path: root/docs/debugging/windbg.txt

   #[1]CodeProject Latest artic les - All topics [2]CodeProject Latest
   artic les - MFC / C++ [3]CodeProject Latest artic les - C#
   [4]CodeProject Latest artic les - ASP.NET [5]CodeProject Latest artic
   les - .NET [6]CodeProject Latest artic les - VB.NET [7]CodeProject
   Lounge Posti ngs [8]CodeProje ct

   [9]Click here to Skip to main content

   Email ____________________ Password ____________________ Sign in [_]
   Remember me?   [10]help Lost your password?

     * [11]Home
     * [12]Articles
     * [13]Quick Answers
     * [14]Message Boards
     * [15]Job Board
     * [16]Catalog
     * [17]Help!
     * [18]Lounge [19]S oapbox

     * [20]Download source files - 3.09 Kb< /a>

Table of contents

     * [21]Introduction
          + [22]Overview of Debuggers
          + [23]Comparison of Debuggers
          + [24]WinDbg
          + [25]PDB files
     * [26]Debugging Scenarios
          + [27]Remote Debugging
          + [28]Just-in-time Debugging
          + [29]64-bit Debugging
          + [30]Managed Debugging
          + [31]Debugging Services
          + [32]Debugging Exceptions
     * [33]WinDbg Features
          + [34]Debugger Extension DLLs
          + [35]Dump Files
          + [36]Crash Dump Analysis
     * [37]WinDbg Settings
          + [38]Symbol Files and Directories
          + [39]Source Code Directories
          + [40]Breakpoints, Tracing
     * [41]Commands
          + [42]Basic Commands
          + [43]More Commands
          + [44]Handy Extension Commands
     * [45]Example
          + [46]Suggested Exercises
     * [47]Epilogue
          + [48]Points to Note
          + [49]Q & A
     * [50]References

Introduction

   In my professional career, I have seen most of us use Visual Studio for
   debug ging but not many of the other debuggers that come for free. You
   may want such a debugger for many reasons, for example, on your home PC
   which you do not use fo r development but on which a certain program
   crashes from time to time. From the stack dump, you can figure out if
   IE crashed because of a third party plug-in.< /p>

   I did not find any good quick starters for WinDbg. This article
   discusses Win Dbg with examples. I assume you know the basic concepts
   of debugging stepping in, stepping out, breakpoints and what it means
   to do remote debugging.

   Note that this is meant to be a Getting Started document, which you can
   read and start using WinDbg. To know more about specific commands,
   consult the WinDbg documentation. You can use the commands presented in
   this document with any deb ugger provided by Microsoft, e.g. from the
   Command window of Visual Studio .NET.

   This article is based on WinDbg 6.3.

   This is the first of a series of articles on debugging. In my next
   article, I shall explain how to write debugger extension DLLs.

  Overview of Debuggers< /h3>

   A brief overview of the Windows debuggers that you can download for
   free from [51]here :
     * KD Kernel debugger. You want to use this to remote debug OS
       problems like blue screens. You want it if you develop device
       drivers.
     * CDB Command-line debugger. This is a console application.
     * NTSD NT debugger. This is a user-mode debugger that you can use to
       debug y our user-mode applications. Effectively, this is
       Windows-style UI added to CDB.
     * Windbg wraps KD and NTSD with a decent UI. WinDbg can function both
       as a k ernel-mode and user-mode debugger.
     * Visual Studio, Visual Studio .NET use the same debugging engine as
       KD and NTSD and offer richer UI than WinDbg for debugging purposes.

