Comment Feed for Channel 9 - Defrag Tools: #20 - WinDbg - Basic Commands http://media.ch9.ms/ch9/9c04/95b63a75-b936-459a-b725-bd26e1789c04/DefragTools20_220.jpg Channel 9 - Defrag Tools: #20 - WinDbg - Basic Commands In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the commands used to show the state of debug session. It also shows some of the basic commands used to view process and thread information of a user mode process. We cover these commands: version vertarget | || .sympath .srcpath .exepath .extpath .chain !analyze -v .bugcheck !error ~ ~NNs ~~[TID]s ~*k ~*r !process 0 17 !threads !findstack !uniqstack !peb !teb k= <addr> <addr> <frames> dps dpu dpa dpp .reload /f .reload /user !gle !tls Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution. Resources: Microsoft Windows SDK for Windows 7 and .NET Framework 4 System Error Codes Timeline: [01:01] - Live Debug of Notepad[02:14] - Overview of the debug session (version)[03:10] - OS Version/Architecture and System/Debug/User/Kernel times (vertarget)[09:03] - Process and System Status (| {pipe}, || {double pipe})[10:16] - Symbol Path (.sympath)[10:52] - Source Path (.srcpath)[11:00] - Executable Path (.exepath, lmvm - Memory Mapped Image File)[11:40] - Extension Path (.extpath)[12:20] - Loaded Extensions (.chain)[13:43] - !analyze is for both User and Kernel crashes (!analyze -v)[14:56] - Bugcheck code and arguments (.bugcheck)[15:26] - Error Code Lookup (!error)[16:04] - Threads in a User Process (~ {tilde})[17:33] - Change Current Thread Context (~NNs) [20:13] - Show all the call stacks or registers (~*k, ~*r)[21:04] - Change Current Thread Context by TID (~~[TID]s) [24:18] - Show all the call stacks in all the processes in a kernel session (!process 0 17)[25:29] - Configuration summary of all thread (!threads)[26:54] - Find call stack (!findstack)[27:35] - Unique call stacks (!uniqstack)[28:30] - Process Environment Block (!peb)[30:50] - Thread Environment Block (!teb)[32:02] - Buffer Overflow of a stack variable[33:11] - Call Stack Recreation (k= <addr> <addr> <frames> {x64})[34:40] - Display Pointers as a Symbol, Unicode, ANSI or Pointer (dps, dpu, dpa, dpp)[37:40] - Force the loading of symbols (.reload /f)[38:43] - Force the loading of user symbols in the kernel when you change thread context (.reload /user)Note: /u is for unload, not load user symbols - that's why Chad is the kernel guy![39:18] - SetLastError/GetLastError value in the TEB (!gle)[40:14] - Thread Local Storage values in the TEB (!tls)   en Sun, 26 May 2013 03:44:51 GMT Sun, 26 May 2013 03:44:51 GMT Rev9 Re: Defrag Tools: #20 - WinDbg - Basic Commands [02:14] - Overview of the debug session (version)

Why do you sue such an old WinDbg version and not the versiom from the Win8 SDK?

[03:10] - System/Debug/User/Kernel times (vertarget)

Windows doesn't reset this time.


Can you provide a cmdtree files which the users can load with .cmdtree to access the commands faster? I think this is better instead of wrting all commands in the shownotes each time you create a video.

posted by MagicAndre1981

]]> http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-20-WinDbg-Basic-Commands#c634920116775545115 Tue, 25 Dec 2012 05:54:37 GMT http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-20-WinDbg-Basic-Commands#c634920116775545115 MagicAndre1981 Re: Defrag Tools: #20 - WinDbg - Basic Commands Nice episode! Big Smile Are you guys gonna cover how to analyze managed memory as well? 

posted by martinmine

]]> http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-20-WinDbg-Basic-Commands#c634925513789613805 Mon, 31 Dec 2012 11:49:38 GMT http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-20-WinDbg-Basic-Commands#c634925513789613805 martinmine Re: Defrag Tools: #20 - WinDbg - Basic Commands @martinmine: It's one the road map... Smiley

posted by windev

]]> http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-20-WinDbg-Basic-Commands#c634946667159586167 Thu, 24 Jan 2013 23:25:15 GMT http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-20-WinDbg-Basic-Commands#c634946667159586167 windev