Browse by Tags

Tagged Content List
  • Blog Post: Undocumented Environment Variables

    Although we have less Easter Eggs , there are still a huge number of undocumented behaviors . Recently I'm writing a CLR profiler using ICorProfilerCallback for fun, the CLR profiler was modeled as an in-proc COM server, and the activition was done through environment variables: SET COR_ENABLE_PROFILING...
  • Blog Post: A Debugging Approach to Windows RT

    Recently I got a Surface with Windows RT . Needless to mention, it's wonderful! I've figured out some quick facts about Windows RT by looking at the C:\Windows\system32\ntdll.dll from Windows RT: A complete NT (instead of WINCE) kernel and almost a full stack of Windows operating system. ...
  • Blog Post: Postmortem Debugging - Better Late Than Never

    If there is a consistent repro, I would definitely prefer Early Debugging . However in the real life postmortem debugging seems to be unavoidable. There are three concepts I wish to clarify before digging into the details: AeDebug is a set of registry keys which specify the behavior when...
  • Blog Post: Windows 8 and conhost.exe

    While debugging a console application on Windows 8, I noticed the console application is trying to create a process in the very beginning: windbg.exe -xe ld:ntdll.dll -c "bm ntdll!*CreateProcess*; g; k" cmd.exe CommandLine: cmd.exe ModLoad: 000007ff`01d60000 000007ff`01f1e000 ntdll.dll ntdll!RtlUserThreadStart...
  • Blog Post: Visualize Assembly using DGML

    Starting from Visual Studio 2010 Ultimate there is a cool feature called DGML ( Directed Graph Markup Language ). I wrote a small script to convert the disassembled code from WinDBG into a DGML. In order to use it, simply type the following commands under a debug session: .shell -o LoadLibraryA...
  • Blog Post: Using Function Evaluation in WinDBG

    People who develop debuggers would know in theory you cannot have a perfect disassembler (especially for x86) and stepper (especially for Step Over). People who develop commercial debuggers would know Function Evaluation (a.k.a. funceval) is a big challenge while implementing an Expression Evaluator...
  • Blog Post: A Debugging Approach to Application Verifier

    Application Verifier , also known as AppVerifier, is a dynamic instrumentation tool for user mode applications. It is free available from SDK/PSDK, with a set of GUI applications and DLL extensions, plus a good document. Let's begin by adding the most famous application - notepad.exe - from the appverif...
  • Blog Post: Collection of WinDBG resources

    A list of resources related to WinDBG, debugging on Windows NT, or how to write a debugger. Websites Daniel Pistelli's ntcore.com Dmitry Vostokov's www.dumpanalysis.org Geoff Chappell - Software Analyst Robert Kuster's windbg.info Oleg Starodumov's debuginfo.com OSR Online ...
  • Blog Post: Early Debugging

    Early debugging is a wide topic, on a Windows PC it might be: Application startup Service startup WinLogon CSRSS ( Client/Server Runtime Subsystem ) Windows Setup and OS Loader MBR ( Master boot record ) BIOS POST ( Power-on self-test ) Application Startup As we have...
  • Blog Post: Undocumented WinDBG

    Abstraction and encapsulation are good because they make it easier to build complex systems, however, there are times you have to peek inside the abstraction and demistify the encapsulation. This is especially true for debugging and performance tuning (I will not talk about reverse engineering this time...
  • Blog Post: Use Windows Debuggers for Non-Debugging Tasks

    Many people who has been using Emacs for decades were shocked when they heard that Emacs is actually a text editor instead of an operating system. - vi advocator Sharing a similar spirit as Emacs , Windows Debuggers are also super good at non-debugging tasks. Calculator The builtin expression...
  • Blog Post: Yet Another Hello World

    Recently I heard there is a COOL programming language called C#, which runs on a popular environment called .NET platform (formally known as COMPLUS), so I decided to give it a try. It took me some time to understand why I need to define a class and a static method in order to say hello to the world...
  • Blog Post: Side Effects of Debugger

    A target program might behave differently if it is being debugged, sometimes this can be very annoying. Also, these behavior deviations can be leveraged by anti-debugging . IsDebuggerPresent and CheckRemoteDebuggerPresent are well known APIs to tell if a program is attached by a debugger. 0:000>...
  • Blog Post: A Debugging Approach to IFEO

    IFEO ( Image File Execution Options ) is a feature provided by the NT based operating system. It can be helpful when you are trying to debug at the very beginning of an application launch. A few people also taked about IFEO on MSDN Blogs: Image File Execution Options by Junfeng. Inside 'Image...
  • Blog Post: A Debugging Approach to OutputDebugString

    Using OutputDebugString is a common debugging technique for user mode debugging. It is easy but quite useful if you are debugging services or trouble shooting loader problem. #define WIN32_LEAN_AND_MEAN #include <Windows.h> int __cdecl main() { OutputDebugStringA( "Hello, world...
  • Blog Post: Debugging Tips for Multi-Threaded Application

    Multi-threaded applications are error-prone and hard to debug, so it's worth a dedicated topic. I will try to maintain a list of tips for debugging multi-threaded application using Visual Studio and WinDBG . Below is a trivial multi-threaded application which will be used as an example: #define...
  • Blog Post: Visual Studio Debugger or WinDBG?

    Microsoft has provided a number of debuggers. Visual Studio Debugger would be the most widely known one, while there is a less known tool set called Debugging Tools for Windows which is available for free. Even inside Microsoft, there were questions around why having so many debuggers, and which one...
Page 1 of 1 (17 items)