windbg

how to set breakpoint and show source code when using cdb to debug c++ programs?

送分小仙女□ 提交于 2019-12-26 18:23:05
问题 why bp main failed? how to list source code as gdb's list command does? this question is not the same as CDB command for setting a breakpoint based on a line number seems cdb can be used with windbg, but is that possible to use cdb a bit similar to gdb? 回答1: cdb allows 3 different commands to set breakpoints: bp, bm, and bu bp accepts arguments that are numeric addresses bm accepts arguments that are textual symbols in a module that is already loaded bu accepts arguments that are textual

WinDbG工具实践

流过昼夜 提交于 2019-12-26 10:19:18
WinDBG工具 WinDBG用来分析服务器上产生的dump文件信息 处理CPU占满,内存居高不下的问题。 程序死锁的问题 处理步骤 0 查看iis应用程序池对应的进程ID c:\windows\system32\inetsrv\appcmd list wp 找出w3wp.exe对应的Web应用 使用producmp 工具监控服务器,当内存占用超过多少时生成dump文件 procdump64 w3wp -ma 20480 -o D:\Dumps (当内存超过20G时生成Dump文件) 使用windb工具打开dump文件,并设置好符号文件(Symbol文件)及pdb文件的路径,设置代码路径 使用windb工具的命令进行分析操作 载入sos.dll 执行.load C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.DLL 需要根据程序的的版本来选择sos.dll文件的加载路径 常用命令分析 !help sos指令帮助 !threads 显示所有线程 !threadpool(!tp) 显示程序池信息 !ProcInfo 显示进程信息 !dumpheap 显示托管堆的信息 !dumpheap -stat 检查当前所有托管类型的统计信息 !dumpheap -type Person –stat 在堆中查找指定类型(person)对象

In WinDbg, can I use software breakpoints without having symbols?

六月ゝ 毕业季﹏ 提交于 2019-12-25 11:34:36
问题 I'm having trouble using software breakpoints in WinDbg in order to break in a given address. It's a Visual C++ 6.0 MFC executable without symbols (belive me, I just can not generate the symbols). Suppose my executable image is named image00400000 . Using Software Breakpoints (bp): 0:000> bp image00400000 + 0x003ba1eb 0:000> bl 0 e 007ba1eb 0001 (0001) 0:**** image00400000+0x3ba1eb 0:000> g I get the relative address (0x003ba1eb) from the .map file (this one I got it). I pick up a line which

WinDBG works with Dump saved from Visual Studio 2015 but not Task Manager. Shows Exception Code “not found”

倖福魔咒の 提交于 2019-12-25 09:49:12
问题 I cannot get dump files created with Task Manager (32 or 64 bit) or Process Explorer to give useful results in WinDBG or Visual Studio 2015, whereas the dump written directly from VS works brilliantly in both. I need Task Manager dumps to work so that I can analyse dump files sent by my end users. I have reduced the problem to the simplest possible Win32 application, created in VS 2015 C++, with a deliberate NULL pointer write to cause an exception. If I run the program in VS and use Save

How to prove there is IO pending behind the thread pool worker thread?

北慕城南 提交于 2019-12-25 08:59:20
问题 One of application have hundreds of thread pool threads pending with the call stack below after a network down; BTW, before the network down, there is only dozens of threads, however after the network down, the number of threads increased to around 400 hundreds in very short time, and keeping that number unchanged for a very long time until we reboot the server. 00000020`a864fc58 00007fff`d4ea1118 ntdll!NtWaitForSingleObject+0xa 00000020`a864fc60 00007fff`ce50ce66 KERNELBASE

how EPROCESS DirBase generated maybe “VAD tree root”?

社会主义新天地 提交于 2019-12-25 08:29:37
问题 i dump some process data. I got DirBase value as 00030000 How windows generate this value ? Any AVL Tree data structure at the begining of kernel gives this data? I want to learn how process is created internally on kernel. What kind of global variables assigns DirBase , ObjectTable etc values. Here is some sample windbg: !process fb667a00 7 PROCESS fb667a00 Cid: 0002 Peb: 00000000 ParentCid: 0000 DirBase: 00030000 ObjectTable: e1000f88 TableSize: 112. When a process created by system. System

WinDbg c-level debugging?

a 夏天 提交于 2019-12-25 05:20:41
问题 Just started to step my kernel mode usb driver and it is in assembler. How do I configure WinDbg to c-level debugging? This is how i looks now =/ MyDriver!MyDriver_EvtDeviceAdd+0xb: af20801b 833d647020af03 cmp dword ptr [MyDriver!DebugLevel (af207064)],3 0: kd> p MyDriver!MyDriver_EvtDeviceAdd+0x2e: af20803e ff15006020af call dword ptr [MyDriver!_imp__KeGetCurrentIrql (af206000)] 0: kd> p MyDriver!MyDriver_EvtDeviceAdd+0x58: af208068 8d95a8feffff lea edx,[ebp-158h] 0: kd> p MyDriver!MyDriver

Which version of sos and clr/mscorwks.dll to load?

醉酒当歌 提交于 2019-12-24 23:58:13
问题 I have a 32-bit application (targeting .NET 3.5) hosted on a 64-bit machine. I want to analyze the memory dump of this 32-bit application. I captured the memory dump using 32-bit adplus and cdb. I am loading the memory dump into 32-bit windbg. When I load .net 2.0 sos.dll and .net 2.0 mscorwks.dll into windbg and execute !clrstack, I get the following error: "Failed to find runtime DLL (mscorwks.dll), 0x80004005 Extension commands need mscorwks.dll in order to have something to do." What am I

cdb and windbg unable to load MiniDumps, but VS 2008 loads them fine

坚强是说给别人听的谎言 提交于 2019-12-24 16:34:18
问题 I am trying to build some automated crash dump analysis, but I cannot get cdb or windbg to load my crash dumps. They load just fine in VS 2008. When I run dumpchk.exe on the file, I get: Loading Dump File [c:\devx86\temp\ErrorDump.mdmp] User Mini Dump File: Only registers, stack and portions of memory are available ERROR: Memory range data only partially present in dump (RVA 0x1011F, size 0x94) **** DebugClient cannot open DumpFile - error 80070570 DumpFile is corrupt When I run cdb on the

Can I use WinDbg to dump structs for other platforms?

风流意气都作罢 提交于 2019-12-24 14:10:59
问题 I'm using WinDbg to dump struct information, for example: lkd> dt nt!_LIST_ENTRY +0x000 Flink : Ptr32 _LIST_ENTRY +0x004 Blink : Ptr32 _LIST_ENTRY The example above shows the 32-bit version of the _LIST_ENTRY struct. The 64-bit version is larger, with Blink at 0x008 . I understand that I can debug remote systems or analyze crash dumps, as long as I load the correct symbols for those Windows versions. My question: Is it possible to dump structs for different Windows versions than the one I am
订阅 windbg