James Finnigan

Debugging, Shell Programming, Setup, Working at Microsoft, Virtualization

Browse by Tags

Tagged Content List
  • Blog Post: How to stop WinDbg from going crazy and loading all the symbols

    One of my favorite features of WinDbg is that it doesn't load all the symbols up-front. That's a huge part of what makes it so much faster than Visual Studio. However, every once in a while you can do things that cause WinDbg to go crazy and load all the symbols in a desperate attempt to resolve a symbol...
  • Blog Post: Breaking when the instruction pointer leaves the module

    The problem is to skip out of a kernel driver that we don't have symbols for - what's the best way to break on calls out of that driver. If you used pc (step until the next call instruction), you would hit calls that are inside that driver. Here's another approach (using an example from Pavel Lebedynskiy...
  • Blog Post: Finding where a bad HRESULT is returned

    I've looked at this a couple times , but here's another way to break when the error code you're looking at is being returned. .while(@eax != 0xc0000005) { t ; reax } If you want to avoid the output noise, you can do something like this: .while(@eax != 0xc0000005) { t ; r @eip = @eip}; r eax All postings...
  • Blog Post: How to only break on a jump when it will be taken

    Here's a question that came up a work a little bit back - thought I would share the result around. There is a coding pattern (that I don't ever really use so I may be messing it up) that works like this: T1 res1; T2 res2; T3 res3; res1 = GetRes1(); if (!res1) goto Cleanup; res2 = res1.GetRes2...
  • Blog Post: Locating the file that a function (not on the stack) was written in

    This question came up in one of the internal aliases a couple days ago. While debugging, how do I find the source for a particular function that is not on the stack? There are a couple caveats to consider first: You must have symbols that include source information (public symbols have this information...
Page 1 of 1 (5 items)