Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Defrag Tools: #13 - WinDbg

Download

Right click “Save as…”

In this episode of Defrag Tools, Andrew Richards and Larry Larsen start walking you through the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer.

This first WinDbg installment configures the system to open dumps files via an adjusted Context Menu. It shows how to set WinDbg as the (AeDebug) postmortem debugger, and how to use ProcDump v5.1 to do the same but capture the process as a dump file. It then starts to explain some basic concepts of debugging: call stacks (k), registers (r) and exception context records (.ecxr).

Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.

Resources:
Microsoft Windows SDK for Windows 7 and .NET Framework 4
Sysinternals ProcDump

Timeline:
[00:00] - Windows 8 General Availability (GA)
[02:45] - WinDbg -IA - Register File Associations
[05:45] - Custom Context Menu
[10:15] - WinDbg -I - Register Postmortem Debugger

[11:07] - Custom AeDebug: -c ".jdinfo %p"
[15:00] - ProcDump v5.1: -i <folder>
[18:00] - Internals of Windows Error Reporting
[21:48] - Registers (r)
[29:50] - Exception Context Record (.ecxr)
[32:01] - Examples - NT Debugging Blog
[34:02] - MSJ Magazine - Under The Hood
[35:20] - Intel Developer's Manual
[38:40] - Next week, Call Stacks, Locals and .NET/Silverlight extensions

MSJ (MSDN) Magazine:

Assembly Language
http://www.microsoft.com/msj/0298/hood0298.aspx
http://www.microsoft.com/msj/0797/hood0797.aspx

NT Debugging Blog:  http://blogs.msdn.com/b/ntdebugging/

Debugging Techniques
http://blogs.msdn.com/b/ntdebugging/archive/2007/06/13/hung-window-no-source-no-problem-part-1.aspx
http://blogs.msdn.com/b/ntdebugging/archive/2007/06/15/hung-window-no-source-no-problem-part-2.aspx
http://blogs.msdn.com/b/ntdebugging/archive/2007/06/15/this-button-doesn-t-do-anything.aspx

Fundamentals
http://blogs.msdn.com/b/ntdebugging/archive/tags/fundamentals+exercise/

Puzzles
http://blogs.msdn.com/b/ntdebugging/archive/tags/puzzler/

Custom Context Menu (WinDbg -IA):

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.dmp]
@="WinDbg.DumpFile.1"
 
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1]
@="WinDbg Post-Mortem Dump File"
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\DefaultIcon]
@="\"C:\\debuggers\\windbg.exe\",-3002"
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell]
@="Open"
 
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open]
@="Open x&64"
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open\command]
@="\"C:\\debuggers\\windbg.exe\" -z \"%1\" -c \".prefer_dml 1\""
 
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open_x86]
@="Open x&86"
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open_x86\command]
@="\"C:\\debuggers_x86\\windbg.exe\" -z \"%1\" -c \".prefer_dml 1\""

Custom AeDebug (WinDbg -I):

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]
"Auto"="1"
"Debugger"="\"C:\\debuggers\\windbg.exe\" -p %ld -e %ld -c \".jdinfo %p\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug]
"Auto"="1"
"Debugger"="\"C:\\debuggers_x86\\windbg.exe\" -p %ld -e %ld -c \".jdinfo %p\""

Tags:

Follow the Discussion

  • MagicAndre1981Magic​Andre1981 xperf addicted

    [05:45] - Custom Context Menu

    you should use this cool tool:

    http://defaultprogramseditor.com/doc/context_menu_page.png" alt="">

     http://defaultprogramseditor.com/

    I never understood why you removed this functionality in Vista.

    [15:00] - ProcDump v5.1: -i <folder>

    Procdump 5.1 is still not out


    .

  • CharlesCharles Welcome Change

    !analyze -v (I might as well have this tattooed on by arm... Timely. I've been using WinDbg several hours a day for the past several weeks...)

    C

  • Andrew Richardswindev Andrew Richards

    @Magic: ProcDump v5.1 -- nearly there. It's going through the final phases to get published externally. Hopefully this week.

    @Charles!analyze -v is covered in Episode #15 (Kernel Analysis), and will get mentioned again in Episode #17 (User Analysis).

  • RonaldRonald

    Hi Andrew, your're doing a fantastic job in this Defrag Tools series. I just find your delivery is too fast at times (I'm French) and I often miss bits. If you could slow down a bit ... :-) You're followed worldwide !

