Download this episode
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer.
This installment goes over the commands used to show the memory used in a user mode debug session. We cover these commands:
- !address -summary
- !address <addr>
- !vprot <addr>
- !mapped_file <addr>
Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.
[00:50] - Live Debug of Notepad
[01:10] - VMMap of Notepad
[02:08] - Virtual Address Space summary (!address -summary)
[04:30] - 'Large Address Space Aware' increases the VA space from 2GB to 4GB
[08:11] - Memory Mapped Files
[10:11] - Memory Type, State and Protection (inc. Guard Pages)
[21:22] - Allocation Base vs. Base Address (!address <addr>)
[26:52] - Virtual Protection shows the Alloc. Base Protection (!vprot <addr>)
[29:14] - Mapped Files (!mapped_file <addr>)
Available formats for this video:
Actual format may change based on video formats available and browser capability.
Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.