Category Archives: Debugging with windbg/cdb/ntsd

So I was recently helping someone investigate a startup issue using windbg.  Oftentimes it’s enough information to tell you some vital bit of information like "driver XYZ is crap – uninstall it and your life will be better" or "your … Continue reading →

Before, I mentioned using the z command as a way to figure out where an error HRESULT was occuring.  (Really, the best way is to have some decent tracing so you can see the failures in a debugger).    wt … Continue reading →

One of the things that I’ve been using a lot lately is memory access breakpoints.  I’ve found them really helpful for tracking down some ref-counting bugs, but they’re also great for catching data corruption. The basic idea is this – … Continue reading →

Windbg and friends has a default initial breakpoint that gets called after dependant dlls have been loaded so that you can get right to business debugging your app – but what if you want to debug the loading of those … Continue reading →

t ; z (@eax != 0x8007000EL) What does this cryptic command do for you?  I was recently helping a friend debug a failure where an error hresult was returned but it was the kind of error that could have been coming … Continue reading →

I was debugging a race condition recently and found that I didn’t have the information that I needed and couldn’t just look at the data without disrupting the race condition that was causing the problem.  Naturally, you’d generally do a … Continue reading →

Symbols are a necessary prerequisite to debugging (well, not really, but it’s so much nicer with them).  One thing that I didn’t realize before coming to MSFT was that Microsoft made it’s (stripped) symbols available publicly. SET _NT_SYMBOL_PATH to:symsrv*symsrv.dll*c:\symbols*http://msdl.microsoft.com/download/symbols VS … Continue reading →