windbg

.exr (Display Exception Record) .exr命令显示异常记录的内容。 . exr Address . exr - 1 参数： Address 指定异常记录的地址。如果指定-1作为地址，调试器将显示最新的异常。 环境： ģʽ 用户模式下，内核模式 目标 实时、 崩溃转储 ƽ̨ 全部 .exr命令显示与调试器在目标计算机上遇到的异常相关的信息。 显示的信息包括异常地址、异常代码、异常标志和异常参数的变量列表。 通常可以通过使用!pcr扩展命令获取地址。 下面的例子是在dmp文件里的演示 这个是一个具体异常记录地址 0 : 000 > . exr 010fd1c8 ExceptionAddress : 694c4b4c ( nvoglv32 ! DrvPresentBuffers + 0x000c19fc ) ExceptionCode : c0000005 ( Access violation ) ExceptionFlags : 00000000 NumberParameters : 2 Parameter [ 0 ]: 00000000 Parameter [ 1 ]: 4592e000 Attempt to read from address 4592e000 这个地址用-1的结果 0 : 000 > . exr - 1 *** ERROR :

lsf, lsf- (Load or Unload Source File) lsf和lsf-命令加载或卸载源文件。 lsf Filename lsf- Filename 参数： Filename 指定要加载或卸载的文件。如果此文件不在从中打开调试器的目录中，则必须包含绝对路径或相对路径。文件名必须遵循Microsoft Windows文件名惯例。 lsf命令加载源文件。lsf-命令卸载源文件。可以使用此命令卸载以前使用lsf加载的文件或自动加载的源文件。不能使用lsf-卸载通过windbg的file|open source file命令加载的文件或windbg工作区加载的文件。在cdb或kd中，可以在调试器命令窗口中查看源文件。在windbg中，源文件作为新的源窗口加载。 lsc (List Current Source) lsc命令显示当前源文件名和行号。 lsc lse (Launch Source Editor) 该命令打开当前源文件的编辑器。 lse lse命令打开当前源文件的编辑器。此命令相当于在windbg的源窗口的快捷菜单中单击“编辑此文件”。发布服务器在运行目标的计算机上打开，因此您不能从远程客户端使用lse命令。windiff编辑器注册表信息或WINDBG_INVOKE_EDITOR环境变量的值决定打开哪个编辑器。例如，考虑WINDBG_INVOKE

~ (Thread Status) 波浪符（~）命令显示指定线程或当前进程中所有线程的状态。 ~ Thread 参数： Thread 指定要显示的线程。如果省略此参数，将显示所有线程。 环境： ģʽ 仅限用户模式 目标 实时、 崩溃转储 ƽ̨ 全部 可以在许多命令之前添加线程符号。下面的示例向您展示如何使用此命令。以下命令显示所有线程状态。 0 : 067 > ~ 0 Id : 2854.2fe8 Suspend : 1 Teb : 00dfc000 Unfrozen 1 Id : 2854.24c8 Suspend : 1 Teb : 00dff000 Unfrozen 2 Id : 2854.1fd4 Suspend : 1 Teb : 00c02000 Unfrozen 3 Id : 2854.1d60 Suspend : 1 Teb : 00c05000 Unfrozen 4 Id : 2854.5ac Suspend : 1 Teb : 00c08000 Unfrozen 5 Id : 2854.1504 Suspend : 1 Teb : 00c0e000 Unfrozen 6 Id : 2854.3200 Suspend : 1 Teb : 00c11000 Unfrozen 7 Id : 2854.290 Suspend : 1 Teb : 00c14000

