windbg | 易学教程

ntdll module not loading correctly in windbg, but why?

阅读更多关于 ntdll module not loading correctly in windbg, but why?

问题 I've used windbg for user mode debugging before, but I suspect I did something to my system because I don't recall having a problem using for example the extension command !heap before. I can clearly see ntdll is a loaded module: 77760000 778e0000 ntdll (pdb symbols) C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\wntdll.pdb\FA9C48F9C11D4E0894B8970DECD92C972\wntdll.pdb 0:001> lmvm ntdll start end module name 77760000 778e0000 ntdll (pdb symbols) C:\Program Files (x86)\Windows Kits\8

Unable to load SOS in WinDbg

阅读更多关于 Unable to load SOS in WinDbg

Background: I'm new to WinDbg and trying to get it running for the first time. I want to examine a memory dump I took from a running ASP.NET 4 site hosted in IIS 7 on Windows Server 2008 (x86) and downloaded to my local machine. I installed the debugging tools and launched WinDbg for the first time, opening the crash dump. I went to File | Symbol File Path and set the path to *srv*c:\symbols*http://msdl.microsoft.com/download/symbols* and waited for all the symbols to load. When trying to load SOS, I ran into problems. First, I tried the following command... .loadby sos mscorwks ...and

Dump File analysis

阅读更多关于 Dump File analysis

Recently I start facing issue on few servers where CPU start consuming more resources than usual trend. I am trying to find out the root cause for this and took the dump of w3wp process from Task Manager(right click on process and took the dump). Now the dmp file size is 14GB and I am trying to analyze it through WinDBG but the tool is not working and getting message: I also took few minidumps but some of them opening fine while few are not so it's not related to confusion between 32bit or 64bit.(The collected dump is 64bit). I am trying to know what causing this issue. Is it file size or I am

How to debug corruption in the managed heap

阅读更多关于 How to debug corruption in the managed heap

问题 My program throws an error which it cannot handle by a catch(Exception e) block and then it crashes: Access Violation Corrupted State Exception. This is the weird thing, because, as I know, corrupted state exceptions are thrown from unmanaged code, while here I get this exception while calling a StringBuilder method. The code runs in a background thread and crashes from time to time which cannot be easily reproduced. So I attached WinDbg to the process and have the following stack of the

Getting windbg without the whole WDK?

阅读更多关于 Getting windbg without the whole WDK?

问题 Does anyone know how to get ahold of windbg without having to download the entire 620MB WDK ISO? All I can find on the net to download the debugger is this link, which says you have to get the whole WDK: http://www.microsoft.com/whdc/devtools/debugging/default.mspx. 回答1: Actually, Microsoft has now made the Debugging Tools downloadable separately from the SDK. Look for the section "Standalone Debugging Tools for Windows (WinDbg)" about mid-page: for Windows 8.1 for Windows 10 回答2: Officially,

What is an “Async Pinned Handle”?

阅读更多关于 What is an “Async Pinned Handle”?

I'm trying to investigate a really nasty software crash which is possibly related to a managed heap corruption (since it happens during a garbage collection). Using WinDbg with the (SOS) !gshandles command I get something like 0:000> !gchandles GC Handle Statistics: Strong Handles: 259 Pinned Handles: 137 Async Pinned Handles: 1 Ref Count Handles: 79 Weak Long Handles: 197 Weak Short Handles: 650 Other Handles: 0 Statistics: And I'm just curious, what is the difference between a "normal" pinned handle and an "async pinned" one? And can I find which one of my handles is the "async" one? I

How can you change an age-mismatched PDB to match properly?

阅读更多关于 How can you change an age-mismatched PDB to match properly?

问题 Our nightly build process was broken for a long time, such that it generated PDB files that were a few hours different in age than the corresponding image files. I have since fixed the problem. However, I would like to start using a symbol server, but cannot due to having to use these age-mismatched pdb files. I work around this issue by using the .symopt +0x40 method in windbg. That means I have to organize all my pdb files by hand, and after years upon years of releases, that adds up. I am

WinDBG - how to set all exception to be passed into app?

阅读更多关于 WinDBG - how to set all exception to be passed into app?

问题 How can I set all exceptions behavior to pass to application and not appear in debugger? I'm using IDA Pro 6.6 and WinDbg. 回答1: It's a bit awkward to do that for all exception types at once .foreach(exc {sx}) {.catch{sxd ${exc}}} What it does: {sx} : list all exception types (and current settings, which you actually don't want) exc : assign a variable .foreach(...) {...} : cut it into pieces of single words and execute a command sxd ${exc} : disable whatever is in variable exc .catch{...} :

How to get a Windows symbol server set up

阅读更多关于 How to get a Windows symbol server set up

问题 I have a spare server on the network that I'd like to have host all of our build symbols. I already know how to set up a symbol cache on my local development system and pointing my debugger (e.g. Windbg) to that path in 'Symbol File Path'. I presumed that I could do the same with another system on the network that has its own symbol cache (e.g. \\host\symbols). I set up the server and enabled file sharing on the directory, so I'm able to access it remotely through Windows Explorer. However,

Is there a known issue relating to Windows 7 Kernel Symbols?

阅读更多关于 Is there a known issue relating to Windows 7 Kernel Symbols?

I have a few Windows 7 machines that I am not able to read their memory dumps. I found something that I suspect may be related, but am not positive: https://twitter.com/aionescu/status/634028737458114560 I also found this: http://support.microsoft.com/kb/2528507 However, the scenario message regarding wow64exts given in the doc is not seen in any of my dumps. I also cannot apply that hotfix at this time to test it. So I'm just looking for some more information or opinions. I'm able to open any other OS dump as well as my own system's Windows 7 dump, but there are 2 other machines that run Win