windbg 调试技巧
windbg 的调试技巧,留着备用 windbg使用入门 -- 配置调试系统 windbg使用入门 -- 开始调试(一) windbg使用入门 -- 开始调试(二) windbg使用入门 -- 开始调试(三) 来源: CSDN 作者: Zen星尘 链接: https://blog.csdn.net/msdnlearn/article/details/17380891
windbg
WinDBG__独立安装文件
debugging tools for windows 1、 来自于网页: http://rxwen.blogspot.hk/2010/04/standalone-windbg-v6120002633.html (需要 f/q) 下载下来两个文件: windbg_6.12.0002.633_64_installer.zip (ZC:貌似 这个是 安装文件) windbg_6.12.0002.633_x86.zip (ZC:貌似 这个不是安装文件,是安装好了之后打包的文件) 备份于:百度云(CodeSkill33) --> 全部文件 --> IDE__等_安装包 --> windbg_6.12.0002.633 。 2、 http://rxwen.blogspot.hk/2010/04/standalone-windbg-v6120002633.html 的网页截图(WinDBG_6.12.0002.633.jpg): 转载于:https://www.cnblogs.com/CodeSkill/p/5195865.html 来源: CSDN 作者: weixin_34342992 链接: https://blog.csdn.net/weixin_34342992/article/details/93236394
Windbg调试----Windbg入门
Windbg简单来说就是一个Windows下对用户态/内核态的程序进行调试,以及对Core Dump文件的分析。对于Crash,资源泄露,死锁等问题的分析,Windbg是一个强有力的利器。 相关资料 本人也是在维护和开发产品的过程中使用过Windbg,但并未对Windbg进行过系统和深入的学习,也通过这一系列的博客来完善自己对Windbg以及周边知识的理解与使用。我也列出自己正在或者即将阅读的书/资料与大家一起分享: << Windows用户态程序高效排错 >> << 软件调试 >> Modern Windows Exploit Development Windbg.org Windbg帮助文档翻译 安装Windbg 由于目前微软官网上并没有单独提供Windbg的下载安装包,可以通过以下两个途径获取: 下载安装WDK 有网友提供了单独的MSI安装包,可以通过Goole搜索获取 Windbg同时也分32位和64位版本,有网友建议是使用32位Windbg调试32位程序,64位Windbg调试64位程序。 本人平时使用64位的Windbg,如果需要分析32位的程序/Dump, 使用如下命令进行CPU模式的切换: .load wow64exts !sw Windbg调试程序 在使用Windbg调试程序之前,先给大家展示下我的测试程序: int main() { char * pStr =
WinDbg命令详解--远程调试
windbg + windbg方式 两边都是windbg。windbg本身支持的链接类型有很多:tcp、pipe、com、ssl等。这里只介绍tcp方式 设置方法: 目标机器(需要设置端口) 方式一:通过命令行 windbg.exe - server tcp : port = 12345 方式二:windbg运行过程中使用命令 .server tcp : port = 12345 本地机器(设置目标机器的Ip和端口) 方式一:通过命令行 windbg.exe - remote tcp : port = 12345, server = 192.168.1.101 方式二:运行时 通过菜单选择 File->Connect to Remot Session..., 在弹出的对话框中输入tcp : port = 12345, server = 192.168.1.101 通过上述方法即可链接目标机,并调试目标机程序。 此方法的特点: 1. pdb符号文件必须存放在目标机器。 2. 使用启动调试功能时,需要在目标机器使用windbg启动要调试的进程 pdb符号一般都很大,放在目标机确实有很多不便。有没有其他方式呢?咱们看第二种 windbg + dbgsrv 方式 目标机器使用dbgsrv,本地机器使用windbg dbgsrv是windbg中的一个组件 设置方法: 目标机器(需要设置端口)
Why this does not cause a memory leak when event is not unsubscribed
问题 I am trying to understand how events can cause a memory leak. I found a good explaination at this stackoverflow question but when looking at objects in Windg, I am getting confused with the result. To start with, I have a simple class as follows. class Person { public string LastName { get; set; } public string FirstName { get; set; } public event EventHandler UponWakingUp; public Person() { } public void Wakeup() { Console.WriteLine("Waking up"); if (UponWakingUp != null) UponWakingUp(null,
How to I resolve GetFrameContext failed in Windbg
I'm debugging a .NET 4.0 web application using a full crash dump and Windbg. I seem able to get all the versions of everything to match up however when I try to get the managed stack trace of all the thread I get OS Thread Id: 0x7cd4 (13) Child SP IP Call Site GetFrameContext failed: 1 For all of my managed threads. Any ideas what I'm doing wrong and how I can fix it? I was also getting this error, but I noticed that running !DumpStack does give me a trace when !ClrStack does not. According to this link it could just be a thread that has been scheduled but is not running. In other words not
Avoiding OutOfMemoryException during large, fast and frequent memory allocations in C#
Our application continuously allocates arrays for large quantities of data (say tens to hundreds of megabytes) which live for a shortish amount of time before being discarded. Done naively this can cause large object heap fragmentation, eventually causing the application to crash with an OutOfMemoryException despite the size of the currently live objects not being excessive. One way we have successfully managed this in the past is to chunk up the arrays to ensure they don't end up on the LOH, the idea being to avoid fragmentation by allowing memory to be compacted by the garbage collector. Our
How to identify array type?
问题 I have an OutOfMemoryException and I'd like to analyze the size and the type of the array which shall be created. I have created a demo purpose dump for that situation and I'm able to get the following information: 0:000> !pe Exception object: 023f389c Exception type: System.OutOfMemoryException Message: <none> InnerException: <none> StackTrace (generated): SP IP Function 0015EE44 0099007F OOM2!OOM2.Program.Main()+0xf StackTraceString: <none> HResult: 8007000e 0:000> !u 0099007F Normal JIT
What do the different columns in the “!heap -flt -s xxxx” windbg command represent
I've been doing some work on high memory issues, and I've been doing a lot of heap analysis in windbg, and I was curious what the different columns really mean in "!heap -flt -s xxxx" command. I read What do the 'size' numbers mean in the windbg !heap output? , and I looked in my "Windows Internals" book, but I still had a bunch of questions. So the columns and my questions are below. **HEAP_ENTRY** - What does this pointer really point to? How is it different than UserPtr? **Size** - What does this size mean? How is it different than UserSize? **Prev** - This just appears to be the negative
WinDbg常用命令系列---显示当前异常处理程序链!exchain
!exchain 这个 !exchain 扩展命令显示当前异常处理程序链。 !exchain [Options] 参数: Options 下列值之一: /c 如果检测到异常,则显示与调试C++ try/catch异常相关的信息。 /C 显示与调试C++try/catch异常相关的信息,即使在没有检测到异常的情况下也是如此。 /f 显示通过遍历CRT函数表获得的信息,即使未检测到CRT异常处理程序。 DLL Windows 2000 Ext.dll Windows XP and later Ext.dll 这个!exchain扩展命令仅适用于基于x86的目标计算机。显示当前线程的异常处理程序列表。 该列表从链上的第一个处理程序(第一个有机会处理异常的处理程序)开始,一直到最后。下面的示例显示了此扩展。 0:000> !exchain 0012fea8: Prymes!_except_handler3+0 (00407604) CRT scope 0, filter: Prymes!dzExcepError+e6 (00401576) func: Prymes!dzExcepError+ec (0040157c) 0012ffb0: Prymes!_except_handler3+0 (00407604) CRT scope 0, filter: Prymes