Getting Ready for Windows Debugging

Getting Ready for Windows Debugging

Rate This
  • Comments 8

 

Welcome to the Microsoft NTDebugging blog!  I’m Matthew Justice, an Escalation Engineer on Microsoft’s Platforms Critical Problem Resolution (CPR) team.  Our team will be blogging about troubleshooting Windows problems at a low level, often by using the Debugging Tools for Windows.  For more information about us and this blog, check out the about page.

 

To get things started I want to provide you with a list of tools that we’ll be referencing in our upcoming blog posts, as well as links to some technical documents to help you get things configured.

 

The big list of tools:

 

The following tools are part of the “Debugging Tools for Windows” – you’ll definitely need these

http://www.microsoft.com/whdc/devtools/debugging/

·         windbg

·         cdb

·         ntsd

·         tlist

·         gflags

·         adplus

·         UMDH

·         symcheck

 

Sysinternals provides some great tools that we’ll be discussing

http://www.sysinternals.com

·         Process Explorer

·         Process Monitor

·         Regmon

·         Filemon

·         DbgView

·         Handle.exe

·         Tcpview

·         LiveKD

·         AutoRuns

·         WinObj

 

There are many tools contained in “MPS Reports” (MPSRPT_SETUPPerf.EXE), but I’m listing it here specifically for Checksym

http://www.microsoft.com/downloads/details.aspx?FamilyID=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en

·         Checksym

 

“Windows Server 2003 Resource Kit Tools” is another great set of tools.  In particular Kernrate is a part of that package

http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=9D467A69-57FF-4AE7-96EE-B18C4790CFFD

·         Kernrate

 

Windows XP SP2 Support Tools

http://www.microsoft.com/downloads/details.aspx?FamilyID=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=en

·         netcap

·         poolmon

·         memsnap

·         tracefmt  (64-bit versions available in the DDK)

·         tracelog

·         tracepdb

·         depends

·         pstat

 

“Visual Studio “ – in addition to the compilers and IDE, the following tools come in handy:

·         SPY++

·         dumpbin

 

Perfwiz (Performance Monitor Wizard)

http://www.microsoft.com/downloads/details.aspx?FamilyID=31fccd98-c3a1-4644-9622-faa046d69214&DisplayLang=en

 

DebugDiag

http://www.iis.net/handlers/895/ItemPermaLink.ashx

 

Userdump (User Mode Process Dumper)

http://www.microsoft.com/downloads/details.aspx?FamilyID=E089CA41-6A87-40C8-BF69-28AC08570B7E&displaylang=en

 

Dheapmon (Desktop Heap Monitor)

http://www.microsoft.com/downloads/details.aspx?familyid=5CFC9B74-97AA-4510-B4B9-B2DC98C8ED8B&displaylang=en

 

Netmon 3.0

§  Go to http://connect.microsoft.com/

§  Sign in with your passport account

§  Choose "Available Connections" on the left

§  Choose "Apply for Network Monitor 3.0” (once you've finished with the application, the selection appears in your "My Participation" page)

§  Go to the Downloads page (On the left side), and select the appropriate build 32 or 64 bit build.

 

 

 

Some articles you may find useful:

 

Debugging Tools and Symbols: Getting Started

http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx

 

Boot Parameters to Enable Debugging

http://msdn2.microsoft.com/en-us/library/ms791527.aspx

 

How to Generate a Memory Dump File When a Server Stops Responding (Hangs)

http://support.microsoft.com/kb/303021/

 

After installing the “Debugging Tools for Windows”, you’ll find two documents at the root of the install folder that are helpful:

 

·         kernel_debugging_tutorial.doc - A guide to help you get started using the kernel debugger.

 

·         debugger.chm - The help file for the debuggers.  It details the commands you can use in the debugger.  Think of this as a reference manual, rather than a tutorial.