  Comparison of Debuggers

   Feature                             KD NTSD WinDbg Visual Studio .NET

   Kernel-mode debugging               Y  N    Y      N
   User-mode debugging                    Y    Y      Y
   Unmanaged debugging                 Y  Y    Y      Y
   Managed debugging                      Y    Y      Y
   Remote debugging                    Y  Y    Y      Y
   Attach to process                   Y  Y    Y      Y
   Detach from process in Win2K and XP Y  Y    Y      Y
   SQL debugging                       N  N    N      Y

  WinDbg

   WinDbg is a debugger that wraps NTSD and KD with a better UI. It
   provides com mand-line options like starting minimized (-m), attach to
   a process by pid (-p) and auto-open crash files (-z). It supports three
   types of commands:
     * regular commands (e.g.: k). The regular commands are to debug proce
       sses.
     * dot commands (e.g.: .sympath). The dot commands are to control the
       debugger.
     * extension commands (e.g.: !handle) these are custom commands that
       you can add to WinDbg; they are implemented as exported functions
       in extension DLLs.

  PDB files

   PDB files are program database files generated by the linker. Private
   PDB fil es contain information about private and public symbols, source
   lines, types, lo cals and globals. Public PDB files do not contain
   types, local and source line i nformation.

Debugging Scenarios

  Remote Debugging

   Doing remote debugging using WinDbg is easy and can be done in one of a
   numbe r of ways. In the following, debugging server is the debugger
   running on the m achine where youd like to debug; debugging client is
   the debugger controlling the session.
     * Using the debugger: You need CDB, NTSD or WinDbg on the ser ver. A
       WinDbg client can connect to any of CDB, NTSD and WinDbg, and vice
       versa. The server and client have choices of TCP and named pipes
       for communication pro tocol.
          + To start a server:
               o WinDbg server npipe:pipe=pipename (note: multiple clients
                 can conn ect), or
               o from within WinDbg: .server npipe:pipe=pipename (note:
                 single clien t can connect)
            You can start multiple server sessions using multiple
            protocols. You can pass word-protect a session.
          + To connect from a client:
               o WinDbg -remote npipe:server=Server,
                 pipe=PipeName[,password=Passwo rd]
               o from within WinDbg: File->Connect to Remote Session: for
                 connection strin g, enter npipe:server=Server,
                 pipe=PipeName [ ,password=Password]
     * Using remote.exe: remote.exe uses named pipes for communicating. If
       you use a console-based application like KD, CDB or NTSD, you could
       use remote.exe to do remote debugging. Note: use @q (not q) to qu
       it the client without quitting the server.
          + To start a server:
               o Remote.exe /s cdb p <pid> test1
          + To connect from a client:
               o Remote.exe /c <machinename> test1
       test1 above is the arbitrary named pipe name we chose.

   Server will display who all are connected from which servers and
   commands exe cuted. You can quit the server by issuing qq; or quit the
   client using File-&g t;Exit. Youd need to belong to the Debugger Users
   user group and the server h as to allow remote connectivity if you want
   to remote-debug.

  Just-in-time Debugging

   The section Enabling Postmortem Debugging in the WinDbg documentation
   discu sses this well. In short, you can set WinDbg as the default JIT
   debugger by runn ing Windbg I. This sets the registry key
   HKLM\Software\Microsoft \Windows NT\CurrentVersion\AeDebug to WinDbg.
   To set WinDbg as the defaul t managed debugger, youd need to set these
   registry keys explicitly:
     * HKLM\Software\Microsoft\.NETFramework\DbgJITDebugLaunchSetting to 2
     * HKLM\Software\Microsoft\.NETFramework\DbgManagedDebugger to Win
       dbg.

   With the JIT setting, WinDbg will be launched if an application throws
   an exc eption while not being debugged and does not handle the
   exception itself.

  64-bit Debugging

   All these debuggers support 64-bit debugging on AMD64 and IA64.

  Managed Debugging

   WinDbg 6.3+ supports managed debugging, with the Whidbey .NET CLR.
   There is a good discussion on managed debugging in the documentation.
   Remember that there are no PDBs with managed code since managed code is
   compiled to ILASM; the debug ger talks to the CLR to query extra
   information.

