1. Common WinDbg Commands (Thematically Grouped)
(Documents/Command Lists)

Thematically grouped WinDbg command list - keep this on your desk if you use WinDbg! 1) Built-in help commands 9) Exceptions, events, and crash analysis 17) Information about variables ...

2. WinDbg. From A to Z!
(Documents/Presentations)

... "WinDbg. From A to Z!" turns out to be just as useful as WinDbg itself because it explains everything from simple things that you should know right away such as setting up symbols and the theory of command ...

3. ASP hang
(Forum/Crash Dump Analysis )

... 00333a30 003348c8 w3wp!wmain+0x22a 0014ffc0 7d4e7d42 00000000 00000000 fffdf000 w3wp!wmainCRTStartup+0x12f 0014fff0 00000000 010018f8 00000000 000000c8 kernel32!BaseProcessStart+0x28 STACK_COMMAND: ...

4. Can all commands be watched with WinDbg
(Forum/General Questions)

This is a very basic question. I have not been able to figure out the answer and I have been curious about this for a while. If I open an executable from WinDbg, is there a way to watch every single action ...

5. Can handled exceptions be seen with WinDbg
(Forum/Debugging of Managed-Code )

... WinDbg with the SOS extension? Conversely, are only unhandled exceptions caught by WinDbg? I saw she used the sxe command and thought it might be similar. ...

6. Common WinDbg Commands (Thematically Grouped)
(Forum/Article Discussions)

** This thread discusses the content article: Common WinDbg Commands (Thematically Grouped) ** ...

7. Crash location !
(Forum/Crash Dump Analysis )

... that some.dll is loaded at 017a0000. Can I use the following command in my winDBG session to locate the crash location? 0:007> ln 017a300B 012C300B - 0x012C0000 = 300B = crash location? For ...

8. Determing cause of access denied - USN Journal
(Forum/Kernel-Mode Debugging)

... of disk management. The tools have shown me that the problem lies in a few USN journal files near the end of the drive that will not move (or allow deletion.) When I run the fsutil command logged in ...

9. Memory Searching issue (command s)
(Forum/Kernel-Mode Debugging)

Hello! When I try to use the 's' command to search memory, it was coming up with no results. Upon dumping the memory region where I knew the byte-sequence I was looking for is located, the memory there ...

10. Minidump error
(Forum/Crash Dump Analysis )

... e0949b7c 00000000 00000000 00000000 hknlgi+0x3fb eeb9dddc e088e062 f3a552d0 00000000 00000000 nt!PspSystemThreadStartup+0x2e 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 STACK_COMMAND: ...

11. Re: Memory Access errors in the Kernel
(Forum/Kernel-Mode Debugging)

Brett, hi again. The following excerpt of the .process (Set Process Context) command explains it quite well. You might also take a look at .context (Set User-Mode Address Context) which is a very similar ...

12. Re: Pattern matching
(Forum/Article Discussions)

Hey hey Adrian, Thanks for your feedback. I encountered similar problems with this breakpoint command. It turns out that here and then the aliases get messed up by WinDbg. You can easily check what ...

13. Re: See in Memory Descriptor List whats on
(Forum/Kernel-Mode Debugging)

... including Windows Vista. On these systems, the Enable pool tagging check box on the Global Flags dialog box is dimmed and commands to enable or disable pool tagging fail.". Also alongside your WinDbg installation ...

14. Re: Unable to load image ntkrnlpa.exe
(Forum/Crash Dump Analysis )

...  However, moving the downloaded symbols to another Stratus server (I just keep mentioning Stratus so you guys know I'm talking about identical servers), has a negative result. Even though the command ...

15. Re: windbg question from kam
(Forum/Article Discussions)

... can easily get the base address of your driver too: > !lmi 77fba431 OR > lm vm 77fba431 Both commands will return the base/start address of your driver in memory. Then you would do something like ...

16. Re: Wrong display of function Names by WinDbg
(Forum/User-Mode Debugging)

... check out the .symfix+ command... If you aren't able to get the right PDB files any serious debugger will read at least the export symbols (functions) of your modules. Example: If you open MSVCR80.DLL ...

17. Re:Can all commands be watched with WinDbg
(Forum/General Questions)

Hi Will, yes it can be done with WinDbg. Let's start with the File->Open Executable from WinDbg's menu; this way WinDbg starts your application and actually stops after several system DLLs (for example ...

18. Re:Can all commands be watched with WinDbg
(Forum/General Questions)

Thanks Robert. You've given me a lot to work with. I am still in the "wide-eyed" stage of figuring out very basics. These things help me get a grasp much more quickly.

19. Re:Can handled exceptions be seen with WinDbg
(Forum/Debugging of Managed-Code )

... command. I hope this helps, RK :) ...

20. Re:Can macros be set up in WinDbg
(Forum/General Questions)

Hi Will, welcome. Short answer: Yes. Long answer: WinDbg offers a quite powerful mechanism called "Debugger Commands Programs". In fact this is a simple script-language where you can use all commands ...

21. Re:Debugging minGW/GCC built DLL in Visual Studio?
(Forum/Symbol and Source Files )

Edward, welcome. The short answer is it depends. PDB is Microsoft's proprietary format and is not documented. While MS offers APIs to read and extract data from PDBs (see DIA SDK - Debug Interface Access ...

22. Re:Unable to load image ntoskrnl.exe
(Forum/Crash Dump Analysis )

... won't help either. 3) Enter the following commands to WinDbg: > !sym noisy > ld ntoskrnl > .reload /f /v ntoskrnl.exe If everything went fine WinDbg will have loaded "ntoskrnl.exe" and ...

23. Re:Using WinDbg to examine ASP.NET applications
(Forum/Debugging of Managed-Code )

Will, Hi. The worker process for ASP.NET applications is aspnet_wp.exe which internally heavily relies on mscorwks.dll. TODOs: For instance you could use the following WinDbg commands after a ...