windbg

I have a dump (created by SysInternal's procdump ) and when I ask to view the call stack of a thread I get the error: "WARNING: Unable to verify timestamp for mydll.dll" I own the source code for mydll.dll and I have the PDB file for it, the call stack seems valid but I would like to know what can be the cause of the message. In the past I did not get that warning message. Thank you. The reason might be that you don’t have the the binary for your mydll.dll available. Try to either put it in the same location as the .pdb or use the File -> Image path to point at the location. NB both the .pdb

How do I dump a struct using windbg, is there a dumpstruct command similar to dumpobject? Or can dumpobject dump structs aswell? Yes, you could use the !dumpvc command. Since structs don't have an object header, the debugger doesn't know its type, so you will have to pass it the struct's MethodTable address. >!DumpVC <METHOD_TABLE_ADDRESS> <OBJECT_ADDRESS> 来源： https://stackoverflow.com/questions/3717292/windbg-with-sos-how-to-dump-a-c-sharp-struct

windbg 常用命令详解 https://blog.csdn.net/chenyujing1234/article/details/7743460 vertarget 显示当前进程的大致信息 lmvm 可以查看任意一个dll的详细信息 例如：我们查看cyusb.sys的信息 lmf 列出当前进程中加载的所有dll文件和对应的路径 r 命令显示和修改寄存器上的值 d 命令显示esp寄存器指向的内存 ~ 命令是用来切换目标线程 0:018> ~ 可以显示线程的信息 0:018> ~0s 把当前的线程切换到0号线程，也就是主线程，切换后提示符会变为0:000. ~* 命令列出当前进程中的所有线程的详细信息 ~*kb 命令列出所有线程的堆栈 k 命令用来显示当前线程的堆栈 跟d命令一样，k后面也可以跟很多后缀，比如kb kp，kn，kv，kl等，这些后缀控制了显示的格式和信息。 KB显示三个参数 u 命令把指定地址上的代码翻译成汇编输出 x 查找符号的二进制地址如下 dds 打印内存地址上的二进制值 来源： https://www.cnblogs.com/sui84/p/11832607.html

I'm debugging a potential GDI Handle Leak. Thanks to @Alois Kraus , there is a WinDbg script which performs a handle count. From my debugging sessions, especially for .NET , I find that usually, it's better to have 32-bit dumps of 32-bit processes and 64-bit dumps of 64-bit processes. Unfortunately, with 2 crash dumps I received, the script does not work. Looking deeper into it, I found out that the GdiSharedHandleTable is null in those dumps: 0:000> dt ntdll!_PEB GdiSharedHandleTable @$peb +0x094 GdiSharedHandleTable : (null) Now, on his website , Alois mentions Important: If you are running

I made a dump (using -ma option and a trigger for high CPU in procdump.exe) of a .NET process and I want to see the clues in a running thread about what my code was doing. I get this: *** procdump -ma -c 65 -s 2 -n 3 service.exe *** Process exceeded 65% CPU for 2 seconds. Thread consuming CPU: 4396 (0x112c)' The indicated thread was executing that at the dump time: 0:022> k ChildEBP RetAddr WARNING: Frame IP not in any known module. Following frames may be wrong. 0990f104 040666ab 0x40656f8 0990f124 04066465 0x40666ab 0990f14c 040655e2 0x4066465 0990f160 040651f4 0x40655e2 0990f178 04065032

If I take dump, using Windbg, of Java process running on Windows Can I analyze (easly?) the Java heap, objects, and threads? Just like I could do with SOS for .Net process? Otherwise - how can I offline debug a problem happening on production systems? Thanks! There's a Java Heap Analysis Tool jvisualvm can be used to load a dump and then analyze it EDIT: This comes in the JDK redist... Windows minidumps (.dmp) can be used with these utilities: jvisualvm utility from JDK can get you both thread dump and heap dump Open jvisualvm In the Applications pane, find VM Coredumps Right-click it Select

We are trying to analyze a w3wp memory dump using windbg and we found that w3wp process is crashing due to stack overflow. I loaded the psscor4.dll and got the call stack by issuing !clrstack. But I also want to know the paramaters being passed to the methods. If I issue "!clrstack -p" or "!clrstack -a", we are getting <no data> for all the Parameters and local variables. Any idea, why we are getting <no data> instead of actual values for the Parameters and local variables ? If you're running a release build you will usually not be able to track locals and parameters as they are optimized and

I need the size of a variable and I want that value from Windbg command line. It's hard and useless to compile the code and add a C++ sizeof() only to get that value. From documentation I see that Windbg can filter after value dt /s . but displayng that value ? I use the dt command on the data type and then it’s easy see the layout and size. 0:000> dt CRect CrashTestD!CRect +0x000 left : Int4B +0x004 top : Int4B +0x008 right : Int4B +0x00c bottom : Int4B 0:000> dt long Int4B Or use the C++ evaluator 0:000> ?? sizeof(CRect) unsigned int 0x10 0:000> ?? sizeof(Float) unsigned int 4 来源： https:/