Getting Ready for Windows Debugging

Getting Ready for Windows Debugging

Rate This
  • Comments 8


Welcome to the Microsoft NTDebugging blog!  I’m Matthew Justice, an Escalation Engineer on Microsoft’s Platforms Critical Problem Resolution (CPR) team.  Our team will be blogging about troubleshooting Windows problems at a low level, often by using the Debugging Tools for Windows.  For more information about us and this blog, check out the about page.


To get things started I want to provide you with a list of tools that we’ll be referencing in our upcoming blog posts, as well as links to some technical documents to help you get things configured.


The big list of tools:


The following tools are part of the “Debugging Tools for Windows” – you’ll definitely need these

·         windbg

·         cdb

·         ntsd

·         tlist

·         gflags

·         adplus

·         UMDH

·         symcheck


Sysinternals provides some great tools that we’ll be discussing

·         Process Explorer

·         Process Monitor

·         Regmon

·         Filemon

·         DbgView

·         Handle.exe

·         Tcpview

·         LiveKD

·         AutoRuns

·         WinObj


There are many tools contained in “MPS Reports” (MPSRPT_SETUPPerf.EXE), but I’m listing it here specifically for Checksym

·         Checksym


“Windows Server 2003 Resource Kit Tools” is another great set of tools.  In particular Kernrate is a part of that package

·         Kernrate


Windows XP SP2 Support Tools

·         netcap

·         poolmon

·         memsnap

·         tracefmt  (64-bit versions available in the DDK)

·         tracelog

·         tracepdb

·         depends

·         pstat


“Visual Studio “ – in addition to the compilers and IDE, the following tools come in handy:

·         SPY++

·         dumpbin


Perfwiz (Performance Monitor Wizard)




Userdump (User Mode Process Dumper)


Dheapmon (Desktop Heap Monitor)


Netmon 3.0

§  Go to

§  Sign in with your passport account

§  Choose "Available Connections" on the left

§  Choose "Apply for Network Monitor 3.0” (once you've finished with the application, the selection appears in your "My Participation" page)

§  Go to the Downloads page (On the left side), and select the appropriate build 32 or 64 bit build.




Some articles you may find useful:


Debugging Tools and Symbols: Getting Started


Boot Parameters to Enable Debugging


How to Generate a Memory Dump File When a Server Stops Responding (Hangs)


After installing the “Debugging Tools for Windows”, you’ll find two documents at the root of the install folder that are helpful:


·         kernel_debugging_tutorial.doc - A guide to help you get started using the kernel debugger.


·         debugger.chm - The help file for the debuggers.  It details the commands you can use in the debugger.  Think of this as a reference manual, rather than a tutorial.

Leave a Comment
  • Please add 8 and 7 and type the answer here:
  • Post
  • Why cant I find win32k.pdb?

    win32k.sys version 5.1.2600.3099 (MS07-17)

    Trying to get Dheapmon (Desktop Heap Monitor) working (xpsp2+all hotfixes):


    C:\kktools\dheapmon8.1\x86>dheapinst.exe -y SRV*c:\websymbols*http://msdl.micros/

     dheapinst - Win32k.sys symbol load error, Correct symbol required

    Tryed symchk.exe from latest dbg tools:

    C:\Program Files\Debugging Tools for Windows>symchk.exe c:\winnt\system32\win32k

    .sys /s c:\websymbols

    SYMCHK: win32k.sys           FAILED  - win32k.pdb mismatched or not found

    SYMCHK: FAILED files = 1

    SYMCHK: PASSED + IGNORED files = 0

    [I would suggest you delete any win32k.sys symbols in c:\websymbols and then run symchk.exe in verbose mode to better understand what may be failing.

    symchk /if c:\windows\system32\win32k.sys /s c:\websymbols* /v

    - Matthew]
  • We are testing our Windows Server based product on Longhorn and are debugging a memory leak in a stress environment. Look at the UMDH log (snippet below). The first stack trace (BackTrace162528) is suspect, but inspite of all symbols being present, the trace is incomplete (shows only the call to RtlAllocateHeap).. Can you guys tell me what's going on? Is this a bug with UMDH on Longhorn?

    + 36686968 ( 40772037 - 4085069)  13723 allocs BackTrace162528

    +    4185 (  13723 -   9538) BackTrace162528 allocations


    +  811504 ( 811504 -      0)      1 allocs BackTraceD4354F4

    +       1 (      1 -      0) BackTraceD4354F4 allocations




















  • Desktop heap is probably not something that you spend a lot of time thinking about, which is a good thing.

  • very good information, receive a dump, loose my symbols path everything I need was here :)

  • "이 문서는 blog 의 번역이며 원래의 자료가 통보 없이 변경될 수 있습니다. 이 자료는 법률적 보증이 없으며

  • "이 문서는 blog 의 번역이며 원래의 자료가 통보 없이 변경될 수 있습니다. 이 자료는 법률적 보증이 없으며

  • Hello,

    Can you please tell me, what is the target market (computer user level) of your site? I would also like to know if you have an email box for visitors seeking additional information concerning material posted on your?

    I wasn't sure if I was suppose to change the information in the "title field," but I guess the most appropriate title would be as owner of a web site, even though it’s my first, and currently under construction.  



    [Chi - thanks for your interest in our blog. Our blog’s target audience is anyone that is interested in using advanced debugging techniques for solving problems. As far as “an email box” goes, you can contact us with the “Email” link on the left side of the blog page. In general, we don’t reply directly, but we may use your question as the basis for future blog content. You may also want to check out the Windows Debugging group on Facebook as a resource for any debugging-related questions.]
  • "You probably can’t avoid tech support problems entirely, but by using tools that Microsoft’s Global

Page 1 of 1 (8 items)