Browse by Tags
All Tags »
Special Commands (RSS)
A few weeks ago I received an e-mail from Brad Wilson, a Support Escalation Engineer from the OCS ( Office Communications Server) team. Brad asked me about the .cmdtree command and I told him I’ve never configured it before. A few days ago he sent me
Read More...
WinDbg for 32 bits and 64 bits has a set of internal pseudo-registers that you can use as variables or as a means to get specific information. The pseudo-registers are, according to WinDbg documentation: Pseudo-register Description $ea The effective address
Read More...
The .if and j commands are used conditionally to execute a command or series of commands. .if is very similar to if from C and C++: .if ( Condition ) { Commands } .elsif ( Condition ) { Commands } .else { Commands } j does the same thing, but uses a very
Read More...
ln is a very useful command. It stands for list nearest. You provide an address as argumen t, and it gives you the closest symbol that matches the address. Of course, you have to be using the right symbols! Here is the syntax : ln [ address ] Example:
Read More...
If you’ve been following my blog you know I use .logopen and .logclose quite a lot, mainly in PowerDbg . Using these pairs of commands you can save a log file that has all output from the debugger. Usage: .logopen [ Options ] [ FileName ] .logopen /d
Read More...
I’ve been travelling a lot in the US and Latin America: that’s why you haven’t seen any new posts coming. Now I’m back! OK, just for a while, but it’s enough to write more articles. By the way, Buenos Aires (Argentina) is a beautiful place to know! J
Read More...
When doing live debugging you’ll use breakpoints at some point when tackling a problem. A simple breakpoint is easy to use ; however, when you are on the trenches you might need to use advanced breakpoints that save you a lot of manual work. For instance,
Read More...
dt is another command used almost all the time whenever you want to get the fields and type for a structure or class. For example, you may have a this pointer and use dt to get its fields and type. It’s a simple command with interesting variations that
Read More...
Yet another basic and useful command: lm . Hmmmmm… OK so you already know this command. Great! But do you know all of its variations? Usually when we get used to a command we don’t try to explore its variations and sometimes one of these variations may
Read More...
During your debugging session, you may find yourself trying to identify if a specific symbol or module appears in one or more threads. There’s more than one way to do that, and here I covert it in the simplest way: !findstack This command accepts the
Read More...
Very often I found myself scanning the stack or the entire virtual memory for the process to find information that may help me. This information may be strings, DWORDS, bytes, chars, etc… To accomplish this you should use the s command. Here I exemplify
Read More...
When doing live debugging, it’s not uncommon to have to repeat a set of commands until a condition becomes true or false. There are several ways to do this, and one of them is through the z command. You can create automated commands using this instruction:
Read More...
When debugging, most of the time, you have to see all stacks for all threads or to set the context for a specific thread in order to analyze it. To do that you use the ~ command. According to the WinDbg documentation we have: Thread identifier Description
Read More...
I really like using C/C++ expressions from WinDbg. It’s a natural way to extract information from C and C++ applications if you know these programming languages; therefore, I think it’s useful to share how to do this. First, let’s talk about poi(). poi()
Read More...
This is yet another command that has powerful capabilities. It’s very flexible, too. You can use different parameter s combinations; though, I recommend you look at or check the WinDbg documentation if you want to explore other variations. Again I’m going
Read More...
