Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Windbg scripts, debugging and troubleshooting tools and techniques to help you isolate software problems.
Troubleshooting Software Problems: A Scientific Approach
Years ago, when working for an Escalation Team, we decided to create a documentation to formalize...
Author: rafarah Date: 07/03/2008
Special Command—Using Variables and Retrieving Information through Pseudo-Registers
WinDbg for 32 bits and 64 bits has a set of internal pseudo-registers that you can use as variables...
Author: rafarah Date: 06/16/2008
Special Command—.if and j to Use in Breakpoints and Scripts
The .if and j commands are used conditionally to execute a command or series of commands. .if is...
Author: rafarah Date: 06/12/2008
Special Command—Listing the Nearest Symbols with ln
ln is a very useful command. It stands for list nearest. You provide an address as argument, and it...
Author: rafarah Date: 06/10/2008
Special Command—Logging Commands Output and Commands History
If you’ve been following my blog you know I use .logopen and .logclose quite a lot, mainly in...
Author: rafarah Date: 06/10/2008
Special Command—How to See Different Call Stacks Only? !uniqstack
I’ve been travelling a lot in the US and Latin America: that’s why you haven’t seen any new posts...
Author: rafarah Date: 06/05/2008
Special Command—Using Breakpoints: bp, bm, ba, bu
When doing live debugging you’ll use breakpoints at some point when tackling a problem. A simple...
Author: rafarah Date: 05/01/2008
Special Command—Extracting Class and Struct Fields Using dt
dt is another command used almost all the time whenever you want to get the fields and type for a...
Author: rafarah Date: 04/21/2008
Special Command—Use lm* and Get All Details from Modules
Yet another basic and useful command: lm. Hmmmmm… OK so you already know this command. Great! But do...
Author: rafarah Date: 04/16/2008
[PowerShell Script] Displaying the Top 5 Exceptions and Up to 5 Different Call Stacks For Each Exception
During a lab I had about a month ago, one of my colleagues, Tag, whom I had opportunity to mention...
Author: rafarah Date: 04/14/2008
Special Command—Searching the Call Stack for Symbols or Modules Using !findstack
During your debugging session, you may find yourself trying to identify if a specific symbol or...
Author: rafarah Date: 04/08/2008
My Team is Hiring
All my posts are provided "AS IS" with no warranties, and confer no rights For PFE Job Opportunities...
Author: rafarah Date: 04/08/2008
[PowerShell Script] PowerDbg v3.1 - Using PowerShell to Control WinDbg
This new version has one more parser for !PrintException and a killer feature that my colleagues and...
Author: rafarah Date: 04/04/2008
Comparing RegEx.Replace, String.Replace and StringBuilder.Replace – Which has better performance?
A few days ago I was with Frank Taglianetti (no links here, he doesn’t have a blog yet), a PFE from...
Author: rafarah Date: 04/02/2008
Special Command: Using s to Explore The Memory
Very often I found myself scanning the stack or the entire virtual memory for the process to find...
Author: rafarah Date: 03/11/2008
Special Command: Repeating a Command Using z While a Given Condition is True
When doing live debugging, it’s not uncommon to have to repeat a set of commands until a condition...
Author: rafarah Date: 03/09/2008
Special Command: Using ~, the Thread Identifier
When debugging, most of the time, you have to see all stacks for all threads or to set the context...
Author: rafarah Date: 03/05/2008
Special Command: Using ??, @@c++() and poi() with C/C++ Expressions
I really like using C/C++ expressions from WinDbg. It’s a natural way to extract information from C...
Author: rafarah Date: 03/04/2008
Special Command: Advanced Symbol Searching Using x.
This is yet another command that has powerful capabilities. It’s very flexible, too. You can use...
Author: rafarah Date: 03/02/2008
Special Command: Using dv to See the Local Variables
The dv command stands for display variables. It’s easy to memorize. The reality, though, is in the...
Author: rafarah Date: 02/25/2008
Special Command: Analyzing the Memory and Stack Using the dp* Command
When you need to see the raw call stack and memory, you have plenty of options. You can even...
Author: rafarah Date: 02/23/2008
Special Command: Displaying Memory Data Using the d* Command and Its Variations
The d* command and its variations are among the most commonly used commands. In this article I’m...
Author: rafarah Date: 02/22/2008
Special Command: Analyzing and Reconstructing the Stack Using the k* Command and Its Variations
I’m starting a new series of articles focused on explaining special commands and showing how they...
Author: rafarah Date: 02/22/2008
[PowerShell Script] Displaying the Call Stack for Inner and Hidden Exceptions
This script automates a technique I’ve been using for a long time whenever I need to see the stack...
