NonInvasive debugging

Non-Invasive debugging is a useful technique to debug hung processes. The debugger suspends all threads in the process and has access to all threads, memory and register’s of the process. To do non-invasive debugging via windbg/cdb check this link out: http://msdn.microsoft.com/en-in/library/windows/hardware/ff552274(v=vs.85).aspx To do this via WinDbg UI, press F6 or File->Attach to a Process… While […]
Continue reading…

 

windbg: kf command

kf is a useful command to find out stack memory taken by a frame. See below… I have three functions which looks like this… #pragma auto_inline(off) void TestStack2() {        printf("hello");        return; } void TestStack1() {        TestStack2();        char bytes[0x190] = {9};        printf("hello: %s", bytes); } void TestStack() {        TestStack1();        […]
Continue reading…

 

How to force symbol loading in WinDbg

Sometimes we could have a dump which does not load .pdb files even though they are present in the dump folder. The reason for the load failure is not necessarily every time a code change but could be just a rebuild of the source code. In such cases if you force load the .pdb file […]
Continue reading…

 

How to search a range of addresses using ‘s’ command in WinDbg

-> Please note for demo purpose we are using current thread stack range as address range: poi(@$teb+8) poi(@$teb+4) <- Search for an ascii string beginning with "Rtl" s -a poi(@$teb+8) poi(@$teb+4) "Rtl" //Output 0fd3d906 52 74 6c 47 65 74 50 72-6f 64 75 63 74 49 6e 66 RtlGetProductInf Search for a unicode string […]
Continue reading…

 

.loadby sos clr fails! Why?

You have a managed application crash dump and you would like to load sos.dll, to use the powerful commands it provides to help with managed debugging, but the load of sos.dll always fails. The command that you are executing for loading sos.dll is… 0:015> .loadby sos clr Unable to find module ‘clr’ On enter you […]
Continue reading…

 

Automatically launching CDB to take a dump of a native/managed crash

Found a nice article which describes how to take native/managed crash dumps automatically using CDB as soon as a crash takes place. We know that for CLR 2.0 we’ve got to configure crash handler settings at two places in the registry for a native and managed application. For native HKLMSoftwareMicrosoftWindows NTCurrent VersionAeDebugDebugger HKLMSoftwareMicrosoftWindows NTCurrent VersionAeDebugAuto For managed HKLMSoftwareMicrosoft.NETFrameworkDbgManagedDebugger […]
Continue reading…

 

Dump file

This blog entry deals with user mode dumps only. Kernel mode dump files is not dealt with here but should be quite similar. Define dump file It is the memory snapshot of a process. The dump file saves all information pertaining to a process. The information include, loaded modules/dlls, handles, executing threads and other stuffs. Optionally we can […]
Continue reading…

 

Breakpoints in Windbg

WinDbg rocks. 🙂 Setting breakpoints is very easy in WinDbg. The command to set a breakpoint is ‘bp’. So if you want to break whenever a dll is loaded into a process then type in following command… [sourcecode language=”cpp”]bp kernel32!LoadLibraryW[/sourcecode] So to trigger this breakpoint attach ‘notepad.exe’ to the debugger and then type in this command. Now let the app run […]
Continue reading…

 

Breakpoints in Visual Studio

What’s a breakpoint? A breakpoint is defined as the location where a debugger breaks execution to allow the user to have a look or to modify the execution context. What’s new with breakpoints? With visual studio 2005 and 2008 behavior of breakpoint has changed. Some features that were added are as follows… Know hit count […]
Continue reading…

 

Debugging WM_PAINT messages

It’s always irritating to debug paint messages and sometimes expensive too. I’ve tried different methods to try debug painting issues, always ended up disappointed. Why is it such a pain to debug WM_PAINT messages? Main reason is, we are not in control. Paint messages comes via a window framework. Painting is done whenever a window […]
Continue reading…