Category Archives: windbg

Locating the file that a function (not on the stack) was written in

This question came up in one of the internal aliases a couple days ago.  While debugging, how do I find the source for a particular function that is not on the stack?  There are a couple caveats to consider first: … Continue reading

Posted in windbg | Leave a comment

Debugging a service startup

This question was floating around on one of the aliases a couple days ago, so I thought I would post it here to raise awareness.   Debugging a service at startup is tricky (just check out the support article).  If … Continue reading

Posted in windbg | Leave a comment

Getting the best of both worlds – kernel-mode debugging and user-mode debugging at the same time.

While there are lots of different ways to set up debugging, one very commonly requested method is a kernel mode debugger with user-mode piped into the kernel mode debugger.  Then, with judicious use of .breakin (to go user->kernel) and g … Continue reading

Posted in windbg | Leave a comment

Tech Talk – Debugging using the free Microsoft Debuggers

Just putting up the materials that I presented tonight.  It was a good discussion, although a much smaller crowd than I’m used to.  Hard to compete with a good football game sometimes. 🙂   Thanks to everyone for coming – … Continue reading

Posted in windbg | Leave a comment

Pre-caching symbols

Tomorrow, I’ll be presenting a tech-talk on using windbg to meet common debugging needs.  One of the big things that any presenter needs to do is remove things that could go wrong – first up on my list is caching … Continue reading

Posted in windbg | Leave a comment

Debugger command of the day !sym noisy

While debugging from home I’m using the public symbols which are downloaded from the web.  Sometimes they don’t match (right now I’m using a pre-release build), and it’s nice to know why.  !sym noisy tells me why a pdb does or … Continue reading

Posted in windbg | Leave a comment

Debugger Command of the day: !locks

!locks is available in kernel-mode or user-mode and will display all critical sections that are owned by the current process (or all of them, or orphans). This is a great way to see where your hang is coming from (and … Continue reading

Posted in windbg | Leave a comment