windbg | 易学教程

Debugging Tools for Windows: Symbol Proxy doesn't proxy

阅读更多关于 Debugging Tools for Windows: Symbol Proxy doesn't proxy

问题 I'm attempting to set up a symbol proxy using symproxy.dll from Debugging Tools for Windows. When I issue ".reload /f" from the debugger, none of the symbol files can be found. It looks like Symproxy isn't going out to the Microsoft Symbol Server to actually get the symbols. I see nothing in Wireshark, for example. SYMPROXY.DLL is definitely being loaded -- I can see some entries in the Event Log, and http://my-server/symbols/status returns valid-looking information. I've followed the

can WinDbg connect to stdin of a debuggee which is running remotely

阅读更多关于 can WinDbg connect to stdin of a debuggee which is running remotely

问题 I'm having a hard time to control my application using WinDbg, I had already posted my question here and left that approach as I'm not able figure out a way on how to achieve that. Now I'm working on the approach that after breakpoint is hit, I would like to branch out my application execution and prompt input from user who is running the debugger. DWORD dwRand = 0; volatile bool bDebug = false; if (!bDebug) { dwRand = Rand(minValue, maxValue); } else { cout << "\n Enter dwRand: "; cin >>

WinDbg, host machine lose network if test machine is on the same switch

阅读更多关于 WinDbg, host machine lose network if test machine is on the same switch

问题 I have a really strange problem with WinDbg and would like to know if anyone can explain to me why it happens. So here is the setup: Debugging a target Windows 7 64bit machine with WinDbg Host machine running Windows 7 64bit also Host and Test machines connected via firewire Host and Test machines connected to the same switch (a Netgear gigabit switch, 8 port) Break into the test machine Problem: After about 10 seconds the host machine loses network connection What resolves the problem

Windbg - !clrstack

阅读更多关于 Windbg - !clrstack

问题 I'm attempting to debug a manual dump file of a 64bit w3wp process with 64bit Windbg (Version 6.10). The dump was taken with taskmgr. I can't get anything from the !clrstack command. Here is what I'm getting: !loadby sos clr !runaway User Mode Time Thread Time 17:cf4 0 days 5:37:42.455 ~17s ntdll!ZwDelayExecution+0xa: 00000000`776208fa c3 ret !clrstack GetFrameContext failed: 1 What is GetFrameContext failed: 1 ? 回答1: Use !dumpstack command instead of !clrstack. It usually works. 回答2: Try

!address command shows a different value for the User mode stack initial commit size

阅读更多关于 !address command shows a different value for the User mode stack initial commit size

问题 I read in Windows Internals that when a thread is created, by default 1 MB of virtual memory is reserved for the user stack. Out of this 1 MB, only the first page (0x1000) will be committed. I can see this when i dump the image header using dumpbin.exe. Here is what dumpbin shows: However when i dump the address space of this exe in Windbg using !address command, I see a difference. Windbg shows me that the initial committed size is equal to 3 pages i.e 0x3000 Does anyone know why there is a

!address command shows a different value for the User mode stack initial commit size

阅读更多关于 !address command shows a different value for the User mode stack initial commit size

RedirectedThreadFrame in Callstack

阅读更多关于 RedirectedThreadFrame in Callstack

问题 Has anyone seen a RedirectedThreadFrame in a callstack in windbg? That is from the managed callstack. I am seeing alot of exceptions being thrown inside the framework that I am never seeing bubbled to me and I am trying to figure out why. The native callstack just has: 0526f6b0 79f63d27 KERNEL32!RaiseException+0x53 0526f718 79f64102 mscorwks!Thread::RedirectedHandledJITCase+0x198 0526f720 00000000 mscorwks!Thread::RedirectedHandledJITCaseForGCThreadControl+0x7 The managed callstack has:

Using symstore.exe cannot load symbols for minidump in Windbg or Visual Studio

阅读更多关于 Using symstore.exe cannot load symbols for minidump in Windbg or Visual Studio

问题 In order to trace a crash in a Qt which only happens on a Windows 8 user machine I set up a local symbol server to use for debugging crash dumps. First I did a full build with the following flags set: QMAKE_CFLAGS_RELEASE += -Zi QMAKE_CXXFLAGS_RELEASE += -Zi QMAKE_LFLAGS_RELEASE += /DEBUG /OPT:REF and built an installer using Windows Installer and a VS deployment project. Then I ran the following symstore.exe command: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64>symstore.exe add /r

WinDbg命令系统

阅读更多关于 WinDbg命令系统

WinDbg命令系统 WinDbug三种命令 WinDbug是一个强大的调试器，大部分很多功能都是通过命令来实现的，命令在命令窗口中输入，主要分为以下三类：标准命令标准命令提供了调试器的基本功能，大部分都是一个字母，共有130多个命令类型代表命令程序控制类 g系列 t系列 p系列内存查看修改类 d系列 e系列 s等断点设置类 b系列观察堆栈 k系列反汇编命令 u系列其他命令 x q l s等在命令输入框输入？可以看到一些命令的简介注意事项：只用在程序在程序暂停时才能输入命令直接回车可以重复上一条命令按上下方向键可以浏览以前输入过的命令当命令提示框为 * BUSY* 的时候，无法立即执行命令元命令元命令作为标准命令的一个补充也被内置在了WinDbg中，其特点是一个“ . ”开头 ,通常是一个单词：例：.symopt .sympathy .asm .restart .reboot 输入.help可以查看到元命令以及他们的帮助说明扩展命令扩展命令通常用于实现特定调试的一些命令。他们实现与DLL中并非WinDbg内置，使用时一般以！开头，通常是一个单词。扩展命令存在的DLL被称之为扩展模块，使用.chain命令可以列出所有的扩展模块，大部分模块都有help命令来显示这个模块的基本信息以及所含有的命令。常用基本命令命令功能 lm

Switching from VS debugger to WinDbg

阅读更多关于 Switching from VS debugger to WinDbg

问题 Given I have started a live debugging session by clicking the Play button in Visual Studio ( F5 ) in order to launch the executable. Say that I find an interesting situation which cannot be analyzed in Visual Studio but I know how to analyze it in WinDbg. How would I detach Visual Studio and attach with WinDbg so that WinDbg is now the debugger? I have tried: detaching VS, but that will of course continue running the application, which I don't want attaching WinDbg. Only one debugger can be