WinDbg Resources

I’ve been chasing an issue for more than a week now. The nice benefits is that it improved my WinDbg skills. Here is a repository of the things I need to come back to, each time I start again to use with WinDbg again. I’ll do my best to keep adding information that I use.

The path under the Windows Kits where to find the latest debugger installer is ...\Windows Kits\8.0\WDK\Installers. The files are:
X86 Debuggers And Tools-x86_en-us.msi
X64 Debuggers And Tools-x64_en-us.msi
Windows Debugging VS Integration-x86_en-us.msi (this is the nice integration in VS 2012)

As far as the debugging symbols go:
setx _NT_SYMBOL_PATH "SRV*c:\Symbols*http://msdl.microsoft.com/download/symbols"

The online help can be found under Debugger Commands (Windows Debuggers).

As I’m using several Virtual Machines in addition to my desktop machine, I like using the File|Open Workspace in File... and File|Save Workspace to File... to be able to easily share those between “machines”.

Here is the typical shortcut I create on my desktop:
"C:\Program Files\Windows Kits\8.0\Debuggers\x86\windbg.exe" -o -Q -WF "C:\Users\concrt\Desktop\IEXPLORE32.WEW" "C:\Program Files\Internet Explorer\iexplore.exe"

!handle, !gle, !peb, !teb and !stl are very useful commands.

I like to add the SDbgExt extension to be able to use the !objname, !stlstring, !stlwstring, !stlset, !stlmap, !stllist and !stlvector commands. (!sdbgext.help)

To see the list of loaded extensions: .chain

To do conditional breakpoints, I use that trick I got from Conditional breakpoints in WinDBG. I set the breakpoint with F9 then copy/paste the address instead of 0x12345678: bp 0x12345678 ".if @@c++( pPasture->countSheep > 16 ) {} .else {gc}"

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s