   Points to note:

   You can set a breakpoint at a managed code function only after it has
   been in voked at least once; because that is when it is JIT-compiled to
   ASM code. Keep i n mind:
     * Complications with function addresses and hence breakpoints:
          + The CLR can discard compiled code, so function addresses may
            change.
          + The same code may be multiply compiled if multiple app domains
            do not share the code. If you set a breakpoint, it gets set
            for the app domain of the current thread.
          + Specialization of generics can cause multiple addresses for
            the same functio n.
     * Complications with data layout and hence data inspection:
          + The CLR may change data layout arbitrarily at runtime, so
            field offsets in a structure may change over time.
          + Type information is loaded only on first use, so you may not
            be able to insp ect a data field if it has not been used yet.
     * Complications with debugger commands:
          + When tracing through managed code, you would pass through
            chunks of runtime code like the JIT compiler code because you
            stepped into a function for the firs t time, or, when
            transitioning from managed to unmanaged code.

  Debugging Services

   You can debug a service just as any other application using WinDbg,
   both afte r starting the service by attaching to the service process,
   and, by using WinDbg as a JIT debugger and programmatically calling
   DbgBreakPoint or DebugBreak
   , or an ASM int 3 on x86.

  Debugging Exceptions

   A debugger gets notified of each exception twice it is notified the
   first t ime before the application gets a chance to handle the
   exception (first chance exception); if the application does not handle
   the exception, the debugger is g iven a chance to handle the exception
   ( second-chance exception). If the debug ger does not handle a
   second-chance exception, the application quits.

   .lastevent, or, !analyze v will show you the exception rec ord and
   stack trace of the function where the exception occurred.

   You can also use the .exr, .cxr and .ecxr commands to display the
   exception and context records. Note also that you can change the
   first-chance handling option for an exception using the sxe, sxd, sxn
   and sxi commands.

WinDbg Features

  Debugger Extension DLLs

   Debugger extensions are DLLs that you can hook up with a debugger to
   execute custom commands from within the debugger. There are certain
   functions that a DLL needs to implement and some requirements that a
   DLL needs to meet in order to q ualify as an extension DLL. In the next
   article, we shall learn how to write an extension DLL yourself. The
   bang (!) commands are commands executed from your ex tension DLLs. Note
   that extension DLLs are loaded in the process space of the de bugger.

  Dump Files

   You can take snapshot information of a process using the dump facility.
   A min i-dump is usually small, unless you take a full-memory minidump
   (.dump /mf). It is useful to dump handle information also, as
   .dump/mfh. A min i-dump contains information about all threads
   including their stacks and list of loaded modules. A full dump contains
   more information, like that of the process heap.

  Crash Dump Analysis

   If your Windows OS crashes, it dumps the physical memory contents and
   all pro cess information to a dump file, configured through
   System->Control Panel-> ;Advanced->Startup and Recovery. It is also
   possible to take dumps of any l ive process by breaking into it. You
   can also take a dump of any process (.d ump) that terminates abnormally
   by configuring WinDbg as a JIT debugger. No te that figuring out bugs
   in the code from a crash dump could be an involved pro cess.

   To analyze a dump, follow these steps:

   Step 1: In WinDbg, File->Open Crash Dump, and point to the dump file

   Step 2: WinDbg will show you the instruction your app was executing
   when it crashed.

   Step 3: Set your symbol path and source path properly. If you cannot
   match symbols, you could have a hard time figuring out control flow. If
   you can match the symbols to source code of the appropriate version, it
   should be easy to figure out the bug at this point. Note that private
   symbol files have line nu mber information and will blindly show the
   line in your source code without furt her checks; if your source is not
   version-matched properly, youd not see the co rrect source code
   matching the assembly code. If you have public PDB files, you ll see
   the last public function (on the call stack) that was invoked.

   Note that debugging drivers or managed code is much different. Refer to
   [2] f or debugging techniques for device drivers.

WinDbg Settings

  Symbol Files and Directories

   You need symbols in order to be able to do effective debugging. Symbol
   files could be in an older COFF format or the PDB format. PDBs are
   program database fi les and contain public symbols. These debuggers
   allow you to mention a list of U RIs where they would look for symbols
   for loaded binaries.

   OS symbols are usually installed in the %SYSTEMDIR%Symbols directory .
   Driver symbols (.DBG or .PDB files) are usually in the same folder as
   the driver (.sys file). Private symbol files contain informat ion about
   functions, local and global variables, and line information to correla
   te assembly code to source code; symbol files that are usually made
   available to customers are public symbol files these files contain
   information about publi c members only.

   You can set symbol directories through File->Symbol File Path, or using
   .sympath
   from the WinDbg command window. To add reference to a symbol ser ver on
   the web, add:
SRV*downstream_store*http://msdl.microsoft.com
/download/symbols

   to your .sympath, thus:
.sympath+ SRV*c:\tmp*http://msdl.microsoft.com/downloa
d/symbols

   Where c:\tmp is the download_store where necessary symb ols will be
   downloaded and stored. Note that this particular symbol server expos es
   public symbols only.

   The debugger matches information like filename, timestamp and checksum
   when m atching a PDB with a binary (DLL or exe). If you have symbol
   information, youd be able to see function names and their arguments in
   your call stack. If the bin aries and PDBs are from your application,
   youd additionally have information ab out private functions, local
   variables and type information.

   The sympath can consist of multiple URIs. Sympath i s initialized from
   the _NT_SYMBOL_PATH system environment variable.

  Source Code Directories

   You can set source code directories through File->Source File Path, or
   usi ng .srcpath from the WinDbg command window. If you set source code
   dire ctories, the debugger will pull up matching source code based on
   line number inf ormation from the PDB files during debugging.

  Breakpoints, Tracing

     * Set soft breakpoints using the bp commands or using the toolbar
       breakpoint icon.
     * Set hard breakpoints using code like DbgBreakPoint() or K
       dBreakPoint().
     * Use tracing routines DbgPrint, KdPrint, Outp utDebugString to print
       out to the WinDbg output window, from debugger ext ension DLLs.

Commands

  Basic Commands

   The help file that comes with the WinDbg installation documents
   commands well , but the following basic commands should get you
   started:

   Feature Command What Does it Do Example / Comments See Also Related
   Commands

   Stack trace K, KB x Displays stack trace of current thread (x frames).
   Kb causes th e display to include the first three parameters passed to
   each function.   KP, Kp, or KV
   Frame .frame X
   Register watch R Displays register set. reax displays the eax register.

   Step t Trace = Step into (F11)
     p Step over (F10)
     Step out Shift + F11
   Disassemble u Unassemble next few instructions
     u <start_address> Unassemble instructions at start_address
     u <start_address>

   <end_address>
   Unassemble instructions from start_address till end_addre ss
   Breakpoints Bl List breakpoints.
     be, bd, bc Enable / disable / clear breakpoint.
     bp Set a breakpoint.
     bu Set unresolved breakpoint. Breakpoint is resolved by symbolic
   name, not abso lute address. Use this to set breakpoint at a function
   whose containing module h as not yet been loaded. bu foo

   Comment * Ignores the command * Hello World
   Continue G <address_X / symbol> Go. Resumes execution until address_X

     GH Go, exception handled
     GN Go, exception not handled
   Quit Q
   Dumping data dv Display local variables. You need private symbols.
     Dd <address> Display dword values at specified address. To see value
   of an int, DD &l t;addr> L1
     Ds, da (ASCII), du (Unicode) Dump string
     Dt [dt module!typedef adr] Dump type. Will dump the contents of the
   memory using typedef as a template.
   Change / Edit Values Eb (byte), ed (dword ), ea (ASCII), eu (Unicode)
   Edit value of a variable
   List modules lm List loaded modules   Lmi, lml, !dlls
   Threads ~ Lists all threads
   Command on thread n ~n<command> Switch to a specific thread by
   thread-id and execute a command on the thread . ~2kb (second threads
   stack)

   Search for a symbol in a module X module!<pattern>   X blah!*foo*
   Dump .dump
   Source line display .lines Turns on source code display
     ln adr Will show the symbol nearest to that location.

   Note:
    1. There is no step out (Shift+F11). You have to find the return
       address on t he stack manually and use g adr. You can find this
       address by using k. If you know the function uses ebp frames you
       can use g poi(ebp+4) to step out.
    2. To inspect local variables:
         a. Use the dv command.
         b. Then use the dt <variablename> command.
         c. Note: you may not see correct values if values are stored in
            registers or du e to FPO.

  More Commands

   Feature Command What Does it Do Example / Comments See Also Related
   Commands
     Vertarget Shows information about the system on which you are
   debugging.
   Data breakpoint (hardware bp) Ba

   [ba r/w/e size adr]
   Sets a data breakpoint. You can break on read/ write/ execute attempt
   of a m emory location. ba w4 adr
   Exceptions .lastevent Displays last exception record
   Exceptions Sx, Sxe, sxd, sxn, sxi exception_X Enable/ disable/
   notify-only/ ignore first chance exception /event exc eption_X. Example
   of event: module unload/ thread creation.
   Display type Dt Shows struct and field values . Dt x; // x: int
   Dt myStruct; // struct myStruct
   Dt myStruct myVar1; // shows myStruct.myVar1
   Reload symbols .reload Reloads symbols using the symbol path you would
   have set.
   Source lines l+l, l+o, l+s, l+t Source line options
     .ecxr If you had an exception, switches context to faulting context.

     .quit_lock
     ; Command separator
     ? Evaluate expression
     | Display process information
     .chain Lists all loaded debugger extensions.
     .echo <string> Echo/ print any string Echo xyz
     .exr <address_x> Display exception record at x.
     .cxr <address_x> Display context record at x.
     .trap Dump a trap frame.

  Handy Extension Commands

     * !help help for WinDbg extension commands.
     * !load, !unload to load and unload debugger extension DLLs.
     * !handle displays information about handles owned by processes.
     * !peb - shows the PEB (process environment block) including DLL
       information.

Example

   Attached is a sample application with these example functions:
    1. Example1: Program appears hung because a thread waits indefinitely
       on a crit ical section that another thread acquired and then exited
       without releasing.
    2. Example2: Exception: division by zero.
    3. Example3: Execute a command every time a breakpoint is hit.
    4. Example4: Exception: null pointer access
    5. Example5: Exception: double deletion
    6. Example6: Exception: stack overflow due to infinite recursion

  Suggested Exercises

    1. Exception: Array out-of-bound access
    2. Exception: Deleted pointer access
    3. Exception: Stack underflow

Epilogue

  Points to Note

   Please note that:
     * when you run WinDbg, attach to a process and issue kb, youd be
       seeing the s tack trace of the thread injected by the debugger. All
       debugging commands are ex ecuted in the context of the injected
       thread.
     * Frame Pointer Omission (FPO):
       Means that when your code is compiled, frame pointers (EBP) will
       not be put o n the stack. This makes function calls faster and
       makes the EBP register availab le as a scratch register. The
       optimization option /Oy in the MSC++ compiler => ; FPO; /O2 or /Ox
       (full optimization) => /Oy.

