Today I wanted to find out what the Debugger Engine (DbgEng) changes are between Windows 7 and the Windows 8 Developer Preview. To get the differences, I did a WinDiff between the SDK 7.1 ‘DbgEng.h’ header file and the new version (C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64...

I've written a three part series in MSDN Magazine that covers the Debugging API (specifically, DbgEng). Writing a Debugging Tools for Windows Extension - Part 1 - March 2011 Covers the build environment and the basics of Output, reading Memory and reading Registers Web: http://msdn.microsoft...

One of my debugger extensions commands uses IDebugDataSpaces2::QueryVirtual to iterate through the target’s address space to find particular size allocations (regions that are used for the TEB if you must know).  The code was working fine but on x64 dumps, I found that it was running quite slow...

To save a symbol lookup in a debugger extension, here are the hardcodes to use for StackBase and StackLimit. User Mode 32bit 0:000> dt nt!_TEB.Stack* ntdll!_TEB +0x000 NtTib : +0x004 StackBase : Ptr Void +0x008 StackLimit : Ptr Void User Mode 64bit 0:000> dt nt!_TEB NtTib...