如何将 WinDbg 附加到在 Windows Docker 容器内运行的进程？

如何解决如何将 WinDbg 附加到在 Windows Docker 容器内运行的进程？

如何将 WinDbg 附加到在 Windows Docker 容器内运行的进程？我试过用谷歌搜索它，但似乎一切都使用 Visual Studio 来做到这一点。我只是想使用 WinDbg 或类似的东西来快速分析主机上运行的进程。

解决方法

第一次使用 Docker 所以这可能不是你想要的
我不做 c# asp.net iis 的事情，Docker 似乎因之而闻名

就这样
安装 Docker 桌面

C:\>docker version

Client: Docker Engine - Community
 Version:           20.10.2
 API version:       1.41
 Go version:        go1.13.15
 Git commit:        2291f61
 Built:             Mon Dec 28 16:14:16 2020
 OS/Arch:           windows/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.2
  API version:      1.41 (minimum version 1.24)
  Go version:       go1.13.15
  Git commit:       8891c58
  Built:            Mon Dec 28 16:26:48 2020
  OS/Arch:          windows/amd64
  Experimental:     false

浏览入门

docker run -d -p 80:80 docker/getting-started

拉取 Microsoft/nanoserver:1803

C:\>docker images
REPOSITORY             TAG       IMAGE ID       CREATED         SIZE
microsoft/nanoserver   1803      65194053090c   11 months ago   378MB

使用名称在后台分离交互中运行容器

C:\>docker run -d -it --name="mydoc" microsoft/nanoserver:1803
23b9265196659cc073bc05ec81f6b58be465db6e305645e1af13c5831c0ca4e3

停下来

C:\>docker stop mydoc
mydoc

复制windbg x64文件夹和/MT编译的控制台c++ printf应用程序进行测试

C:\>docker cp d:\doc_trans\ mydoc:c:\

启动容器

C:\>docker start mydoc
mydoc

在应用上执行 cdb

C:\>docker exec -it mydoc "c:\\doc_trans\\x64\\cdb.exe" c:\\doc_trans\printf.exe

Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: c:\\doc_trans\printf.exe
Symbol search path is: srv*
Executable search path is:
ModLoad: 00007ff7`76420000 00007ff7`76487000   printf.exe
ModLoad: 00007ff8`86e60000 00007ff8`87041000   ntdll.dll
ModLoad: 00007ff8`84290000 00007ff8`84503000   C:\Windows\System32\KERNELBASE.dll
ModLoad: 00007ff8`83b20000 00007ff8`83b45000   C:\Windows\SYSTEM32\forwarders\KERNEL32.dll
ModLoad: 00007ff8`83fd0000 00007ff8`84017000   C:\Windows\System32\kernel32legacy.dll
(660.664): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll -
ntdll!LdrInitShimEngineDynamic+0x34c:
00007ff8`86f2c8bc cc              int     3
0:000> g 00007ff7`76420000+1000
*** ERROR: Module load completed but symbols could not be loaded for printf.exe
printf+0x1000:
00007ff7`76421000 4883ec28        sub     rsp,28h
0:000> uf .
printf+0x1000:
00007ff7`76421000 4883ec28        sub     rsp,28h
00007ff7`76421004 488d0d35c30400  lea     rcx,[printf+0x4d340 (00007ff7`7646d340)]
00007ff7`7642100b e870000000      call    printf+0x1080 (00007ff7`76421080)
00007ff7`76421010 33c0            xor     eax,eax
00007ff7`76421012 4883c428        add     rsp,28h
00007ff7`76421016 c3              ret
0:000> t
printf+0x1004:
00007ff7`76421004 488d0d35c30400  lea     rcx,[printf+0x4d340 (00007ff7`7646d340)]
0:000> t
printf+0x100b:
00007ff7`7642100b e870000000      call    printf+0x1080 (00007ff7`76421080)
0:000> da @rcx
00007ff7`7646d340  "hello jmp far."
0:000>