  Q & A

    1. How can I list all symbols exported by a module?
       x <module>!*
    2. How can I find help for a specific command?
       .hh <command>, or <command> /?
    3. I want a certain application x.exe to run always under WinDbg. How
       can I configure this?
       Create a key named x.exe under HKLM\Software\Microsoft\Windows NT\c
       urrentversion\image file execution options and add a new string
       value Debugger to it; set its value to the path of windbg.exe.
    4. I want to do something every time a breakpoint is hit. How can I do
       that?
       The bp command accepts a list of commands as argument that you can
       execute ev ery time a breakpoint is hit. Example:
       bp WindbgEx1!Example3+0x3d "dd [ebp-0x14] L1; .echo hello
       world;g&qu ot;
       (ref. attached code)
       prints the value of a local variable in each iteration of function
       Example3.< /p>
    5. Can I put a breakpoint that is triggered only once?
       Yes:bp /1
    6. Can I set a breakpoint such that it will start hitting only after
       k-1 passes ?
       Yes, bp <address> k

References

    1. WinDbg documentation [from [52]Microsoft]
    2. The Windows 2000 Device Driver Book Art Baker, Jerry Lozano

   You must [53]Sign In to use this message board.

                               ____________________  ____________________

                                                              Per page[25]


     FirstPrev[54]Next


   General blue screen analysis
           rupeshkp728         7:08 24 May '10



   What all information can we get from the windows blue screen
   Is there any way to debug a crash without using windbg?
   [55]Sign In·[56]View Thread·[57]PermaLin k
   [t.gif]
   Question Automate mini-dump creation with WinDBG configured as JIT
   debugger
   MorsCerta 4:53 9 Apr '10


   Hi,
   I have configured WindDbg as JIT Debugger on a cu stomers PC. However
   the crash occurs only once or twice a week.
   I wou ld like WinDbg to automatically write a minidump for the crashing
   process when i t is launched as the JIT debugger and then exit.
   Is this possible?
   Thanx
   Kurt
   [58]Sign In·[59]View Thread·[60]PermaLink
   [t.gif]
   General Very good article
           Sandeep Aparajit 2:42 23 Jun '09


   Thanks for such a detailed article on Windbg..
   Sandeep Aparajit
   Mark usefull posts as Helpful/Answers.[61]Technical articles on C#,
   ASP.NET, Archi tecture and Security | [62]Photography
   [63]Sign In·[64]View Thread·[65]PermaLink
   [t.gif]
   General How can I add the symbol without the internet?
           bal ong001                                    6:36 17 Mar '09


   hi, now in my office, my computer can't connect the internet, ,t he way
   you mentioned
   "SRV*downstream_store*http://msdl.microsoft.com/downlo ad/symbols" may
   be a big problem
   to me.So, I want to know that, how can I s et the symbol without the
   internet? Any suggestion?
   Thank you! Smile
   Thank you!
   [66]Sign In·[67]View Thread·[68]PermaLink 2.00/5
   Answer [69]Re: How can I add the s ymbol without the internet?
          sandeep naidu                                          5:18 30 Mar '09


   If you have the windows installation CD it will have the symbols in the
   support folder. Once you install it from the CD the symbol path is
   autom atically set. If not, just remember the path it extracted the
   symbols to and set the path using .sympath command.
   [70]Sign In·[71]View Thread·[72]PermaLink 5.00/5
   [t.gif]
   General Use USB WinDbg on VISTA
           flyball1230            17:05 24 Feb '09


   Dear Sir,
   I have a Ajays USB debug cable, and I want to link two EeePCs(no 1394,
   no COM Port) to do some debugging works. I have use bcdedit change the
   boot entry, but I still can't link WinDbg(KD) sucessfully! Do you have
   any experience or sollution about this issue? Thanks for your help!
   Regards,
   Steven
   [73]Sign In·[74]View Thread·[75]Perma Link 2.00/5 < /span>
   [t.gif]
   General Compiling error in VS 2005
           conglover                 15:40 26 Jan '09


   I am trying to run the example source in my VS 2005 to generate symbols
   and images for Windbg.
   But I get a lot of compiling errors. .vspro j file was not included in
   the download.
   All the errors are from wdbgexts.h /
   My machine is Vista 64 and using VS 2005.
   I created a new Windows console application.
   [76]Sign In·[77]View Thread·[78]Pe rmaLink
   [t.gif]
   Question How to correct a message "Type information missing er ror for
   changeto4p " when using WinDbg ? thanks!
   cchmark1 21:17 29 Jun '08


