windbg

Example: 0:074> !address -summary --- Usage Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotal Free 90919 7ec`34659000 ( 7.923 Tb) 99.03% <unclassified> 95426 12`3c3e9000 ( 72.941 Gb) 92.12% 0.89% Heap 744 1`7ee50000 ( 5.983 Gb) 7.56% 0.07% Image 4303 0`0f890000 ( 248.563 Mb) 0.31% 0.00% Stack 225 0`00de9000 ( 13.910 Mb) 0.02% 0.00% TEB 75 0`00096000 ( 600.000 kb) 0.00% 0.00% ActivationContextData 28 0`00025000 ( 148.000 kb) 0.00% 0.00% NlsTables 1 0`00023000 ( 140.000 kb) 0.00% 0.00% CsrSharedMemory 1 0`00006000 ( 24.000 kb) 0.00% 0.00% PEB 1 0`00001000 ( 4.000

I'm using a startup script for windbg, and would like to debug child processes (.childdbg 1). However, once I enable it, i find that windbg automatically breaks when the child process is created. I'm not sure why this is occurring, but here's the script I'm using: sxe -c ".echo ********** CLR 1st Chance Exception **********;!pe -nested;.echo ----------- CLRStack ----------;!clrstack;g" clr sxe -c ".echo Child Process Created;g" cpr sxe -c ".echo Child Process Exited;g" epr .load psscor2.dll .childdbg 1 I'm invoking this via the following command: windbg.exe -Q -c "$<c:\path\startup.ini" Foo

I'm currently trying to debug a system deadlock and I'm having a hard time understanding this. Child-SP RetAddr : Args to Child : Call Site fffff880`035cb760 fffff800`02ecef72 : 00000000`00000002 fffffa80`066e8b50 00000000`00000000 fffffa80`066a16e0 : nt!KiSwapContext+0x7a fffff880`035cb8a0 fffff800`02ee039f : fffffa80`0b9256b0 00000000`000007ff 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x1d2 fffff880`035cb930 fffff880`0312a5e4 : 00000000`00000000 fffff800`00000000 fffffa80`079a3c00 00000000`00000000 : nt!KeWaitForSingleObject+0x19 Why would the first argument for

Since last week, Word and Excel are often crashing, even on very simple documents. Just now, Firefox also crashed. What can I do to repair it or find the real root cause? I have already repaired Office installation using the Setup. All regular updates should be installed. Laptop is rebooted every day. I have configured WinDbg to attach and this is what I get. I also have a dump, so if you need more information, I can still get it. Here's info from my first dump of Word: 0:020> .exr -1 ExceptionAddress: 11fdf91c ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000

.logopen is not the answer, because it lets the command output to the windbg console. For example, !sosex.dumpgen 2 produces a helluva lot of output, which I do not want to see in the debugger console. Right now I am using the following: .shell -i- -ci "!dumpgen 2" cmd /c more > D:\tmp\dumpgen2.log My problem is that the more command is interactive and requires user input after outputting certain amount of data. This is a huge problem for me. One solution could be running the debugger itself non interactively with a script and use the .logopen command there. I wonder if I could achieve what I

Our Windows app is often hanging in memory and I'm trying to use windbg to track down the problem. I'm very new to windbg and could use some advice (I have started to read Advanced Windows Debugging though). The app is a mix of C++ and COM objects written in VB. Occasionally when you exit, the app appears to go away but task manager shows it hanging around in memory, apparently idle. !threads shows me this: ThreadCount: 2 UnstartedThread: 0 BackgroundThread: 2 PendingThread: 0 DeadThread: 0 Hosted Runtime: no PreEmptive GC Alloc Lock ID OSID ThreadOBJ State GC Context Domain Count APT

!teb 简介 !teb扩展显示线程环境块（teb）中信息的格式化视图。 使用形式 !teb [ TEB-Address ] 参数 TEB-Address 要检查其TEB的线程的十六进制地址。（这不是从线程的内核线程块派生的TEB地址。）如果在用户模式中省略了TEB地址，则使用当前线程的TEB。 如果在内核模式下省略，则显示与当前寄存器上下文相对应的TEB。 备注 TEB是Microsoft Windows线程控制结构的用户模式部分。 如果!teb扩展没有参数时，在内核模式下会给您一个错误，您应该使用!process用于确定所需线程的TEB地址。确保您的注册上下文设置为所需的线程，然后使用TEB地址作为!teb的参数。 以下是此命令在用户模式下的输出示例： 0:001> ~ 0 id: 324.458 Suspend: 1 Teb 7ffde000 Unfrozen . 1 id: 324.48c Suspend: 1 Teb 7ffdd000 Unfrozen 0:001> !teb TEB at 7FFDD000 ExceptionList: 76ffdc Stack Base: 770000 Stack Limit: 76f000 SubSystemTib: 0 FiberData: 1e00 ArbitraryUser: 0 Self: 7ffdd000

!heap 简介 !heap扩展显示堆使用信息、控制堆管理器中的断点、检测泄漏的堆块、搜索堆块或显示页堆信息。此扩展支持段堆和NT堆。使用!heap没有参数列出所有堆及其类型的堆。 使用形式 !heap [HeapOptions] [ValidationOptions] [Heap] !heap -b [{alloc|realloc|free} [Tag]] [Heap | BreakAddress] !heap -B {alloc|realloc|free} [Heap | BreakAddress] !heap -l !heap -s [SummaryOptions] [StatHeapAddress] !heap -i HeapAddress !heap -x [-v] Address !heap -p [PageHeapOptions] !heap -srch [Size] Pattern !heap -flt FilterOptions !heap -stat [-h Handle [-grp GroupBy [MaxDisplay]]] !heap [-p] -? !heap -triage [Handle | Address] 参数 这些参数适用于Segment和NT堆。 -s 指定正在请求摘要信息。如果省略SummaryOptions和StatHeapAddress