    Looking forward to next episode.

    Ronald

  • JamesJames

    Finally something worth watching on c9. Been waiting for up to date debugger videos for ages.
    I'm also waiting on real kernel programming and c++11 videos. *Hint hint*

    Andrew Richards, yes please do go on. If you would make a video series of windbg and debugging techniques that are 40 hours per week, i would watch it.

    I'm saying the content demand for this stuff is pretty high.

    Just one note about reducing the 40 hour subject into 40 minutes. Please do not dumb it down. We are not idiots or children.
    The more detailed explanation the better. Do not jump over things because they are "too technical".

    This stuff is not hard. Memory intensive, yes but not mentally hard.

    Would be fun to hear how you would debug a multi-process crash. When i say multi-process i mean a program like Chrome.

    The debug tools are lacking when it comes to such crashes. Debugging tools always seem to be a few steps behind which in these modern days are quite frankly unacceptable. Like the non-optional metro ui for desktop computers or the locked in "secure boot" on x64 among other things W8.

    Hope to see you in many, many more videos ;)

  • Andrew Richardswindev Andrew Richards

    @James: we have 5 in the bag and still at least 3 more to tape to just cover the basics. I expect another 5-10 after that on advanced stuff.

    The main issue with reducing the courses down to a show format is the inability to interact with the students. When we get in to some particular concepts (breakpoints come to mind), we'll provide examples that you can (and should) repeat at home - as showing it once won't suffice.

    The other struggle for Chad and I is doing all of the debugging with public symbols and extensions - we have internal tools that rely on private symbols that get us to root cause within seconds (this is how OCA and WER scale). Its a training exercise for us too to do it the public way!

    Next week is loading SOS, then there are 2 on kernel, then 3 on useful commands. Well then go on to scenario based episodes using advanced techniques.

    Multi-process - will be sure to cover that .. It's not too hard if you use the right tool.

    The content is hard - yep wrong word - it is just information overload as you say - and we plan to keep it that way abd never miss a deep dive in to a concept.

    Once all this is done, we'll cover xperf - which is debatable more powerful than the debugger.

     

    Thanks for watching.

  • felix9felix9 the cat that walked by itself

    so this is actually the long awaited result of this post ?

    http://channel9.msdn.com/Forums/Feedback/Suggestion-WinDBG-tutorial-video-series-from-beginner-to-advanced

  • Andrew Richardswindev Andrew Richards

    @felix9: The Defrag Tools series arose as a spinoff of Defrag Show so that troubleshooting tools in general could be covered at depth. We did a lot of research in the forums and this was one of the posts we paid a lot of attention to. Golnaz (our great studio operator) organized Brad to tackle the managed code aspect of windbg in his series (http://channel9.msdn.com/Series/-NET-Debugging-Stater-Kit-for-the-Production-Environment) - while we were planning Defrag Tools.

    On Defrag Tools, we're being more generic than Brad's series and are talking about the basic commands and the underlying OS constructs you need to know about. We'll defer to Brad's series for specific (deep) managed code debugging tips. We will and do cover the basics (next week is all about getting SOS loaded - for example) of managed debugging.

    This is a show for you - steer us in the direction you want us to go... If you want more than 10 episodes on WinDbg, tell us that and we'll hold off transitioning to xperf and will keep on producing windbg content for you. Chad and I both train the user and kernel mode courses within Microsoft and can easily continue to dive deeper and wider - from the physical hardware, up through kernel mode, through user mode and up in to high constructs like managed and WinRT application code.

  • Can Windbg be used with windows 8 store apps ? Does the debugger suspend interact with the app lifecycle management ?

  • , phb3 wrote

    Can Windbg be used with windows 8 store apps ? Does the debugger suspend interact with the app lifecycle management ?

    Ditto.

    Was the debugger installation instructions from episode #1 ever updated for Win8?

    Windbg is supposed to be integrated into Visual Studio 2012 now but I don't see it anywhere?

    I had to install Window 8 Driver SDK for windbg x64 and x32 to show up.

    Might also be included with Windows 8 SDK download.

     

  • MagicAndre1981Magic​Andre1981 xperf addicted

    , phb3 wrote

    Can Windbg be used with windows 8 store apps ? Does the debugger suspend interact with the app lifecycle management ?

    yes:

    Launching Windows Store App under a Debugger

    http://blogs.msdn.com/b/webapps/archive/2012/11/23/launching-windows-store-app-under-a-debugger.aspx

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.