Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Stack Corruption   (RSS)

Special Command—Unassembling code with u, ub and uf

When debugging sooner or later you will need to disassemble code to get a better understanding of that code. By disassembling the code, you get the mnemonics translated from the 0s and 1s that constitute the binary code. It is a low level view of the Read More...
Posted Thursday, November 05, 2009 9:27 PM by Roberto Farah | 2 Comments

Special Command—Using .dump/.dumpcab to Get Dumps and Symbols from Production Servers

Using WinDbg you can create a dump file from an application running, for instance, in a production server. After collecting the dump file, you can load it in another machine and debug it. However, to be more effective during your debugging session you Read More...
Posted Wednesday, September 16, 2009 12:55 AM by Roberto Farah | 3 Comments

[PowerShell Script] PowerDbg v5.1—Using PowerShell to Control WinDbg

So, here we go again. This is a minor version with a few new cmdlets. These new cmdlets are those that we use most of the time. DOWNLOAD POWERDBG Download PowerDbg POWERDBG FILES WinDbg.PSM1 ß Contains cmdlets used to communicate with WinDbg . Microsoft.PowerShell_Profile. Read More...
Posted Thursday, March 19, 2009 7:28 PM by Roberto Farah | 3 Comments

Special Command—Peeking Memory Addresses Using !address

Let’s say that you get a memory address and you want to know if it’s from the heap, the stack, or someplace else. Or yet, let’s say you have a .NET application consuming lots of memory, and you want to get a better understanding of this memory consumption. Read More...
Posted Tuesday, March 17, 2009 11:10 PM by Roberto Farah | 2 Comments

Special Command—Parsing Strings, Files, and Commands Output Using .foreach

This is by far one of the most powerful WinDbg commands. Even if you don’t create scripts, you’ll benefit from this command. It’s powerful because it’s flexible. You can use it for a huge variety of operations. The .foreach token parses the output of Read More...
Posted Thursday, March 12, 2009 1:41 AM by Roberto Farah | 1 Comments

[PowerShell Script] PowerDbg v5.0—Using PowerShell to Control WinDbg

I’m very excited to present the new PowerDbg v5.0! There’s just one change, but it’s a HUGE change that makes PowerDbg extremely fast and easier to use. Let me explain: Send-PowerDbgCommand is the heart of PowerDbg . This is the cmdlet that sends information Read More...
Posted Wednesday, February 04, 2009 3:38 AM by Roberto Farah | 1 Comments

Special Command—Listing the Nearest Symbols with ln

ln is a very useful command. It stands for list nearest. You provide an address as argumen t, and it gives you the closest symbol that matches the address. Of course, you have to be using the right symbols! Here is the syntax : ln [ address ] Example: Read More...
Posted Wednesday, June 11, 2008 3:23 AM by Roberto Farah | 1 Comments

Special Command: Using s to Explore The Memory

Very often I found myself scanning the stack or the entire virtual memory for the process to find information that may help me. This information may be strings, DWORDS, bytes, chars, etc… To accomplish this you should use the s command. Here I exemplify Read More...
Posted Tuesday, March 11, 2008 5:58 PM by Roberto Farah | 1 Comments

Special Command: Analyzing the Memory and Stack Using the dp* Command

When you need to see the raw call stack and memory, you have plenty of options. You can even leverage the WinDbg GUI to see them . Here I’m going to show you how to do that. dpa <address> L <range> dpa <startAddress> <endAddress> Read More...
Posted Saturday, February 23, 2008 10:18 PM by Roberto Farah | 2 Comments

Special Command: Displaying Memory Data Using the d* Command and Its Variations

The d* command and its variations are among the most commonly used commands. In this article I’m covering the most important combinations and showing their output. The d* command is used to display information from memory, including heap and stack. The Read More...
Posted Saturday, February 23, 2008 2:18 AM by Roberto Farah | 5 Comments

Special Command: Analyzing and Reconstructing the Stack Using the k* Command and Its Variations

I’m starting a new series of articles focused on explaining special commands and showing how they can be used. You can read about WinDbg commands using the WinDbg documentation ; however, sometimes you want to see the output of a specific command or you Read More...
Posted Friday, February 22, 2008 8:19 AM by Roberto Farah | 4 Comments
 
Page view tracker