Author: rafarah Date: 01/15/2008
[PowerShell Script] Isolating the Threads Consuming High CPU
When helping my customers with scenarios in which the symptom is high CPU, I very often end up with...
Author: rafarah Date: 12/16/2007
[PowerShell Script] PowerDbg v2.3 - Using PowerShell to Control WinDbg
It has been a while since my previous blog post. I’ve been busy with other tasks, including the new...
Author: rafarah Date: 12/16/2007
[Recommended Books] Awesome Debugging Book
I’ve been exchanging e-mails with Mario Hewardt and Daniel Pravat, authors of the upcoming debugging...
Author: rafarah Date: 10/04/2007
[PowerShell Script] Saving a Module from a .NET Method Call
This is my first script using the PowerDbg functions. It’s a good example of how to use PowerDbg to...
Author: rafarah Date: 09/05/2007
[PowerShell Script] PowerDbg – Using PowerShell to Control WinDbg
[Note: According to Lee Holmes (one of the PowerShell creators) recommendation I changed the name...
Author: rafarah Date: 09/05/2007
Understanding "Magic" Pointers and Offsets
With this blog post I try to explain how "magic" pointers and offsets work. I just copied the term...
Author: rafarah Date: 08/07/2007
NetWiz - Tool to Assist Users in Using NMCap from Netmon 3
Last year my colleague Yuri Diogenes, a network specialist, asked me if I wanted to create a tool...
Author: rafarah Date: 07/31/2007
[Windbg Script] Disassembling Routines and Searching for Instructions
Sometimes you cannot avoid reading the disassembled code to look for a specific assembly...
Author: rafarah Date: 07/20/2007
Sherlock - Tool for Blocker Script analysis - SQL Server 2000 and 7.0
This blog article is about an old tool that never got a kb article (for some reason), but now has...
Author: rafarah Date: 07/09/2007
[Windbg Script] Saving a Module - Extracting Base Address and Image Name from a method call
After creating this script, I have used it in almost every case that requires decompilation, and I...
Author: rafarah Date: 07/02/2007
[Windbg Script] Serviced Components
A few days ago a friend of mine, Fabrício Catae, a SQL Server Ranger here at Microsoft, gave me an...
Author: rafarah Date: 06/04/2007
[Windbg Script] Disabling IsDebuggerPresent()
Years ago I needed to debug an application that just had the binary code with no symbols or source...
Author: rafarah Date: 05/23/2007
My Blog posts in Korean
Courtesy of Taehwa Lee (Jeff), a Microsoft DDK MVP. He writes articles for the biggest Korean device...
Author: rafarah Date: 05/15/2007
[Windbg Script] Get Portable Executable Headers
There are several tools you can use to read the image headers, like Dumpbin.exe and Link.exe, for...
Author: rafarah Date: 05/03/2007
[Windbg Script] Tracing MessageBox calls
In the past I worked on a support case where I needed to find out if some MessageBox from a C++...
Author: rafarah Date: 04/26/2007
[Windbg Script] Extracting Performance Monitor counters from .NET application
Have you ever had a situation where you find yourself debugging a dump from ASP.NET when suddenly...
Author: rafarah Date: 04/18/2007
[Windbg Script] Tracing API calls
This is a very simple script, yet powerful script. You can use it to see the APIs an application is...
Author: rafarah Date: 04/13/2007
[Windbg Script] Playing with Notepad
This is one of my “just for fun” scripts. It’s very simple and has some limitations, but it’s fun!...
Author: rafarah Date: 04/10/2007
[Windbg Script] Retrieving queries/stored procedures from .NET application
Ok, you are debugging a .NET application. You need to find out the queries and stored procedures...
Author: rafarah Date: 04/04/2007
[Windbg Script] Connections from Pool
If you are like me, you may forget the classes and namespaces you need to find out some specific...
Author: rafarah Date: 03/30/2007
[Windbg Script] Playing with Minesweeper
First, this script is not really about cheating. It does that with Minesweeper, but there are...
Author: rafarah Date: 03/27/2007
[Windbg Script] Retrieving information from ASP
Have you ever had this situation: You need to get ASP information from an IIS process? If yes, you...
Author: rafarah Date: 03/21/2007
[Windbg Script] Digging the Call Stack
Windbg has a lot of commands and command variations, so sometimes you may forget some of them, like...
Author: rafarah Date: 03/18/2007
Read Me
The purpose of this blog is to provide you with information that will help you during debugging...
Author: rafarah Date: 03/18/2007