   I got a message "Type information missing error for changeto4p " when
   using WinDbg with "x CrashScreenShot!changeto4p" , could someone tell
   me ho w to correct it , thanks in advance !
   [79]Sign In·[80]View Thread·[81]PermaLink 1.00/5
   [t.gif]
   Question How can I get the value of the variable in dump file?
   Daniel Xu 17:39 2 6 Nov '07


   Hi,
   In Crash Dump Analysis, I set the right PDB file, and traced the right
   source code. How can I get the value of the variable?
   e.g.
   I have a Unicode String named szMyValue, in MyModules!MyFunctio n. How
   can I located this variable in memory and get it's value?
   I ha ve an idea to use Unassemble code get the value. I'm not the
   skilled guy to read assemble code.
   The command of "dt" could only display data type, and the " dv" command
   does not work at all.
   Do you have any new idea about my q uestion? Need your help.
   Thanks.
   Daniel
   A lucky fish.
   [82]Sign In·[83]View Thread·[84]PermaLink
   Answer [85]Re: How can I get the value of the variable in dump file?
   flobadob1975 2:21 22 Oct '08


   I'm no expert but I think it depends on the type of minidump fil e
   (there are several levels of detail). See the /m command for ntsd. By
   default the heap is not dumped so you will not get stuff from there.
   Try using the /ma s witch instead of the default /m
   [86]Sign In·[87]View Thread·[88]PermaLink 5.00/5
   General [89]Re: How can I get t he value of the variable in dump file?
   Sharath George 16:24 11 Jun '09


   also try compiling without optimization
   as optimization rul es out viewing a lot of intermediate variables that
   do not need to be stored
   [90]Sign In·[91]View Thread·[92]PermaLink
   [t.gif]
   Question new to windbg.... help needed
            suriiitm                     5:54 11 Sep '07


   hi
   I'm new to debugging softwares... I'm using windbg and couldn't
   understand anything wht exactly is happening inside it..... can anyone
   post some useful links or material regarding how to get started?
   Tha nks
   Surendra
   [93]Sign In·[94]View Thread·[95]Per maLink
   Answer [96]Re: new to windbg.... help needed
          Saikat Sen                           20:12 26 Sep '07


   Surendra,
   If you have access to Visual Studio, VS UI would probably be more
   intuitive and easy to use.
   If you're just starting o ff, make sure you step through high-level
   code rather than assembly code.
   < br />If you have specific questions, feel free to ask.
   - Saikat
   [97]Sign In·[98]View Thread·[99] PermaLink 2.0 0/5
   [t.gif]
   General is it possible to change the "value" in registers windo w to
   ascii ?!
   miki85 19:46 28 Aug '07


   Confused
   the way it is i dont understand nothing about wha ts inside the reg
   exept that it was changed when it turns red..
   there 's a way to change it to ascii like "da eax" ?!
   [100]Sign In·[101]View Thread·[102]PermaLink
   [t.gif]
  General is there the windbg source code i can download
          zja 601                                       23:42 12 Aug '07 &n bsp;


   thanks
   [103]Sign In·[104]View Thread·[105]PermaLink
   General [106]Re: is there the win dbg source code i can download
   Jeffrey Walton 6:26 30 Aug '07


   I don't believe WndDbg has ever been released in Source. However , othe
   popular debuggers such as OllyDbg is available. See
   [107]OllyDbg[[108]^]
   Jeff
   [109]Sign In·[110]View Thread· [111]PermaLink
   [t.gif]
   General Windbg
           sidscrazy 4:10 30 Jul '07


   I found windbg very helpful. Indeed this is the tool I use for e
   veryday debugging.
   It can be used for both user mode and kernel mode debugg ing.
   The only problem I feel is the inconvenient way in which it allows me
   to access code. It is not as user friendly as visual studio debugger.
   I w ould be happy to know the reason why we should use windbg and not
   Visual Studio for user mode debugging.
   Thanks
   Sid
   Happy secure coding
   [112]Sign In·[113]View Thread·[114]PermaLink 3.25/5
   General [115]Re: Windbg
           Jeffrey Walton 6:30 30 Aug '07


   Hi Sid,

   sidsc razy wrote:

     I would be happy to know the reason why we should use windbg .. .

