Channel 9

Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

MSDN

Activity Profile

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements
Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Defrag Tools: #20 - WinDbg - Basic Commands

Embed code for this video

Copy the code above to embed our video on your website/blog.

Close

Video format

Option selected may change based on video formats available and browser capability.

Close

Download

How do I download the videos?

  • To download, right click the file type you would like and pick “Save target as…” or “Save link as…”

Why should I download videos from Channel9?

  • It's an easy way to save the videos you like locally.
  • You can save the videos in order to watch them offline.
  • If all you want is to hear the audio, you can download the MP3!

Which version should I choose?

  • If you want to view the video on your PC, Xbox or Media Center, download the High Quality WMV file (this is the highest quality version we have available).
  • If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality WMV file.
  • If you have a Zune, WP7, iPhone, iPad, or iPod device, choose the low or medium MP4 file.
  • If you just want to hear the audio of the video, choose the MP3 file.

Right click “Save as…”

In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer.

This installment goes over the commands used to show the state of debug session. It also shows some of the basic commands used to view process and thread information of a user mode process. We cover these commands:

  • version
  • vertarget
  • |
  • ||
  • .sympath
  • .srcpath
  • .exepath
  • .extpath
  • .chain
  • !analyze -v
  • .bugcheck
  • !error
  • ~
  • ~NNs
  • ~~[TID]s
  • ~*k
  • ~*r
  • !process 0 17
  • !threads
  • !findstack
  • !uniqstack
  • !peb
  • !teb
  • k= <addr> <addr> <frames>
  • dps
  • dpu
  • dpa
  • dpp
  • .reload /f
  • .reload /user
  • !gle
  • !tls

Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.

Resources:
Microsoft Windows SDK for Windows 7 and .NET Framework 4
System Error Codes

Timeline:
[01:01] - Live Debug of Notepad
[02:14] - Overview of the debug session (version)
[03:10] - OS Version/Architecture and System/Debug/User/Kernel times (vertarget)
[09:03] - Process and System Status (| {pipe}, || {double pipe})
[10:16] - Symbol Path (.sympath)
[10:52] - Source Path (.srcpath)
[11:00] - Executable Path (.exepath, lmvm - Memory Mapped Image File)
[11:40] - Extension Path (.extpath)
[12:20] - Loaded Extensions (.chain)
[13:43] - !analyze is for both User and Kernel crashes (!analyze -v)
[14:56] - Bugcheck code and arguments (.bugcheck)
[15:26] - Error Code Lookup (!error)
[16:04] - Threads in a User Process (~ {tilde})
[17:33] - Change Current Thread Context (~NNs) 
[20:13] - Show all the call stacks or registers (~*k, ~*r)
[21:04] - Change Current Thread Context by TID (~~[TID]s) 
[24:18] - Show all the call stacks in all the processes in a kernel session (!process 0 17)
[25:29] - Configuration summary of all thread (!threads)
[26:54] - Find call stack (!findstack)
[27:35] - Unique call stacks (!uniqstack)
[28:30] - Process Environment Block (!peb)
[30:50] - Thread Environment Block (!teb)
[32:02] - Buffer Overflow of a stack variable
[33:11] - Call Stack Recreation (k= <addr> <addr> <frames> {x64})
[34:40] - Display Pointers as a Symbol, Unicode, ANSI or Pointer (dps, dpu, dpa, dpp)
[37:40] - Force the loading of symbols (.reload /f)
[38:43] - Force the loading of user symbols in the kernel when you change thread context (.reload /user)
Note: /u is for unload, not load user symbols - that's why Chad is the kernel guy!
[39:18] - SetLastError/GetLastError value in the TEB (!gle)
[40:14] - Thread Local Storage values in the TEB (!tls)

 

Tags:

Follow the Discussion

  • MagicAndre1981Magic​Andre1981 xperf addicted

    [02:14] - Overview of the debug session (version)

    Why do you sue such an old WinDbg version and not the versiom from the Win8 SDK?

    [03:10] - System/Debug/User/Kernel times (vertarget)

    Windows doesn't reset this time.


    Can you provide a cmdtree files which the users can load with .cmdtree to access the commands faster? I think this is better instead of wrting all commands in the shownotes each time you create a video.

  • martinminemartinmine I see you're a coder, I'm pretty much a coder myself

    Nice episode! Big Smile Are you guys gonna cover how to analyze managed memory as well? 

  • Andrew Richardswindev Andrew Richards

    @martinmine: It's one the road map... Smiley

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.

More episodes in this show

See More

Related posts

Creative Commons License

© 2013 Microsoft. Except where designated as licensed by
Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License,
Microsoft reserves all rights associated with the materials on this site.