windbg

问题 Why am I getting a Invalid parameter poi(adr+4) when I run the following command in WinDbg while debugging a dump file? .foreach ( adr { !dumpheap -mt 66df13d4 -short } ) { !do poi(adr+4); } The following shows that the value of adr is getting populated just fine. .foreach ( adr { !dumpheap -mt 66df13d4 -short } ) { .echo adr; } I want to get the contents of a .NET string variable that is stored at the 4th offset of a System.Web.Caching.CacheEntry object. 回答1: You need to have spaces around

问题 Does anyone know if there is a cap on the number of DLLs WinDbg can see ? I believe Visual Studio was once capped at 500 but I can't find a source for this claim outside of some second hand accounts at work. I'm trying to debug a hairy scenario and WinDbg's stack trace is incomplete. According to Process Explorer, the module I'm interested in is loaded but it doesn't show up in the output of 'lm' in WinDbg. Suspiciously, said output is exactly 500 modules long, even though I know there are

问题 I'm debugging a crash dump file for a .NET 2.0 assembly in WinDbg. When I type "lm" into WinDbg, I get a long list of loaded modules like this: 723c0000 72950000 mscorwks (deferred) . . What does "deferred" mean here? Do I need to worry about it? 回答1: It just means no symbols where loaded yet for this module. So don't worry about that. See lm (List Loaded Modules) The symbol type immediately follows the module name. This column is not labeled. For more information about the various status

问题 I have a .NET windows service that is calling cdb.exe to analyze crash dumps. I want to download the symbols from http://msdl.microsoft.com automatically when needed, using the argument: -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols If I run the application as a console application, It works as expected and it downloads the needed symbols for each dump. The problem is when I start the app as a windows service, the symbols are not downloaded and, if I turn symnoisy on, at cdb's

问题 Is there a way to iterate through all frames in windbg? (or to run dv for each stack frame) For example: ~*e !mk -cc will iterate through all threads and call !mk -cc What I want is basically: For each thread: switch to thread: ~0s For each frame in that thread: .frame 00 dv Just wondering if there is a way to automate this? Currently I am able to generate a script to do: ~0s .frame 00 dv .frame 01 dv .frame 02 ... But this is a multistep process, and I want to automate it all. 回答1: You can

问题 I am analysing AcroRd32.exe with WinDbg. AcroRd32.exe has 2 processes, one （father-p） starts another (child-p). I use .childdbg 1 and |1s etc. commands to debug these two processes. I switch to child-p, then switch back to father-p, monitoring kernel32.dll's CreateFileW and ReadFile APIs with conditional breakpoint. While opening a.pdf , only CreateFileW is invoked with parameter "C:\a.pdf". I remember the return value of CreateFileW , the file handle, use a conditional breakpoint to monitor

问题 I have a crash dump of Eclipse and want to report a bug. For the bug report, I'd like to specify the version of Eclipse that crashed, since it might be related to the problem. Unfortunately, my usual way does not work, lm vm does not show version information: 0:048> lm vm eclipse start end module name 00000000`00400000 00000000`0044f000 eclipse (deferred) Image path: C:\Program Files\eclipse\eclipse.exe Image name: eclipse.exe Timestamp: Wed Feb 04 14:12:28 2015 (54D21ABC) CheckSum: 00050686

问题 I would like to dump the fields and offsets of structures in the same way as windbg's dt command. Let's say for example I would like to dump the _PEB structure which is in the Microsoft Public symbols (since windbg's DT command works). From MSDN documentation I understood that the SymFromName function should be able to do this, below the is the code I've tried that fails on SymFromName with LastError 126 (The specified module could not be found). From the registered Callback I get the

问题 Recently, my asp.net application crashed. I got the event logs on windows, two type exception message: Application: w3wp.exe Framework Version: v4.0.30319 Description: The process was terminated due to an internal error in the .NET Runtime at IP 000007FEF9CFDDE3 (000007FEF9B00000) with exit code 80131506. Faulting application name: w3wp.exe, version: 7.5.7601.17514, time stamp: 0x4ce7afa2 Faulting module name: clr.dll, version: 4.0.30319.1008, time stamp: 0x517a18ff Exception code: 0xc0000005

问题 dbgrpc.exe that comes with windbg does not seem to work well under Windows 7. I have followed the instructions, enabling RPC state information as stated in MSDN I created test out-of-proc COM server and client, run client under debugger, invoke COM server method (step into method before return) and run dbgrpc. I was able to enumerate the RPC endpoints. However, when I try to get thread info like such: dbgrpc -t -P 1234 Nothing useful was printed - just header without any data row: PID CELL ID