Leave a Comment
  • Please add 5 and 4 and type the answer here:
  • Post
  • Why cant I find win32k.pdb?

    win32k.sys version 5.1.2600.3099 (MS07-17)

    Trying to get Dheapmon (Desktop Heap Monitor) working (xpsp2+all hotfixes):

    Following http://support.microsoft.com/kb/914216

    C:\kktools\dheapmon8.1\x86>dheapinst.exe -y SRV*c:\websymbols*http://msdl.micros/

    oft.com/download/symbols

     dheapinst - Win32k.sys symbol load error, Correct symbol required

    Tryed symchk.exe from latest dbg tools:

    C:\Program Files\Debugging Tools for Windows>symchk.exe c:\winnt\system32\win32k

    .sys /s c:\websymbols

    SYMCHK: win32k.sys           FAILED  - win32k.pdb mismatched or not found

    SYMCHK: FAILED files = 1

    SYMCHK: PASSED + IGNORED files = 0

    [I would suggest you delete any win32k.sys symbols in c:\websymbols and then run symchk.exe in verbose mode to better understand what may be failing.

    symchk /if c:\windows\system32\win32k.sys /s c:\websymbols*http://msdl.microsoft.com/download/symbols /v

    - Matthew]
  • We are testing our Windows Server based product on Longhorn and are debugging a memory leak in a stress environment. Look at the UMDH log (snippet below). The first stack trace (BackTrace162528) is suspect, but inspite of all symbols being present, the trace is incomplete (shows only the call to RtlAllocateHeap).. Can you guys tell me what's going on? Is this a bug with UMDH on Longhorn?

    + 36686968 ( 40772037 - 4085069)  13723 allocs BackTrace162528

    +    4185 (  13723 -   9538) BackTrace162528 allocations

    ntdll!RtlAllocateHeap+0000021D

    +  811504 ( 811504 -      0)      1 allocs BackTraceD4354F4

    +       1 (      1 -      0) BackTraceD4354F4 allocations

    ntdll!RtlAllocateHeap+0000021D

    pdh!PdhiHeapAlloc+00000029

    pdh!BuildNameTable+00000619

    pdh!ConnectMachine+0000029C

    pdh!GetMachine+0000019F

    pdh!InitCounter+000000F3

    pdh!PdhiAddCounter+000000AB

    pdh!PdhAddCounterW+000000F7

    LMS20Rules!_CreatePdhQueryHelper+00000420

    LMS20Rules!LMSRuleDLL_Interface::CreatePdhQueryNT5+0000002A

    LmsSs!LMS_Subsystem::SampleRuleLoads+00000034

    LmsSs!LMS_Subsystem::UpdateLoadRecords+0000006D

    LmsSs!LMS_Subsystem::TimerWakeHandler+000000F0

    ImaCommon!DispatchWorkItem+00000132

    ImaCommon!WorkItemDispatchThread+00000322

    MSVCR80!_endthreadex+0000003B

    MSVCR80!_endthreadex+000000C7

    ntdll!__RtlUserThreadStart+00000023

    ntdll!_RtlUserThreadStart+0000001B

  • Desktop heap is probably not something that you spend a lot of time thinking about, which is a good thing.

  • very good information, receive a dump, loose my symbols path everything I need was here :)

  • "이 문서는 http://blogs.msdn.com/ntdebugging blog 의 번역이며 원래의 자료가 통보 없이 변경될 수 있습니다. 이 자료는 법률적 보증이 없으며

  • "이 문서는 http://blogs.msdn.com/ntdebugging blog 의 번역이며 원래의 자료가 통보 없이 변경될 수 있습니다. 이 자료는 법률적 보증이 없으며

  • Hello,

    Can you please tell me, what is the target market (computer user level) of your site? I would also like to know if you have an email box for visitors seeking additional information concerning material posted on your?

    I wasn't sure if I was suppose to change the information in the "title field," but I guess the most appropriate title would be as owner of a web site, even though it’s my first, and currently under construction.  

    Regards,

    Chi

    [Chi - thanks for your interest in our blog. Our blog’s target audience is anyone that is interested in using advanced debugging techniques for solving problems. As far as “an email box” goes, you can contact us with the “Email” link on the left side of the blog page. In general, we don’t reply directly, but we may use your question as the basis for future blog content. You may also want to check out the Windows Debugging group on Facebook as a resource for any debugging-related questions.]
  • "You probably can’t avoid tech support problems entirely, but by using tools that Microsoft’s Global

Page 1 of 1 (8 items)