Debugging Toolbox

Windbg scripts, debugging and troubleshooting tools and techniques to help you isolate software problems.

Browse by Tags

Tagged Content List
  • Blog Post: [WinDbg Script] Displaying the COM object referenced by an RCW object

    Here we go again after a long time without blogging and an even longer time without blogging about WinDBG scripts. When debugging dump files from .NET applications sometimes we may encounter a situation where we want to get the COM object referenced by a System.__ComObject wrapper which references...
  • Blog Post: New Debugging Book – Windows Debugging Notebook: Essential User Space WinDbg Commands

    A reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services. Do you want to know more about this book? Check out...
  • Blog Post: Special Command—Editing memory with a, eb, ed, ew, eza, ezu

    When talking about editing memory, we usually think about patching code. Patching code means changing the binary code in memory for, let’s say, when you want to prove a hypothesis while debugging and you don’t have access to the source code. This is a very exciting subject, and WinDbg has the right...
  • Blog Post: Special Command—Using Variables and Retrieving Information through Pseudo-Registers

    WinDbg for 32 bits and 64 bits has a set of internal pseudo-registers that you can use as variables or as a means to get specific information. The pseudo-registers are, according to WinDbg documentation: Pseudo-register Description $ea The effective address of...
  • Blog Post: Special Command—Extracting Class and Struct Fields Using dt

    dt is another command used almost all the time whenever you want to get the fields and type for a structure or class. For example, you may have a this pointer and use dt to get its fields and type. It’s a simple command with interesting variations that you should be aware of, because it’s an important...
  • Blog Post: Special Command: Using ??, @@c++() and poi() with C/C++ Expressions

    I really like using C/C++ expressions from WinDbg. It’s a natural way to extract information from C and C++ applications if you know these programming languages; therefore, I think it’s useful to share how to do this. First, let’s talk about poi(). poi() is used to get pointer-sized data. Think...
  • Blog Post: Understanding "Magic" Pointers and Offsets

    With this blog post I try to explain how "magic" pointers and offsets work. I just copied the term "magic" to refer to these kinds of pointers or offsets: dd poi(0x129514 + 0x18) + 0x8 L2 du poi(0x0007de95) du poi(poi(poi(0x129514 + 0x9c)) + 0x4) dd poi(0x129514 + 0x34) To use...
Page 1 of 1 (7 items)