windbg

问题 I have a dump file and loaded it with WinDbg. I've used !pe (print exceptions) to see the exception (a null reference exception). However, it points me to a method that contains ~100 lines. Is it possible to find out the line where the exception is thrown away? 0:000> !pe Exception object: 00000000822e7e28 Exception type: System.NullReferenceException Message: Object reference not set to an instance of an object. InnerException: <none> StackTrace (generated): SP IP Function 00000000001FBDC0

问题 I do a lot "academic" security projects mostly targeted at Linux platforms but recently I've had some interest in Windows. So what I'm I've done is make some small tools like an app to crash other apps and such, just to provoke behavior. So I've had to use WINDBG a lot for stepping through processes, which is been pretty useful, way cooler than GDB(linux). So the tool I'm trying to make now is essentially just like the stepping feature in WINDBG. What I can do is launch a process as a System

问题 I am in debugger session with WinDbg. I type lm command and it shows loaded modules but I don't quite understand what does the (export symbols) mean below? 048c0000 0550c000 Db (export symbols) Db.dll 05520000 05535000 Graph (export symbols) Graph.dll I was expecting it will either say symbols not loaded or loaded or deferred but it's none of that. What does the (export symbols) indicate in this case? 回答1: Exported symbols means that no PDB file was loaded and the symbols have been read from

问题 My application crashes occasionally at customer machine after running for 3-4 days. Is it possible to attach the application to a debugger like ADplus automatically when the application starts? This is for generating the dump file whenever the application crashes. 回答1: Since you want to use ADPlus I assume a windows only solution will do it. In this case you could install a post mortem debugger. It will pop up as soon as your app crashes. I usually use windbg. 回答2: You may want to look at the

问题 How can I debug a scenario where a Visual C++ 2010 SP1 application is unable to completely load its dependencies, and quits prematurely, without showing its UI? I am interested in a good guides to Fusion Logs, dependency walker, and remote debugger, if you think they are relevant. Is it something that can be easily verified with WinDbg? What about Process Explorer? Is it possible to launch a process on a remote machine with remote debugger attached? Would it be possible to verify if a proper

问题 Got a stack trace that ends in an unloaded module. To make sure the stack makes sense I would like to disassemble the unloaded module (in other to check whether a call can start on the address given (access violation: attempt to read from an invalid address)). I can load the module (windbg): .reload Unloaded.Dll=base,size But after this reload I’m not able to disassemble the code. Is there a way to accomplish this? Thanks in advance for any help! GMore 回答1: Tip from Marc Sherman (see comments

问题 There's an old question asking whether C# is JIT compiled every time and the answer by famous Jon Skeet is: "no, it's compiled only once per application" as long as we're talking about desktop applications which are not NGENed. I want to know if that information from 2009 is still true and I want to figure that out by experiment and debugging, potentially by putting a breakpoint on the JITter and using WinDbg commands to inspect objects and methods. My research so far I know that the .NET

问题 Since I started using outlook with GoogleCalendarSync i'm experiencing hangs every once in awhile. I used ADPlus to create a hang dump of the process (using adplus -hang -pn outlook.exe -o c:\dumps ). When I read the dump via WinDBG I use the command !analyze -v -hang , but I can't figure out what exactly went wrong. The output of the command is: ******************************************************************************* * * * Exception Analysis * * * *************************************

问题 I am trying to run an application, but the application exits due to an access violation. Running the application in the debugger I can see that this is caused by an unloaded library. I can not wait for the next release of the application, so I'm trying to workaround the problem. I wonder whether WinDbg provides a way of increasing the reference count of a loaded module, similar to the C++ LoadLibrary() call. I could then break on module loads and increase the reference count on the affected

问题 I'm debugging a program that's crashing with WinDbg set as my post-mortem debugger. I have set a breakpoint at address 77f7f571. When it's triggered, I used to get the following: *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\ntdll.dll - ntdll!DbgBreakPoint+0x1: Then I followed the instructions from http://www.osronline.com/ShowThread.cfm?link=178221, and now I just get ntdll!DbgBreakPoint+0x1: I'd like to remove this breakpoint, but I can't get