This is a very common question, we encounter almost all the times. Just imagine a situation, we have got a memory dump from somewhere and want to see what operating system which is run there and what SP is installed.. For this, there is a very simple command. 0:001> vertarget Windows Server 2003 Version...

Windbg has not only registers reading functionality but it can also modify registers when doing live debugging.. Its really useful sometimes to modify the register values and take different path to check for particular code branch.. You can modify the register value like this.. 0:000> r @eax=0x80040005...

Here is a list of few interesting command-line parameters and their mapping to interactive commands in windbg.. PS: Taken from "Advanced Windows Debugging" (the best debugging book, I have ever come across!!).. Go grab your copy! Stay tuned..

I was looking for a way to install windbg as postmortem debugger so that everytime any process crashes or exits unexpectedly, windbg is launched automatically and I can take a look at whats happening there! Windbg has special command line option for installing it as postmortem debugger. Use following...

Yet another debugging challenge. Imagine a situation where you get a memory dump from customer and need modules (DLL, EXE, OCX etc.) to further debug.. (.NET modules can be used to look at source code by reverse engineering..) SOS.dll is at the rescue. We can use clr10\sos.dll inside windbg directory...

Yet another debugging challenge.. The problem is, we want to debug the startup code for an application which is run by some other application! e.g. I will open a console (cmd.exe) which in turn opens calc.exe and I want to debug the initial calc.exe code.. Windbg has solution to this problem! When you...

Sometimes when you debug applications, it happens that you have got the pointer to class which has few member variables including structures and another class objects! How to look at values of those inner class/structure variable's members?? So, here is the tip. Following is the code being used for demonstrating...

If you are debugging a lot, you might come across a need where you need to put a breakpoint on a function and special requirement is you need to break only when that function returns a specific value!! e.g. I am checking for CoCreateInstance method from COM library and want to break only when it returns...

If you want to look at commands supported by any windbg extensions, you can follow various ways. You can use !<ext_name>.help command to see all the commands supported by that extension. Replace <ext_name> with your extension module name. (Note: This will only work if particular extension...

There are various ways to do this. Find the PID for process that is hosting the service. You can do this with the help of command, tasklist /svc Look for service and associated PID, then go to command prompt, into the directory where windbg is installed and give command, windbg.exe -p <ProcessID>...

Many a times it happens that from within a debugging session, we need to load / reload symbols for a particular module (Talking in context of WinDbg).. e.g. we started debugging, set normal symbol path and down the line while debugging, came to know that we need symbol for particular module. We modify...