Episode
Defrag Tools: #13 - WinDbg
In this episode of Defrag Tools, Andrew Richards and Larry Larsen start walking you through the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer.
This first WinDbg installment configures the system to open dumps files via an adjusted Context Menu. It shows how to set WinDbg as the (AeDebug) postmortem debugger, and how to use ProcDump v5.1 to do the same but capture the process as a dump file. It then starts to explain some basic concepts of debugging: call stacks (k), registers (r) and exception context records (.ecxr).
Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.
Resources:
Microsoft Windows SDK for Windows 7 and .NET Framework 4
Sysinternals ProcDump
Timeline:
[00:00] - Windows 8 General Availability (GA)
[02:45] - WinDbg -IA - Register File Associations
[05:45] - Custom Context Menu
[10:15] - WinDbg -I - Register Postmortem Debugger
[11:07] - Custom AeDebug: -c ".jdinfo %p"
[15:00] - ProcDump v5.1: -i
[18:00] - Internals of Windows Error Reporting
[21:48] - Registers (r)
[29:50] - Exception Context Record (.ecxr)
[32:01] - Examples - NT Debugging Blog
[34:02] - MSJ Magazine - Under The Hood
[35:20] - Intel Developer's Manual
[38:40] - Next week, Call Stacks, Locals and .NET/Silverlight extensions
NT Debugging Blog: </archive/blogs/ntdebugging/>
Custom Context Menu (WinDbg -IA):
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT.dmp] @="WinDbg.DumpFile.1"
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1] @="WinDbg Post-Mortem Dump File" [HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\DefaultIcon] @=""C:\debuggers\windbg.exe",-3002" [HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell] @="Open"
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open] @="Open x&64" [HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open\command] @=""C:\debuggers\windbg.exe" -z "%1" -c ".prefer_dml 1""
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open_x86] @="Open x&86" [HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open_x86\command] @=""C:\debuggers_x86\windbg.exe" -z "%1" -c ".prefer_dml 1"" Custom AeDebug (WinDbg -I):
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug] "Auto"="1" "Debugger"=""C:\debuggers\windbg.exe" -p %ld -e %ld -c ".jdinfo %p""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug] "Auto"="1" "Debugger"=""C:\debuggers_x86\windbg.exe" -p %ld -e %ld -c ".jdinfo %p""
In this episode of Defrag Tools, Andrew Richards and Larry Larsen start walking you through the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer.
This first WinDbg installment configures the system to open dumps files via an adjusted Context Menu. It shows how to set WinDbg as the (AeDebug) postmortem debugger, and how to use ProcDump v5.1 to do the same but capture the process as a dump file. It then starts to explain some basic concepts of debugging: call stacks (k), registers (r) and exception context records (.ecxr).
Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.
Resources:
Microsoft Windows SDK for Windows 7 and .NET Framework 4
Sysinternals ProcDump
Timeline:
[00:00] - Windows 8 General Availability (GA)
[02:45] - WinDbg -IA - Register File Associations
[05:45] - Custom Context Menu
[10:15] - WinDbg -I - Register Postmortem Debugger
[11:07] - Custom AeDebug: -c ".jdinfo %p"
[15:00] - ProcDump v5.1: -i
[18:00] - Internals of Windows Error Reporting
[21:48] - Registers (r)
[29:50] - Exception Context Record (.ecxr)
[32:01] - Examples - NT Debugging Blog
[34:02] - MSJ Magazine - Under The Hood
[35:20] - Intel Developer's Manual
[38:40] - Next week, Call Stacks, Locals and .NET/Silverlight extensions
NT Debugging Blog: </archive/blogs/ntdebugging/>
Custom Context Menu (WinDbg -IA):
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT.dmp] @="WinDbg.DumpFile.1"
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1] @="WinDbg Post-Mortem Dump File" [HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\DefaultIcon] @=""C:\debuggers\windbg.exe",-3002" [HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell] @="Open"
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open] @="Open x&64" [HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open\command] @=""C:\debuggers\windbg.exe" -z "%1" -c ".prefer_dml 1""
[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open_x86] @="Open x&86" [HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open_x86\command] @=""C:\debuggers_x86\windbg.exe" -z "%1" -c ".prefer_dml 1"" Custom AeDebug (WinDbg -I):
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug] "Auto"="1" "Debugger"=""C:\debuggers\windbg.exe" -p %ld -e %ld -c ".jdinfo %p""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug] "Auto"="1" "Debugger"=""C:\debuggers_x86\windbg.exe" -p %ld -e %ld -c ".jdinfo %p""