Debugging Toolbox

Windbg scripts, debugging and troubleshooting tools and techniques to help you isolate software problems.

Browse by Tags

Tagged Content List
  • Blog Post: New Debugging Book – Windows Debugging Notebook: Essential User Space WinDbg Commands

    A reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services. Do you want to know more about this book? Check out...
  • Blog Post: PSSCOR2, the Superset of SOS.DLL is Now Public!!!

    Whenever I’m debugging with customers watching it’s inevitable: they always ask me what this PSSCOR2.dll extension is. The next question is always if PSSCOR2.DLL is going to be public. PSSCOR2.DLL is a superset of SOS.DLL and has much more commands and variations! The good news is that yes, now PSSCOR2...
  • Blog Post: Special Command—Editing memory with a, eb, ed, ew, eza, ezu

    When talking about editing memory, we usually think about patching code. Patching code means changing the binary code in memory for, let’s say, when you want to prove a hypothesis while debugging and you don’t have access to the source code. This is a very exciting subject, and WinDbg has the right...
  • Blog Post: Special Command—Unassembling code with u, ub and uf

    When debugging sooner or later you will need to disassemble code to get a better understanding of that code. By disassembling the code, you get the mnemonics translated from the 0s and 1s that constitute the binary code. It is a low level view of the code, but a higher level than seeing just numbers...
  • Blog Post: Special Command—.if and j to Use in Breakpoints and Scripts

    The .if and j commands are used conditionally to execute a command or series of commands. .if is very similar to if from C and C++: .if ( Condition ) { Commands } .elsif ( Condition ) { Commands } .else { Commands } j does the same thing, but uses a very different syntax: j Expression...
  • Blog Post: Special Command—Using Breakpoints: bp, bm, ba, bu

    When doing live debugging you’ll use breakpoints at some point when tackling a problem. A simple breakpoint is easy to use ; however, when you are on the trenches you might need to use advanced breakpoints that save you a lot of manual work. For instance, you may need to use a breakpoint that works...
  • Blog Post: Understanding "Magic" Pointers and Offsets

    With this blog post I try to explain how "magic" pointers and offsets work. I just copied the term "magic" to refer to these kinds of pointers or offsets: dd poi(0x129514 + 0x18) + 0x8 L2 du poi(0x0007de95) du poi(poi(poi(0x129514 + 0x9c)) + 0x4) dd poi(0x129514 + 0x34) To use...
  • Blog Post: [Windbg Script] Tracing MessageBox calls

    In the past I worked on a support case where I needed to find out if some MessageBox from a C++ application was displayed and, if positive, what the message was. I got inconsistent answers whenever I asked the user, so I didn’t know if the MessageBox appeared or what the message was. It sounded...
Page 1 of 1 (8 items)