Stack Overflow
Stack Overflow

Questions tagged [windbg]

WinDbg is a user and kernel mode debugger for Windows. It can be used to debug both native and managed code.

WinDbg is a GUI-based, user- and kernel-mode debugger for Windows. It is part of the "Debugging Tools for Windows", a free download available from Microsoft.

WinDbg can be used to debug managed code by loading one or more extension DLLs. SOS.dll is available as part of the .NET framework. PSSCOR2.dll and SOSEX.dll are additional extensions for debugging managed code.

2892 questions
13
votes
3 answers

How to I resolve GetFrameContext failed in Windbg

I'm debugging a .NET 4.0 web application using a full crash dump and Windbg. I seem able to get all the versions of everything to match up however when I try to get the managed stack trace of all the thread I get OS Thread Id: 0x7cd4 (13) Child SP…
Mark
  • 5,223
  • 11
  • 51
  • 81
13
votes
4 answers

Good extensions for WinDBG?

Does anyone have any good extensions for WinDBG? Specifically managed code? I obviously use SOS, and I've heard/dabbled with a few others as necessary in the past, but never saved them (d'oh!). I don't really have any good collection of extensions…
Dlongnecker
  • 3,008
  • 3
  • 25
  • 40
13
votes
1 answer

How to find what is in unmanaged memory in Dump by WinDBG

I run for Dump File in WinDbg command !address -summary I results are something like this Usage Summary RgnCount Total Size %ofBusy %ofTota Free 3739 7ff5`dbbae000 ( 127.960 Tb) 99.97%
justromagod
  • 933
  • 9
  • 20
13
votes
3 answers

Kernel trace Windows 7 WinDbg

I'm getting no debug information when debugging en_windows_7_checked_build_dvd_x86_398742. I can't see even my own trace info (ATLTRACE). In opposite, Windows XP Checked works like a charm. I get "Bad QueryIdType:5" msg on debug session start with…
grzegorz_p
  • 483
  • 1
  • 4
  • 14
13
votes
2 answers

How to do hybrid user-mode/kernel-mode debugging?

Basically, I have a user mode program that calls kernel32.CreateProcessA() which internally calls kernel32.CreateProcessInternalW(). Within this function, I'm interested in what is happening inside ntdll.NtCreateSection() which attempts to map the…
byteptr
  • 1,275
  • 11
  • 15
13
votes
2 answers

Symbols for ngen-ed assemblies are not loaded

I am trying to decode the following call stack line from procmon: 29 System.Management.Automation.ni.dll System.Management.Automation.ni.dll + 0x897a0a 0x7fee2ae7a0a …
Sebastian
  • 3,764
  • 21
  • 28
13
votes
1 answer

WinDBG View Passed Arguments to Any Function

I'm using windbg to debug an Windows executable. I want to know how I can see arguments passed to any function using WinDBG. For example If I wanna know the parameters passed to function Kernel32!CreatefileA using Immunity Debugger or Olly debugger…
Dev.K.
  • 2,428
  • 5
  • 35
  • 49
13
votes
5 answers

Windbg: How to set breakpoint on one of the overloads of a C++ function?

I have two overloads of a c++ function and I would like to set a breakpoint on one of them: 0:000> bu myexe!displayerror Matched: 00000000`ff3c6100 myexe!displayError (int, HRESULT, wchar_t *) Matched: 00000000`ff3c60d0 myexe!displayError (int,…
user15071
  • 3,391
  • 8
  • 31
  • 31
13
votes
1 answer

Cannot switch to managed thread in WinDbg

I am exploring a minidump of an ASP.NET process with WinDbg, using SOS. If I list the managed threads I see a normal looking list of threads: 0:000> !threads ThreadCount: 8 UnstartedThread: 0 BackgroundThread: 8 PendingThread: 0 DeadThread: 0 Hosted…
andypaxo
  • 6,171
  • 3
  • 38
  • 53
12
votes
1 answer

type of process dump when its generated from task manager

Starting from Windows Vista, now one can generate a process dump right from task manager. Typically I generate a process dump either by using Adplus or right from Windbg. If I use one of these option, I have to provide some switches with my command…
palm snow
  • 2,392
  • 4
  • 29
  • 49
12
votes
1 answer

Determine thread wait time in WinDbg with user-mode dump

is there any way in WinDbg to determine since what date/time a Windows thread is blocked by functions like WaitForSingleObjects or WaitForMultipleObjects? I know how to do this in kernel debugging (using !thread), but I have no idea how to do this…
user128300
12
votes
1 answer

What is the exact difference between MEM_RESERVE and MEM_COMMIT states?

As I understand it MEM_RESERVE is actually 'free' memory, ie available to be used by my process, but just hasn't been allocated yet? Or it was previously allocated, but had since been freed? Specifically, see in my !address output below how I am…
pj4533
  • 1,701
  • 4
  • 17
  • 38
12
votes
3 answers

Crash dump - WinDbg - force PDB files to match doesn't work?

I have a crash dump for a customer's application built with a very old version of our dll (release build, don't have original symbols) that I've been analyzing in WinDbg. In order to get more information, I rebuilt the dll in release mode, with…
JosephA
  • 1,187
  • 3
  • 13
  • 27
12
votes
1 answer

windbg exception in sos.threads on first run

When I load a crash dump in windbg (x64), version 6.3.9600.16384, and load the sos extension for .net, the first time I run the !threads command I get this error: c0000005 Exception in C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sos.threads…
Chris Eldredge
  • 2,931
  • 2
  • 23
  • 33
12
votes
4 answers

How to find all instances of types that implement a given interface during debugging

I am looking for a way to locate all current instances on the heap of types that implement a given interface (during WinDbg debugging that is). As interfaces are not types in the sense that you can create instances of an interface, they obviously do…
Brian Rasmussen
  • 114,645
  • 34
  • 221
  • 317
1 2 3
99 100