Debugging Toolbox

Windbg scripts, debugging and troubleshooting tools and techniques to help you isolate software problems.

Browse by Tags

Tagged Content List
  • Blog Post: [WinDbg Script] Hacking Minesweeper for Windows 8

    <IMPORTANT UPDATE> Today two people told me the script was not working and they also said they did not have the minesweeper_ni.dll . It puzzled me because I tested the script and all the steps below countless times. So I started troubleshooting it (not debugging, troubleshooting :-)) and...
  • Blog Post: Debugging – Low Level Software Analysis

    Anybody there? Yeah I know, it’s been a while… Unfortunately in my current position I haven’t had one single opportunity to debug applications, which is why I’ve not been writing new blog articles. I have to admit I miss troubleshooting and debugging applications a lot! Hope...
  • Blog Post: Tools for Your Debugging Toolbox

    This article was just updated to include an internal Microsoft tool that is now public. There are many free tools used to troubleshoot and debug software. Below I present a list of the tools that my peers and I use most of the time. Though most of the tools below are free Microsoft tools, not all...
  • Blog Post: New Debugging Book – Windows Debugging Notebook: Essential User Space WinDbg Commands

    A reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services. Do you want to know more about this book? Check out...
  • Blog Post: PSSCOR2, the Superset of SOS.DLL is Now Public!!!

    Whenever I’m debugging with customers watching it’s inevitable: they always ask me what this PSSCOR2.dll extension is. The next question is always if PSSCOR2.DLL is going to be public. PSSCOR2.DLL is a superset of SOS.DLL and has much more commands and variations! The good news is that yes, now PSSCOR2...
  • Blog Post: Special Command—Editing memory with a, eb, ed, ew, eza, ezu

    When talking about editing memory, we usually think about patching code. Patching code means changing the binary code in memory for, let’s say, when you want to prove a hypothesis while debugging and you don’t have access to the source code. This is a very exciting subject, and WinDbg has the right...
  • Blog Post: Special Command—Unassembling code with u, ub and uf

    When debugging sooner or later you will need to disassemble code to get a better understanding of that code. By disassembling the code, you get the mnemonics translated from the 0s and 1s that constitute the binary code. It is a low level view of the code, but a higher level than seeing just numbers...
  • Blog Post: Special Command—Using # to Find Patterns of Assembly Instructions

    Sometimes you need to look for patterns of disassembled code. You can browse the disassembled code and manually look for a specific pattern, or you can use a command to automate it. The # command does that. # [Pattern] [Address [ L Size ]] Parameters: Pattern - Specifies the pattern...
  • Blog Post: Special Command—Using .dump/.dumpcab to Get Dumps and Symbols from Production Servers

    Using WinDbg you can create a dump file from an application running, for instance, in a production server. After collecting the dump file, you can load it in another machine and debug it. However, to be more effective during your debugging session you need symbols . Thus, thinking about it, here's the...
  • Blog Post: Special Command—Parsing Strings, Files, and Commands Output Using .foreach

    This is by far one of the most powerful WinDbg commands. Even if you don’t create scripts, you’ll benefit from this command. It’s powerful because it’s flexible. You can use it for a huge variety of operations. The .foreach token parses the output of one or more debugger commands and uses each...
  • Blog Post: Special Command—Using Variables and Retrieving Information through Pseudo-Registers

    WinDbg for 32 bits and 64 bits has a set of internal pseudo-registers that you can use as variables or as a means to get specific information. The pseudo-registers are, according to WinDbg documentation: Pseudo-register Description $ea The effective address of...
  • Blog Post: [Windbg Script] Disassembling Routines and Searching for Instructions

    Sometimes you cannot avoid reading the disassembled code to look for a specific assembly instruction. You may want to see if a particular function is doing some specific operation, using some specific register, or calling other functions. You can do that using the disassembling window or using a dead...
Page 1 of 1 (12 items)