Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Call Stack   (RSS)

Special Command—Unassembling code with u, ub and uf

When debugging sooner or later you will need to disassemble code to get a better understanding of that code. By disassembling the code, you get the mnemonics translated from the 0s and 1s that constitute the binary code. It is a low level view of the Read More...
Posted Thursday, November 05, 2009 9:27 PM by Roberto Farah | 2 Comments

Special Command—Using .dump/.dumpcab to Get Dumps and Symbols from Production Servers

Using WinDbg you can create a dump file from an application running, for instance, in a production server. After collecting the dump file, you can load it in another machine and debug it. However, to be more effective during your debugging session you Read More...
Posted Wednesday, September 16, 2009 12:55 AM by Roberto Farah | 3 Comments

Special Command—Using !for_each_frame to Run Commands

!for_each_frame is a favorite among debuggers. It's a very flexible and powerful command that enables you to run commands for each frame of the call stack. You can use basically any command. For instance, let’s say you want to see all local variables Read More...
Posted Thursday, August 20, 2009 3:07 AM by Roberto Farah | 2 Comments

[PowerShell Script] Statistics from .NET Applications

This script is more a template to show you how to use PowerDbg. I must say the idea is from my teammate Aaron Barth! This script collects information from all threads running managed code and gives the user statistics by threads like: - CLR stack. - Managed Read More...
Posted Wednesday, April 15, 2009 6:52 AM by Roberto Farah | 1 Comments

Special Command—Parsing Strings, Files, and Commands Output Using .foreach

This is by far one of the most powerful WinDbg commands. Even if you don’t create scripts, you’ll benefit from this command. It’s powerful because it’s flexible. You can use it for a huge variety of operations. The .foreach token parses the output of Read More...
Posted Thursday, March 12, 2009 1:41 AM by Roberto Farah | 1 Comments

Special Command—Parsing Commands Using .shell

Finally I’m writing about this command. I love it! It’s so powerful! .shell command launches a shell process and redirects its output to the debugger or to a specified file. Usage: .shell [ Options ] [ ShellCommand ] .shell -i InFile [ -o OutFile [ -e Read More...
Posted Thursday, February 19, 2009 8:51 PM by Roberto Farah | 1 Comments

Special Command—How to See Different Call Stacks Only? !uniqstack

I’ve been travelling a lot in the US and Latin America: that’s why you haven’t seen any new posts coming. Now I’m back! OK, just for a while, but it’s enough to write more articles. By the way, Buenos Aires (Argentina) is a beautiful place to know! J Read More...
Posted Thursday, June 05, 2008 5:43 PM by Roberto Farah | 1 Comments

Special Command—Searching the Call Stack for Symbols or Modules Using !findstack

During your debugging session, you may find yourself trying to identify if a specific symbol or module appears in one or more threads. There’s more than one way to do that, and here I covert it in the simplest way: !findstack This command accepts the Read More...
Posted Tuesday, April 08, 2008 5:06 AM by Roberto Farah | 0 Comments

Special Command: Using s to Explore The Memory

Very often I found myself scanning the stack or the entire virtual memory for the process to find information that may help me. This information may be strings, DWORDS, bytes, chars, etc… To accomplish this you should use the s command. Here I exemplify Read More...
Posted Tuesday, March 11, 2008 5:58 PM by Roberto Farah | 1 Comments

Special Command: Using dv to See the Local Variables

The dv command stands for display variables. It’s easy to memorize. The reality , though, is in the trenches you won’t use the standard format of dv because it doesn’t give you enough (or much) information. Here is the way I use this command: dv /i /t Read More...
Posted Tuesday, February 26, 2008 3:26 AM by Roberto Farah | 1 Comments

Special Command: Analyzing the Memory and Stack Using the dp* Command

When you need to see the raw call stack and memory, you have plenty of options. You can even leverage the WinDbg GUI to see them . Here I’m going to show you how to do that. dpa <address> L <range> dpa <startAddress> <endAddress> Read More...
Posted Saturday, February 23, 2008 10:18 PM by Roberto Farah | 2 Comments

Special Command: Analyzing and Reconstructing the Stack Using the k* Command and Its Variations

I’m starting a new series of articles focused on explaining special commands and showing how they can be used. You can read about WinDbg commands using the WinDbg documentation ; however, sometimes you want to see the output of a specific command or you Read More...
Posted Friday, February 22, 2008 8:19 AM by Roberto Farah | 4 Comments

[Windbg Script] Digging the Call Stack

Windbg has a lot of commands and command variations, so sometimes you may forget some of them, like when you need to dig a call stack to extract more information. Or maybe you remember the commands to get the call stack details, but you need to make sure Read More...
Posted Sunday, March 18, 2007 9:18 PM by Roberto Farah | 18 Comments
 
Page view tracker