Windbg scripts, debugging and troubleshooting tools and techniques to help you isolate software problems.
Translate This Page
Translate this page
Just For Fun
Browse by Tags
Tagged Content List
[WinDbg Script] Hacking Minesweeper for Windows 8
<IMPORTANT UPDATE> Today two people told me the script was not working and they also said they did not have the minesweeper_ni.dll . It puzzled me because I tested the script and all the steps below countless times. So I started troubleshooting it (not debugging, troubleshooting :-)) and...
14 May 2014
Debugging – Low Level Software Analysis
Anybody there? Yeah I know, it’s been a while… Unfortunately in my current position I haven’t had one single opportunity to debug applications, which is why I’ve not been writing new blog articles. I have to admit I miss troubleshooting and debugging applications a lot! Hope...
13 May 2014
Tools for Your Debugging Toolbox
This article was just updated to include an internal Microsoft tool that is now public. There are many free tools used to troubleshoot and debug software. Below I present a list of the tools that my peers and I use most of the time. Though most of the tools below are free Microsoft tools, not all...
4 Oct 2012
New Debugging Book – Windows Debugging Notebook: Essential User Space WinDbg Commands
A reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services. Do you want to know more about this book? Check out...
29 Sep 2011
PSSCOR2, the Superset of SOS.DLL is Now Public!!!
Whenever I’m debugging with customers watching it’s inevitable: they always ask me what this PSSCOR2.dll extension is. The next question is always if PSSCOR2.DLL is going to be public. PSSCOR2.DLL is a superset of SOS.DLL and has much more commands and variations! The good news is that yes, now PSSCOR2...
29 Mar 2010
Special Command—Editing memory with a, eb, ed, ew, eza, ezu
When talking about editing memory, we usually think about patching code. Patching code means changing the binary code in memory for, let’s say, when you want to prove a hypothesis while debugging and you don’t have access to the source code. This is a very exciting subject, and WinDbg has the right...
5 Jan 2010
Special Command—Unassembling code with u, ub and uf
When debugging sooner or later you will need to disassemble code to get a better understanding of that code. By disassembling the code, you get the mnemonics translated from the 0s and 1s that constitute the binary code. It is a low level view of the code, but a higher level than seeing just numbers...
5 Nov 2009
Special Command—Using # to Find Patterns of Assembly Instructions
Sometimes you need to look for patterns of disassembled code. You can browse the disassembled code and manually look for a specific pattern, or you can use a command to automate it. The # command does that. # [Pattern] [Address [ L Size ]] Parameters: Pattern - Specifies the pattern...
23 Oct 2009
Special Command—Using .dump/.dumpcab to Get Dumps and Symbols from Production Servers
Using WinDbg you can create a dump file from an application running, for instance, in a production server. After collecting the dump file, you can load it in another machine and debug it. However, to be more effective during your debugging session you need symbols . Thus, thinking about it, here's the...
15 Sep 2009
Special Command—Parsing Strings, Files, and Commands Output Using .foreach
This is by far one of the most powerful WinDbg commands. Even if you don’t create scripts, you’ll benefit from this command. It’s powerful because it’s flexible. You can use it for a huge variety of operations. The .foreach token parses the output of one or more debugger commands and uses each...
11 Mar 2009
Special Command—Using Variables and Retrieving Information through Pseudo-Registers
WinDbg for 32 bits and 64 bits has a set of internal pseudo-registers that you can use as variables or as a means to get specific information. The pseudo-registers are, according to WinDbg documentation: Pseudo-register Description $ea The effective address of...
16 Jun 2008
[Windbg Script] Disassembling Routines and Searching for Instructions
Sometimes you cannot avoid reading the disassembled code to look for a specific assembly instruction. You may want to see if a particular function is doing some specific operation, using some specific register, or calling other functions. You can do that using the disassembling window or using a dead...
20 Jul 2007
Page 1 of 1 (12 items)
© 2014 Microsoft Corporation.
Privacy & Cookies