac Suspend: 1 Teb: 00c08000 Unfrozen
Start: ntdll!TppWorkerThread (77711440)
Priority: 0 Priority class: 32 Affinity: ff
5 Id: 2854.1504 Suspend: 1 Teb: 00c0e000 Unfrozen
Start: ntdll!TppWorkerThread (77711440)
Priority: 0 Priority class: 32 Affinity: ff
6 Id: 2854.3200 Suspend: 1 Teb: 00c11000 Unfrozen
Start: ntdll!TppWorkerThread (77711440)
Priority: 0 Priority class: 32 Affinity: ff
7 Id: 2854.290 Suspend: 1 Teb: 00c14000 Unfrozen
Start: combase!CRpcThreadCache::RpcWorkerThreadEntry (74592460)
Priority: 0 Priority class: 32 Affinity: ff
8 Id: 2854.2fbc Suspend: 1 Teb: 00c26000 Unfrozen
Start: nvoglv32!DrvValidateVersion+0x93e0 (690970c0)
Priority: 0 Priority class: 32 Affinity: ff
You can see the display more information.
The following command displays the currently active thread.
0:067> ~.
. 67 Id: 2854.1958 Suspend: 0 Teb: 00cec000 Unfrozen
Start: msvcr120!_threadstartex (6330bfb4)
Priority: 0 Priority class: 32 Affinity: ff
The following command displays the initial thread that caused the exception (or in the debugger is active when attached to the process).
0:000> ~#
# 67 Id: 2854.1958 Suspend: 0 Teb: 00cec000 Unfrozen
Start: msvcr120!_threadstartex (6330bfb4)
Priority: 0 Priority class: 32 Affinity: ff
The following command displays the number of threads 2
0:000> ~2
2 Id: 2854.1fd4 Suspend: 1 Teb: 00c02000 Unfrozen
Start: ntdll!TppWorkerThread (77711440)
Priority: 0 Priority class: 32 Affinity: ff
0:001> ~ 0 id: 4dc.470 Suspend: 0 Teb 7ffde000 Unfrozen . 1 id: 4dc.534 Suspend: 0 Teb 7ffdd000 Unfrozen # 2 id: 4dc.5a8 Suspend: 0 Teb 7ffdc000 Unfrozen
In the first line of the output, 0 is the number of decimal threads, 4dc hexadecimal process ID, 470 is the hex thread ID, 0x7ffde000 is teb address, unfrozen is a thread state. Period before the thread 1 (.) Indicates that the thread is the current thread. Thread 2 before the number sign (#) indicates that this thread is a thread that originally caused the anomaly, or is active in the debugger attached to the process.
~e (Thread-Specific Command)
~ E command executes one or more commands for a specific thread or all threads in the target process. Do not use this command with e (input values) command confusion.
~Thread e CommandString
parameter:
- Thread
specified debugger for the thread execution commandString. - CommandString
specify one or more commands to be executed. You should use a semicolon to separate multiple commands. commandString includes the remainder of the input line. All text following the letter "e" are interpreted as part of the string. Do not commandstring enclosed in quotation marks.
surroundings:
| mode |
Only user mode |
| aims |
Real-time crash dump |
| platform |
Complete |
You can specify only a thread in user mode. In kernel mode, the tilde (~) indicates that the processor. When you ~ e command with a thread, ~ e command will preserve some typing. For example, the following two commands are equivalent.
0:000> ~2e r; k; kd 0:000> ~2r; ~2k; ~2kd
However, ~ e qualifier may be used repeatedly command or the extended command. When you use a qualifier in this way, it can eliminate additional input. For example, the following command repeat ! Gle use gle extension command for each thread being debugged.
0:000> ~*e !gle
If the error occurred while executing a command, continue with the next command. You can not use qualifier Run ~ e (g, gh, gn, gn, gu, p, pa, pc, t, ta, tb, tc, wt). Can not be (executed when execution) ~ e qualifier j (if it is not executed) z or conditions used together command. If you want to debug multiple processes, you can not use the ~ e command to access an inactive process's virtual memory space.
~f (Freeze Thread)
~ F command to freeze a given thread, to stop and wait for the thaw. Do not use this command with f (fill memory) command confusion.
~Thread f
parameter:
- Thread
specify frozen thread.
surroundings:
| mode |
Only user mode |
| aims |
Real-time crash dump |
| platform |
Complete |
You can specify only a thread in user mode. In kernel mode, the tilde (~) indicates that the processor. ~ f command causes the specified thread freeze. When the debugger enables the target application can continue to execute other threads will perform as expected, and this thread will remain stopped.
The following example shows you how to use this command. The following command displays the current status of all threads.
0:000> ~* k
The following command freeze led to the current exception of thread.
0:000> ~# f
The following command to check whether the status of this thread has been suspended.
0:000> ~* k
~u (Unfreeze Thread)
~ U command to unfreeze the specified thread.
~n (Suspend Thread)
~ N order staying the execution of the specified thread. N ~ time per command, the thread suspend count increases by one. When you use this command, the starting address of the thread.
~m (Resume Thread)
~ M command continues to perform the specified thread. ~ M command each use, the thread suspend count is reduced by one.
~s (Set Current Thread)
~ s command sets or displays the current thread number. In user mode, ~ s the current thread is provided. Do not use this command with the ~ s (Change Current Processor) command (only works in kernel mode), | S (the Set Current Process) command, || S (the Set Current System) command or s (Search Memory) command confusion.
~Thread s ~ s
parameter:
- Thread
designated to set or display of threads.