Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Disassembly   (RSS)

Special Command—Unassembling code with u, ub and uf

When debugging sooner or later you will need to disassemble code to get a better understanding of that code. By disassembling the code, you get the mnemonics translated from the 0s and 1s that constitute the binary code. It is a low level view of the Read More...
Posted Thursday, November 05, 2009 9:27 PM by Roberto Farah | 2 Comments

Special Command—Using # to Find Patterns of Assembly Instructions

Sometimes you need to look for patterns of disassembled code. You can browse the disassembled code and manually look for a specific pattern, or you can use a command to automate it. The # command does that. # [Pattern] [Address [ L Size ]] Parameters: Read More...
Posted Friday, October 23, 2009 3:46 PM by Roberto Farah | 0 Comments

Special Command—Using .dump/.dumpcab to Get Dumps and Symbols from Production Servers

Using WinDbg you can create a dump file from an application running, for instance, in a production server. After collecting the dump file, you can load it in another machine and debug it. However, to be more effective during your debugging session you Read More...
Posted Wednesday, September 16, 2009 12:55 AM by Roberto Farah | 3 Comments

Special Command—Parsing Strings, Files, and Commands Output Using .foreach

This is by far one of the most powerful WinDbg commands. Even if you don’t create scripts, you’ll benefit from this command. It’s powerful because it’s flexible. You can use it for a huge variety of operations. The .foreach token parses the output of Read More...
Posted Thursday, March 12, 2009 1:41 AM by Roberto Farah | 1 Comments

Special Command—Using Variables and Retrieving Information through Pseudo-Registers

WinDbg for 32 bits and 64 bits has a set of internal pseudo-registers that you can use as variables or as a means to get specific information. The pseudo-registers are, according to WinDbg documentation: Pseudo-register Description $ea The effective address Read More...
Posted Monday, June 16, 2008 3:47 PM by Roberto Farah | 2 Comments

[Windbg Script] Disassembling Routines and Searching for Instructions

Sometimes you cannot avoid reading the disassembled code to look for a specific assembly instruction. You may want to see if a particular function is doing some specific operation, using some specific register, or calling other functions. You can do that Read More...
Posted Friday, July 20, 2007 9:45 PM by Roberto Farah | 4 Comments
 
Page view tracker