Debugging Toolbox

Windbg scripts, debugging and troubleshooting tools and techniques to help you isolate software problems.

Browse by Tags

Tagged Content List
  • Blog Post: New Debugging Book – Windows Debugging Notebook: Essential User Space WinDbg Commands

    A reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services. Do you want to know more about this book? Check out...
  • Blog Post: Special Command—Using .dump/.dumpcab to Get Dumps and Symbols from Production Servers

    Using WinDbg you can create a dump file from an application running, for instance, in a production server. After collecting the dump file, you can load it in another machine and debug it. However, to be more effective during your debugging session you need symbols . Thus, thinking about it, here's the...
  • Blog Post: Special Command—Displaying Information From Modules/DLLs with !dlls

    !dlls extension displays the table entries of all loaded modules. You can also use it to display all modules that a specified thread or process is using. The WinDbg help file describes all parameters. Here we are going to show the most common usage. Displays file headers and section headers...
  • Blog Post: Special Command—Displaying More PE Header Information with !dh

    The !dh extension displays the PE header information from a specified module. Usage: !dh [options] <addressOfModule> Options can be: -f Displays file headers. -s Displays section headers. -a Displays all header information. Example: 0...
  • Blog Post: Special Command—Displaying the PE Header Information with !lmi

    Like its cousin !dh, the !lmi extension displays the PE header information from a specified module. However, it gives you fewer details than !dh . The output is summarized. Usage: !lmi <moduleName> Examples: 0:532> !lmi mtgdi Loaded Module Info: [mtgdi...
  • Blog Post: Special Command—Parsing Strings, Files, and Commands Output Using .foreach

    This is by far one of the most powerful WinDbg commands. Even if you don’t create scripts, you’ll benefit from this command. It’s powerful because it’s flexible. You can use it for a huge variety of operations. The .foreach token parses the output of one or more debugger commands and uses each...
  • Blog Post: Special Command—Extracting Class and Struct Fields Using dt

    dt is another command used almost all the time whenever you want to get the fields and type for a structure or class. For example, you may have a this pointer and use dt to get its fields and type. It’s a simple command with interesting variations that you should be aware of, because it’s an important...
  • Blog Post: [Windbg Script] Get Portable Executable Headers

    There are several tools you can use to read the image headers, like Dumpbin.exe and Link.exe, for instance. You can, however, also use Windbg for doing that! In other words, during your debugging session you can see the header from an image file without executing any other tool except this script. ...
Page 1 of 1 (8 items)