This article was just updated to include an internal Microsoft tool that is now public. There are many free tools used to troubleshoot and debug software. Below I present a list of the tools that my peers and I use most of the time. Though most of the tools below are free Microsoft tools, not all...

PFE has engineers who specialize in areas which can contain one or more technologies. This species is universally known as D3v PF3 (Developer PFE). Not everyone really knows their habits and role and, as a consequence, sometimes it’s hard for customers to engage them. Their specialty is problem...

1- For reactive incidents: “Bring the engineer onsite because it is going to be easier to isolate the problem.” This is the most common misconception I’ve heard. Let me explain: most complex problems require deep debugging sessions. Collecting the necessary information is the easy...

A reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services. Do you want to know more about this book? Check out...

Last October the latest version of the PowerDbg tool was released, version 6.0. This release has major changes. For example, it is now easier to write scripts or otherwise just hack around the debugger, and includes the PowerDbgConsole, a bootstrapper designed to make setting up an interactive PowerDbg...

Whenever I’m debugging with customers watching it’s inevitable: they always ask me what this PSSCOR2.dll extension is. The next question is always if PSSCOR2.DLL is going to be public. PSSCOR2.DLL is a superset of SOS.DLL and has much more commands and variations! The good news is that yes, now PSSCOR2...

This version has a fix in Parse-PowerDbgDSO . Thanks to Igor Dvorkin that found the bug and suggested the fix. DOWNLOAD POWERDBG Download PowerDbg POWERDBG FILES WinDbg.PSM1 ß Starting with this version this is the only file. INSTALLATION WinDbg.PSM1 Goes...

When debugging sooner or later you will need to disassemble code to get a better understanding of that code. By disassembling the code, you get the mnemonics translated from the 0s and 1s that constitute the binary code. It is a low level view of the code, but a higher level than seeing just numbers...

Using WinDbg you can create a dump file from an application running, for instance, in a production server. After collecting the dump file, you can load it in another machine and debug it. However, to be more effective during your debugging session you need symbols . Thus, thinking about it, here's the...

This version has two improvements and some scripts were changed to be compatible with this new version: - Starting on version 5.2 the log used to save the command output, enabling the communication between PowerShell and WinDbg is not used anymore. Now all communication uses memory so it’s faster...

So, here we go again. This is a minor version with a few new cmdlets. These new cmdlets are those that we use most of the time. DOWNLOAD POWERDBG Download PowerDbg POWERDBG FILES WinDbg.PSM1 ß Contains cmdlets used to communicate with WinDbg . Microsoft.PowerShell_Profile...

Let’s say that you get a memory address and you want to know if it’s from the heap, the stack, or someplace else. Or yet, let’s say you have a .NET application consuming lots of memory, and you want to get a better understanding of this memory consumption. The !address command is helpful in both situations...

This is by far one of the most powerful WinDbg commands. Even if you don’t create scripts, you’ll benefit from this command. It’s powerful because it’s flexible. You can use it for a huge variety of operations. The .foreach token parses the output of one or more debugger commands and uses each...

I’m very excited to present the new PowerDbg v5.0! There’s just one change, but it’s a HUGE change that makes PowerDbg extremely fast and easier to use. Let me explain: Send-PowerDbgCommand is the heart of PowerDbg . This is the cmdlet that sends information to WinDbg and retrieves information...

Very often I found myself scanning the stack or the entire virtual memory for the process to find information that may help me. This information may be strings, DWORDS, bytes, chars, etc… To accomplish this you should use the s command. Here I exemplify how you can use it to scan the memory...

When you need to see the raw call stack and memory, you have plenty of options. You can even leverage the WinDbg GUI to see them . Here I’m going to show you how to do that. dpa <address> L <range> dpa <startAddress> <endAddress> Using this command allows you...

The d* command and its variations are among the most commonly used commands. In this article I’m covering the most important combinations and showing their output. The d* command is used to display information from memory, including heap and stack. The information can be presented in different formats...