windbg | 易学教程

WinDbg: APPLICATION_HANG_WRONG_SYMBOLS

阅读更多关于 WinDbg: APPLICATION_HANG_WRONG_SYMBOLS

问题 I'm pretty new to WinDbg and I'm trying to find a bug which has my application hanging for no appearent reason. I'm not sure I'm doing things right, but I understand that I need both symbols for the system dlls aswell as the .exe I'm debugging. Thus, I set up my symbol path like this: srv*c:\websymbols*http://msdl.microsoft.com/download/symbols;S:\MY\PATH The second path pointing to a folder where I placed the .pdb that was generated by VS. I'm positive that's the correct .pdb file, but it

Extract process dump from full memory dump

阅读更多关于 Extract process dump from full memory dump

问题 I've reached a bug, but I was unable to create a process dump. I've created a full memory dump of system. How could I extract a process dump using it? Windows . 回答1: You cannot. In general, some of the memory segments that belong to your process could be paged out and not resident in physical memory. This means that with full kernel memory dump you are not guaranteed to reconstruct process address space. In many cases you can extract useful information about process from kernel dump. However

Debugging Windows 8 App using windbg

阅读更多关于 Debugging Windows 8 App using windbg

问题 I have a Windows 8 Application Store app that needs to be debugged on one of our lab machines. The machines in the lab have windbg but do not have Visual Studio. When I launch the EXE using windbg, I get a message that says "This application can be ran only in the context of an app container". Is there anyway to get Windbg.exe to create the app container context? 回答1: WinDbg can attach pretty much to any running process. You can start your app in a regular way from the start screen and try to

Debugging a renamed DLL?

阅读更多关于 Debugging a renamed DLL?

问题 I am having problems trying to debug a DLL, which has been renamed during the post-build process: WinDBG fails to load the correct symbols (pdb file). Example: Original file name was: abc.dll The created PDB is named: abc.pdb During post-build process the DLL was renamed to 'a-b.DLL'. For some reason when debugging I can see the module apears as 'a_b.dll' (hyphen was replaced by underscore, not sure why this happen). In addition, WinDBG cannot load its symbols. I tried ld a_b /f abc , and

[Debug_Windows]Windbg 环境搭建

阅读更多关于 [Debug_Windows]Windbg 环境搭建

[应用场景]： Win 系统crash，BSOD 或者需要分析程序异常的时候，Windows 需要kernel debug 查看root cause. 1. 名词目标机(target)：被调试机器主机(host)：运行调试工具(windbg)的机器 2. Requirements: A USB 3.0 debug cable.This is an A-A crossover cable that has only the USB 3.0 lines and no Vbus. 特殊定制的USB 3.0 AM-AM线缆，淘宝可以买到，链接: https://shop129099241.taobao.com Disable Secure Boot on the target PC in BIOS 操作系统 Windows 8 或 Windows Server 2012以上版本(主机，目标机) 3.1 设置目标机 1> 在目标机上运行UsbView 2> 找出所有的xHCI Controller 3> 查找xHCI Controller下的Port，找到支持调试的端口 [Port10] Is Port User Connectable: yes Is Port Debug Capable: yes Companion Port Number: 1 Companion Hub

windbg dump command fails with error 0x8007012b

阅读更多关于 windbg dump command fails with error 0x8007012b

问题 A customer is attempting to capture a minidump of a hang. He fires up WindDbg and successfully attaches to the process. WinDbg displays its header: Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. and the loaded modules are enumerated. He enters a dump command: .dump /m c:\problem.dmp It reports: Creating c:\problem.dmp - mini user dump WriteMemoryFromProcess.Read(0x1f1e000, 0x2000) failed, 0x8007012b Dump creation failed,

Windbg: psscor4 doesn't work

阅读更多关于 Windbg: psscor4 doesn't work

问题 I searched and tried a lot of things, but can't get psscor4 to work properly. When I invoke !threads , I'm always getting Failed to request ThreadStore The things I checked are as follows: I'm having a .NET 4 application that's compiled for X86 platform I'm using Windbg version 6.2.9200.16384, X86 version I'm using current psscor4 from Microsoft and it loads properly. I'm loading the X86 version, so that should be fine Symbols are loaded from MS Symbol server (command .symfix+ , then .reload

Please explain !SyncBlk the windbg command

阅读更多关于 Please explain !SyncBlk the windbg command

问题 Firstly, is there a command for getting help and parameters for each sos command in windbg ? Secondly, I'd like to understand !syncblk output Index SyncBlock MonitorHeld Recursion Owning Thread Info SyncBlock Owner 201 05b9493c 979 1 05bc1040 bcc 45 022f3490 System.Collections.ArrayList 2875 05b4c914 1 1 17b99e10 1af8 290 024862d8 MyClass 2945 05b4b66c 1 1 17d1a290 12c0 752 02482940 MyClass MonitorHeld shows # of monitor held by the synblk . 1 for write and 2 for read, but what does the rest

How to diagnose what is keeping dead threads from being recycled in .NET

阅读更多关于 How to diagnose what is keeping dead threads from being recycled in .NET

问题 A self-hosted C# ASP.NET WEB.API application stops responding to HTTP GET / POST operations in production. I have a memory dump taken from the production server. The only thing unusual in the dmp is a relatively high number of dead threads. Truncated !Threads output: 0:000> !Threads ThreadCount: 116 UnstartedThread: 0 BackgroundThread: 5 PendingThread: 0 DeadThread: 110 Hosted Runtime: no XXXX 2d 04b87ca0 1019820 Enabled 00000000:00000000 0015e800 0 Ukn (Threadpool Worker) XXXX 2e 04b87390

WinDbg常用命令系列---sx, sxd, sxe, sxi, sxn, sxr, sx- (设置异常)

阅读更多关于 WinDbg常用命令系列---sx, sxd, sxe, sxi, sxn, sxr, sx- (设置异常)

简介 sx*命令控制调试器在正在调试的应用程序中发生异常或发生某些事件时采取的操作。使用形式 sx sx { e | d | i | n } [ -c " Cmd1 " ] [ -c2 " Cmd2 " ] [ -h ] {Exception|Event| * } sx- [ -c " Cmd1 " ] [ -c2 " Cmd2 " ] {Exception|Event| * } sxr 参数 -c " Cmd1 " 指定在发生异常或事件时执行的命令。当处理此异常的第一次机会发生时，无论此异常是否中断调试器，都将执行此命令。必须将 Cmd1 字符串用引号引起来。此字符串可以包含用分号分隔的多个命令。 -C 和带引号的命令字符串之间的空格是可选的。 -c2 " Cmd2 " 指定在发生异常或事件并且在第一次机会未处理时执行的命令。当第二次处理此异常时，会执行此命令，无论此异常是否中断调试器。必须将 Cmd2 字符串用引号引起来。此字符串可以包含用分号分隔的多个命令。 -C2 和带引号的命令字符串之间的空格是可选的。 -h 更改指定事件的处理状态，而不是其中断状态。如果事件为 cc 、 hc 、 bpec 或 ssec ，则无需使用 -h 选项。 Exception 以当前基数指定命令作用于的异常号。 Event 指定命令所作用的事件。这些事件用简短的缩写来表示。