有很多的环境变量，主要分为常规环境变量和内核模式环境变量。下面分别列出。 常规环境变量 下表列出了可在用户模式和内核模式调试的环境变量。 变量 含义 _NT_DEBUGGER_EXTENSION_PATH = Path 指定调试器将先搜索扩展 Dll 的路径。 路径 可以包含驱动器号后, 接一个冒号 ( : )。 用分号分隔多个目录 ( ; )。 有关详细信息，请参阅 加载的调试器扩展 Dll 。 _NT_EXECUTABLE_IMAGE_PATH = Path 指定包含二进制可执行文件的路径。 路径 可以包含驱动器号后, 接一个冒号 ( : )。 用分号分隔多个目录 ( ; )。 _NT_SOURCE_PATH = Path 指定包含目标的源代码文件的路径。 路径 可以包含驱动器号后, 接一个冒号 ( : )。 用分号分隔多个目录 ( ; )。 有关详细信息，以及更改此路径的其他方法，请参阅 源路径 。 _NT_SYMBOL_PATH = Path 指定包含符号文件的目录树的根。 路径 可以包含驱动器号后, 接一个冒号 ( : )。 用分号分隔多个目录 ( ; )。 有关详细信息，以及更改此路径的其他方法，请参阅 符号路径 。 _NT_ALT_SYMBOL_PATH = Path 指定搜索之前 _NT_SYMBOL_PATH 替代符号路径。 这可用于保留符号文件的专用版本。 路径

I am trying to set a breakpoint into a Windows service that starts at boot time. Because of an unfortunate mistake on my end, the service forces the machine into a reboot loop: this means that I can't get to a stable state from which I could deploy a fix, and obviously I can't try to debug the service at a more convenient time. I can use windbg in kernel mode. I'd very much like to break when the service hits the wmain function, but I'm having issues with that. Up to now, I found that I can stop when the image is loaded by using the following commands: !gflag +ksl sxe ld MyServiceExecutable

I try to use the winDBG to debug a dump file. When I run .loadby sos mscorwks.dll It gave me an error message. Unable to find module 'mscorwks.dll' Has anyone seen this before? Martin Moser Don't add the .dll, try just .loadby sos mscorwks If you are debugging a .NET 4.0 application, you need to use the following instead of mscorwks : .loadby sos clr Here is a good overview of the commands available for .NET 4.0. Enjoy!! I had this issue as well and it turned out to be because the debugger was breaking into the app before the CLR was loaded. I had to let the app run throug further before I

How can I Save Output of a command in WinDbg to a Text File? Simon P Stevens Start WinDbg from the command line using the -logo option: windbg.exe -logo logfile.txt That will get everything done logged to the file specified. You can find more details of the command line options here . Or, if you are already in a debugging session, you can use the .logopen command to start logging. For more info on this command see here Or you can click edit->Open/Close log file in the WinDbg GUI. More info on log files is here . You can use .logopen , all of the commands you input and response from windbg will

I'm trying to install WinDbg from this page , just under the Debugging Tools for Windows 10 (WinDbg) section. However, when I download the executable and run it, it tells me that You must uninstall the Windows Software Development Kit - Windows 10.0.10586.15 before you can install the latest version of the kit. I'm guessing this probably has to do with the fact that I already have VS 2015 (and the Windows 10 SDK) installed. However, when I go to the Developer Command Prompt and type in > where windbg it tells me that it can't find WinDbg. How, then, do I install it without doing anything

What is the best resource for learning the features and benefits of windbg? I want to be able to discuss investigate memory issues (handles, objects), performance issues, etc . . . These are some I like: Maoni Stephens and Claudio Caldato's article on MSDN Maoni's blog (it is not updated recently but it contains a lot of useful material) Tess Fernandez has a a LOT of info reguarding windbg check out her video from teched in Barcellona. She also has an article called " Learning .NET Debugging " which will certainly be helpful. I suggest you to subscribe to this blog it is allways full with

I'm debugging some random crash bugs, but actually very difficult to go deep into. Because when i open crash dump, only find one error: 0:000> .exr -1 ExceptionAddress: 00000000 ExceptionCode: 80000003 (Break instruction exception) ExceptionFlags: 00000000 NumberParameters: 0 Actually i haven't set any hard-code breakpoint in code, so i search about this exception in google, some people said this exception may be caused by heap corruption. So my question is, Is there any other reason why cause this exception, except hard-code breakpoint, manual breakpoint while debugging, heap corruption?