The .if and j commands are used conditionally to execute a command or series of commands. .if is very similar to if from C and C++: .if ( Condition ) { Commands } .elsif ( Condition ) { Commands } .else { Commands } j does the same thing...

ln is a very useful command. It stands for list nearest. You provide an address as argumen t, and it gives you the closest symbol that matches the address. Of course, you have to be using the right symbols! Here is the syntax : ln [ address...

If you’ve been following my blog you know I use .logopen and .logclose quite a lot, mainly in PowerDbg . Using these pairs of commands you can save a log file that has all output from the debugger. Usage: .logopen [ Options ] [ FileName ]...

I’ve been travelling a lot in the US and Latin America: that’s why you haven’t seen any new posts coming. Now I’m back! OK, just for a while, but it’s enough to write more articles. By the way, Buenos Aires (Argentina) is a beautiful place to know! J...

When doing live debugging you’ll use breakpoints at some point when tackling a problem. A simple breakpoint is easy to use ; however, when you are on the trenches you might need to use advanced breakpoints that save you a lot of manual work. For...

dt is another command used almost all the time whenever you want to get the fields and type for a structure or class. For example, you may have a this pointer and use dt to get its fields and type. It’s a simple command with interesting variations...

Yet another basic and useful command: lm . Hmmmmm… OK so you already know this command. Great! But do you know all of its variations? Usually when we get used to a command we don’t try to explore its variations and sometimes one of these variations...

During a lab I had about a month ago, one of my colleagues, Tag, whom I had opportunity to mention in a previous post, asked me if I could create a PowerShell script that displays statistics of exceptions, with call stacks included. For me it sounded...

During your debugging session, you may find yourself trying to identify if a specific symbol or module appears in one or more threads. There’s more than one way to do that, and here I covert it in the simplest way: !findstack This command accepts...

All my posts are provided "AS IS" with no warranties, and confer no rights For PFE Job Opportunities at Microsoft, please visit our website at: http://members.microsoft.com/careers/search/default.aspx - search for keyword “PFE” “PFE: The best place...

This new version has one more parser for !PrintException and a killer feature that my colleagues and myself have wanted since the beginning: PowerDbg, more specifically Send-PowerDbgCommand , which now has the ability to wait until a command finished...

A few days ago I was with Frank Taglianetti (no links here, he doesn’t have a blog yet), a PFE from my team that I met for the first time at that day while doing a Lab for one of our customers. By Lab I mean stress testing and troubleshooting a customer...

Very often I found myself scanning the stack or the entire virtual memory for the process to find information that may help me. This information may be strings, DWORDS, bytes, chars, etc… To accomplish this you should use the s command. Here...

When doing live debugging, it’s not uncommon to have to repeat a set of commands until a condition becomes true or false. There are several ways to do this, and one of them is through the z command. You can create automated commands using this instruction...

When debugging, most of the time, you have to see all stacks for all threads or to set the context for a specific thread in order to analyze it. To do that you use the ~ command. According to the WinDbg documentation we have: ...

I really like using C/C++ expressions from WinDbg. It’s a natural way to extract information from C and C++ applications if you know these programming languages; therefore, I think it’s useful to share how to do this. First, let’s talk about poi...

This is yet another command that has powerful capabilities. It’s very flexible, too. You can use different parameter s combinations; though, I recommend you look at or check the WinDbg documentation if you want to explore other variations. Again...

The dv command stands for display variables. It’s easy to memorize. The reality , though, is in the trenches you won’t use the standard format of dv because it doesn’t give you enough (or much) information. Here is the way I use this command...

When you need to see the raw call stack and memory, you have plenty of options. You can even leverage the WinDbg GUI to see them . Here I’m going to show you how to do that. dpa <address> L <range> dpa <startAddress> <endAddress>...

The d* command and its variations are among the most commonly used commands. In this article I’m covering the most important combinations and showing their output. The d* command is used to display information from memory, including heap and stack...

I’m starting a new series of articles focused on explaining special commands and showing how they can be used. You can read about WinDbg commands using the WinDbg documentation ; however, sometimes you want to see the output of a specific command or you...

Years ago I was part of a special and very small and special team, here, at Microsoft - the Solution Integration Engineering team. This team was known to handle any kind of customer issues, even those related to third-party products and technology integration...

This script automates a technique I’ve been using for a long time whenever I need to see the stack for exceptions hidden in a call stack and if you are like me, you prefer to use an automated approach rather than a manual approach. I’m not going to...

When helping my customers with scenarios in which the symptom is high CPU, I very often end up with only a dump file from the application consuming high CPU and nothing else. When you have a high CPU scenario and you have dump files, you need a Performance...

It has been a while since my previous blog post. I’ve been busy with other tasks, including the new PowerDbg version 2.3. There’s a lot of new stuff on this new version and my estimate is that about 80% of the most used Windbg commands have been covered...