Defrag Tools #173 - Troubleshooting with the Windows Sysinternals Tools, 2nd Edition

Sign in to queue

The Discussion

  • User profile image
    claudiamcse

    Thank you for sharing! Great video. I look forward to reading the book!

  • User profile image
    Luke

    Hi,

    Have you ever used windgb extention cmkd.dll from http://www.codemachine.com/cmkd.html to extract the first four arguments passed to calls on x64n stacks, like so?
    0:000> !cmkd.stack -p
    Call Stack : 7 frames
    ## Stack-Pointer Return-Address Call-Site
    00 000000a408c7fb28 00007ffda95b1148 ntdll!NtWaitForSingleObject+a
    Parameter[0] = 0000000000000034
    Parameter[1] = 0000000000000000
    Parameter[2] = 0000000000000000
    Parameter[3] = (unknown)
    01 000000a408c7fb30 00007ff7e44c13f1 KERNELBASE!WaitForSingleObjectEx+98
    Parameter[0] = 0000000000000034
    Parameter[1] = 00000000ffffffff
    Parameter[2] = 0000000000000000
    Parameter[3] = 00007ff7e44cba28
    02 000000a408c7fbd0 00007ff7e44c3fed ConsoleApplication2!main+41
    Parameter[0] = (unknown)
    Parameter[1] = (unknown)
    Parameter[2] = (unknown)
    Parameter[3] = (unknown)

    Is this extention safe?

    Thx,
    Luke

  • User profile image
    ChadBeeder

    @Luke: I haven't used that debug extension, but I have met the Codemachine guys, and I have no reason to think it wouldn't work as advertised.

  • User profile image
    Maria​Hamilton

    I use it all the time @Luke. I am mainly analyzing crash dumps rather than debugging live x64 systems, though (it's unusual that a problem only turns up on x64 boxes, so if I have to debug something I tend to do it on an x86 one).

Add Your 2 Cents