This article was just updated to include an internal Microsoft tool that is now public. There are many free tools used to troubleshoot and debug software. Below I present a list of the tools that my peers and I use most of the time. Though most of...

PFE has engineers who specialize in areas which can contain one or more technologies. This species is universally known as D3v PF3 (Developer PFE). Not everyone really knows their habits and role and, as a consequence, sometimes it’s hard for customers...

Here we go again after a long time without blogging and an even longer time without blogging about WinDBG scripts. When debugging dump files from .NET applications sometimes we may encounter a situation where we want to get the COM object referenced...

1- For reactive incidents: “Bring the engineer onsite because it is going to be easier to isolate the problem.” This is the most common misconception I’ve heard. Let me explain: most complex problems require deep debugging sessions...

A reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services. Do...

Last October the latest version of the PowerDbg tool was released, version 6.0. This release has major changes. For example, it is now easier to write scripts or otherwise just hack around the debugger, and includes the PowerDbgConsole, a bootstrapper...

Problem Description: Applications that use a great deal of TCP network activity may use all of the possible port numbers -- especially if they are very “chatty”. By default, when an application closes a TCP connection, the port number used...

Here is a new script from a PFE from Portugal, Marcio Parente. Marcio kindly shared his source code in this blog post, so here is the story behind the script followed by its source code. One report on a Reporting Server started to give this...

First, let me fix the title. It should be: “New PowerDbg – We Need Your Help”. I explain, a few weeks ago I received an e-mail from Piers Williams , a developer from Australia. Piers mentioned his blog article related to PowerDbg...

Whenever I’m debugging with customers watching it’s inevitable: they always ask me what this PSSCOR2.dll extension is. The next question is always if PSSCOR2.DLL is going to be public. PSSCOR2.DLL is a superset of SOS.DLL and has much more commands...

Israel Burman (Israel is one of the ADPlus creators and the guy who taught me the XPerf tool) and Mario Hewardt told me I should blog about the XPerf tool. Although I’m new to this tool I decided to follow their suggestions because I believe you’re...

When talking about editing memory, we usually think about patching code. Patching code means changing the binary code in memory for, let’s say, when you want to prove a hypothesis while debugging and you don’t have access to the source code. This is...

This version has a fix in Parse-PowerDbgDSO . Thanks to Igor Dvorkin that found the bug and suggested the fix. DOWNLOAD POWERDBG Download PowerDbg POWERDBG FILES WinDbg.PSM1 ß Starting with this version this is the only file...

When debugging sooner or later you will need to disassemble code to get a better understanding of that code. By disassembling the code, you get the mnemonics translated from the 0s and 1s that constitute the binary code. It is a low level view of the...

Sometimes you need to look for patterns of disassembled code. You can browse the disassembled code and manually look for a specific pattern, or you can use a command to automate it. The # command does that. # [Pattern] [Address [ L Size ]] ...

wt [WatchOptions] [= StartAddress] [EndAddress] Transcribing the WinDbg documentation, this command runs through the whole function and then displays statistics when executed at the beginning of a function call. Thus, this command can be used just...

This command enables you to save memory into a disk file. The cool thing about it is that you can save modules too; however, it is just the raw memory. The parameters are: .writemem <filename> <range> Here is an example...

Using WinDbg you can create a dump file from an application running, for instance, in a production server. After collecting the dump file, you can load it in another machine and debug it. However, to be more effective during your debugging session you...

These are two debugger extensions that are used to see the PDB file that matches a specific module. Note that !itoldyouso is not documented. The output of both commands is identical. Usage: 0:025> !chksym ntdll ntdll.dll Timestamp...

!dlls extension displays the table entries of all loaded modules. You can also use it to display all modules that a specified thread or process is using. The WinDbg help file describes all parameters. Here we are going to show the most common usage...

!for_each_frame is a favorite among debuggers. It's a very flexible and powerful command that enables you to run commands for each frame of the call stack. You can use basically any command. For instance, let’s say you want to see all local variables...

The !dh extension displays the PE header information from a specified module. Usage: !dh [options] <addressOfModule> Options can be: -f Displays file headers. -s Displays section headers. -a Displays all...

Like its cousin !dh, the !lmi extension displays the PE header information from a specified module. However, it gives you fewer details than !dh . The output is summarized. Usage: !lmi <moduleName> Examples: 0...

This is one of my favorite commands! !runaway displays information about the CPU time consumed by each thread in User Mode and Kernel Mode. It is one of those commands you run when you think the application is hung with low or high CPU or has some...

For the second time I have had the privilege of being one of the reviewers for another debugging book. This time I’m referring to Mario Hewardt ’s new book: Advanced .NET Debugging. It was a great learning process. After months of reviewing chapters...