Windbg
Using Windbg, aka Debugging Tools for Windows, is a great way for debugging, crash analysis, and reading dump files. If you’re not a keyboard person who likes to write commands and be in the driver’s seat, you might not like it at the first glance, but after using it, you’ll appreciate its power. To give you a jump start on the available commands, here’s a a quick list of some handy commonly used ones:
| Command | Description |
| .loadby sos mscorwks | Loads SOS extension for dealing with the managed code. SOS extension comes with the .Net framework. That command will load SOS.dll which resides in the same directory as mscorwks, which must be in the address space |
| .load <path>\sos.dll | Loads SOS extension from explicitly specified location |
| .sympath srv*\\Symbols\Symbols | Sets the symbols lookup path to the symbol server |
| .sympath+ <path> | Appends the symbol lookup paths |
| .srcpath <path> | Sets the source lookup path. |
| .srcpath+ <path> | Appends the source lookup path |
| .exepath <path> | Sets the executable lookup path |
| ld * | Loads symbols for all modules |
| .reload | Reloads symbols |
| lm | Shows all loaded modules. You should run this command to check whether symbols are loaded for your binary |
| lm m *substring* | Shows all loaded modules that have "substring" in their names |
| .cls | Clears screen |
| .logopen c:\log.txt | Opens log file c:\log.txt. Now the output of all commands will also go into the text file you specified. This is extremely useful when you’re dealing with large amounts of data |
| .logappend c:\log.txt | Appends to the log file |
| .logclose | Closes any open log file. Use this command once you’ve gathered all information you need |
| .dump /ma c:\dump.dmp | Creates a dump file |
| !analyze | Analyzes the dump file. This command is useful for investigating dumps; it analyzes why the application hung or crashed, it’s also the most commonly-used command |
| !analyze –v | Analyzes the dump file, verbose |
| !analyze –vv | Analyzes the dump file, verbose verbose |
| .lastevent | Prints last event |
| !pe | Prints exception |
| kb | Prints stack trace. It stands for: Stack Backtrace |
| kb 50 | Shows 50 frames of the stack trace |
| ~*kb | Prints stack trace for all threads |
| ~ | Shows all active threads |
| K | Shows current thread’s stack |
| ~e*k | Shows call stacks for all threads |
| !threads | Lists managed threads |
| !ThreadPool | List thread pool threads |
| ~*e!clrstack | Call stack for all threads |
| !eeheap [-gc] [-loader] | Shows heap information |
| !DumpObject <address> | Prints content of the object |
| !DumpHeap -stat | Shows all allocated objects and provides more than enough information for investigations |
| !GCRoot | Shows GC roots |
| !FinalizeQueue | Shows finalize-able objects |
| !address | Displays information about the memory used by the process |
| !GCHandles | Shows statistics for GC handles in the process |
| !GCHandleLeaks | A helper command for tracking GC handle leaks |
| !help <command> | Displays help for the extension command (which starts with the bang), e.g.: !help PrintException |
For more info, please visit: http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx
