Windbg scripts, debugging and troubleshooting tools and techniques to help you isolate software problems.
Translate This Page
Translate this page
Just For Fun
Browse by Tags
Tagged Content List
[WinDbg Script] Displaying the COM object referenced by an RCW object
Here we go again after a long time without blogging and an even longer time without blogging about WinDBG scripts. When debugging dump files from .NET applications sometimes we may encounter a situation where we want to get the COM object referenced by a System.__ComObject wrapper which references...
2 Mar 2012
New Debugging Book – Windows Debugging Notebook: Essential User Space WinDbg Commands
A reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services. Do you want to know more about this book? Check out...
29 Sep 2011
Special Command—Editing memory with a, eb, ed, ew, eza, ezu
When talking about editing memory, we usually think about patching code. Patching code means changing the binary code in memory for, let’s say, when you want to prove a hypothesis while debugging and you don’t have access to the source code. This is a very exciting subject, and WinDbg has the right...
5 Jan 2010
Special Command—Using Variables and Retrieving Information through Pseudo-Registers
WinDbg for 32 bits and 64 bits has a set of internal pseudo-registers that you can use as variables or as a means to get specific information. The pseudo-registers are, according to WinDbg documentation: Pseudo-register Description $ea The effective address of...
16 Jun 2008
Special Command—Extracting Class and Struct Fields Using dt
dt is another command used almost all the time whenever you want to get the fields and type for a structure or class. For example, you may have a this pointer and use dt to get its fields and type. It’s a simple command with interesting variations that you should be aware of, because it’s an important...
21 Apr 2008
Special Command: Using ??, @@c++() and poi() with C/C++ Expressions
I really like using C/C++ expressions from WinDbg. It’s a natural way to extract information from C and C++ applications if you know these programming languages; therefore, I think it’s useful to share how to do this. First, let’s talk about poi(). poi() is used to get pointer-sized data. Think...
4 Mar 2008
Understanding "Magic" Pointers and Offsets
With this blog post I try to explain how "magic" pointers and offsets work. I just copied the term "magic" to refer to these kinds of pointers or offsets: dd poi(0x129514 + 0x18) + 0x8 L2 du poi(0x0007de95) du poi(poi(poi(0x129514 + 0x9c)) + 0x4) dd poi(0x129514 + 0x34) To use...
7 Aug 2007
Page 1 of 1 (7 items)
© 2014 Microsoft Corporation.
Privacy & Cookies