   I imagine this is personal preference. In a perverted way, I know of a
   few who prefer command line debuggers. For example those who came from
   the early Unix and Linux who are masters at gdb.
   A little known factiod: WinDbg is mainted by the Operating System team
   at Microsoft, while Visual Studio is a product of the Development team.
   So WinDbg is much more intimate with the OS and its structures. For
   example, how does one view the PEB in Visual Studio?< br />
   Jeff
   [116]Sign In·[117]View Thread·[118]PermaLink< td class="msg-footer"
   align="right">
   [t.gif]
   General How to debug debugger extensions?
           STUART.R                         19:53 1 Nov '06


   Hi,
   can anybody tell me how to debug debugger extensi ons written for
   drivers?
   thanx
   [119]Sign In·[120]View Thread·[121]PermaLink 1.00/5
   [t.gif]
   Question Anyone having trouble setting the postmortem debugger ?
   dmatsumoto 5:21 26 Oct '06


   I've tried pretty much everything I can think of. In the end, I decided
   to just make windbg my default postmortem debugger by using "windbg -I"
   , but even that doesn't seem to work.
   I created a test app that simpl y throws an exception and doesn't
   handle it. When I execute the app in debug an d release mode, I get an
   application error, but windbg doesn't start.
   Can someone tell me why this isn't working for me? Thanks! Confused
   [122]Sign In·[123]View Thread·[124]PermaLink 1.33/5
   Answer [125]Re: Anyone having tro uble setting the postmortem debugger?
   Saikat Sen 21:02 3 Dec '06


   Can you send the registry dump of the appropriate keys?
   You can find in my article which reg keys are respected/ expected for
   post-mortem d ebugging.
   Thanks
   - Saikat
   [126]Sign In·[127]View Thread·[128]PermaLink
   [t.gif]
   General for_each_threads commad?
           swamyv                  12:06 13 Sep '06


   Does windbg has this command? I can't find it from help.
   < /td>
   [129]Sign In·[130]View Thread·[131]Perma Link < /td>
   General [132]Re: for_each_threads commad?
           Saika t Sen                      17:03 27 Sep '06


   Not that I know of. What are you trying to accomplish?
   - Saikat
   [133]Sign In·[134]View Thread·[135]Pe rmaLink 2.00/ 5
   General [136]Re: for_each_threads commad?
           Jonat han C Dickinson            22:57 1 4 Feb '10


   ~* e (command)
   He who asks a question i s a fool for five minutes. He who does not ask
   a question remains a fool forever . [Chineese Proverb]
   Jonathan C Dickinson (C# Software Engineer)< /div>
   [137]Sign In·[138]View Thread·[139]Pe rmaLink
   [t.gif]
   General windbg scripting to get stack trace of all threads?
           swamyv                                             14:14 8 Sep '0 6


   Is it possible write a small script that can attach to run ning process
   and run few commands like list of threads and get stack trace of all
   threads and then detach without terminating the target process?
   And then I would like to save the output in a file.
   If you have any idea please let me know thanks.
   Swamy
   [140]Sign In·[141]View Thread·[142]PermaLink 1.67/5
   Last Visit: 2:09 10 Jun '10     L ast Update: 2:09 10 Jun '10 1[143]2<
   /a>[144]3 [145]Next »

   Last Updated 23 Mar 2004 | [146]Advertise | [147]Privacy | [148]Terms
   of Use | Copyright © [149]CodeProject, 199 9-2010