Category Archives: windbg

This question came up in one of the internal aliases a couple days ago.  While debugging, how do I find the source for a particular function that is not on the stack?  There are a couple caveats to consider first: … Continue reading →

This question was floating around on one of the aliases a couple days ago, so I thought I would post it here to raise awareness.   Debugging a service at startup is tricky (just check out the support article).  If … Continue reading →

While there are lots of different ways to set up debugging, one very commonly requested method is a kernel mode debugger with user-mode piped into the kernel mode debugger.  Then, with judicious use of .breakin (to go user->kernel) and g … Continue reading →

Just putting up the materials that I presented tonight.  It was a good discussion, although a much smaller crowd than I’m used to.  Hard to compete with a good football game sometimes.   Thanks to everyone for coming – we … Continue reading →

Tomorrow, I’ll be presenting a tech-talk on using windbg to meet common debugging needs.  One of the big things that any presenter needs to do is remove things that could go wrong – first up on my list is caching … Continue reading →

While debugging from home I’m using the public symbols which are downloaded from the web.  Sometimes they don’t match (right now I’m using a pre-release build), and it’s nice to know why.  !sym noisy tells me why a pdb does or … Continue reading →

!locks is available in kernel-mode or user-mode and will display all critical sections that are owned by the current process (or all of them, or orphans). This is a great way to see where your hang is coming from (and … Continue reading →

This is a generic expression evaluator, so it should probably be contrasted with the others.  But first, ?? evaluates an expression using the C++ evaluator (the default is MASM). operator evaluator can be used inline? example ?? C++ start only … Continue reading →