Getting Ready for Windows Debugging
Welcome to the Microsoft NTDebugging blog! I’m Matthew Justice, an Escalation Engineer on Microsoft’s Platforms Critical Problem Resolution (CPR) team. Our team will be blogging about troubleshooting Windows problems at a low level, often by using the Debugging Tools for Windows. For more information about us and this blog, check out the about page.
To get things started I want to provide you with a list of tools that we’ll be referencing in our upcoming blog posts, as well as links to some technical documents to help you get things configured.
The big list of tools:
The following tools are part of the “Debugging Tools for Windows” – you’ll definitely need these
https://www.microsoft.com/whdc/devtools/debugging/
· windbg
· cdb
· ntsd
· tlist
· gflags
· adplus
· UMDH
· symcheck
Sysinternals provides some great tools that we’ll be discussing
· Process Explorer
· Process Monitor
· Regmon
· Filemon
· DbgView
· Handle.exe
· Tcpview
· LiveKD
· AutoRuns
· WinObj
There are many tools contained in “MPS Reports” (MPSRPT_SETUPPerf.EXE), but I’m listing it here specifically for Checksym
· Checksym
“Windows Server 2003 Resource Kit Tools” is another great set of tools. In particular Kernrate is a part of that package
· Kernrate
Windows XP SP2 Support Tools
· netcap
· poolmon
· memsnap
· tracefmt (64-bit versions available in the DDK)
· tracelog
· tracepdb
· depends
· pstat
“Visual Studio “ – in addition to the compilers and IDE, the following tools come in handy:
· SPY++
· dumpbin
Perfwiz (Performance Monitor Wizard)
DebugDiag
https://www.iis.net/handlers/895/ItemPermaLink.ashx
Userdump (User Mode Process Dumper)
Dheapmon (Desktop Heap Monitor)
Netmon 3.0
§ Go to https://connect.microsoft.com/
§ Sign in with your passport account
§ Choose "Available Connections" on the left
§ Choose "Apply for Network Monitor 3.0” (once you've finished with the application, the selection appears in your "My Participation" page)
§ Go to the Downloads page (On the left side), and select the appropriate build 32 or 64 bit build.
Some articles you may find useful:
Debugging Tools and Symbols: Getting Started
https://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx
Boot Parameters to Enable Debugging
https://msdn2.microsoft.com/en-us/library/ms791527.aspx
How to Generate a Memory Dump File When a Server Stops Responding (Hangs)
https://support.microsoft.com/kb/303021/
After installing the “Debugging Tools for Windows”, you’ll find two documents at the root of the install folder that are helpful:
· kernel_debugging_tutorial.doc - A guide to help you get started using the kernel debugger.
· debugger.chm - The help file for the debuggers. It details the commands you can use in the debugger. Think of this as a reference manual, rather than a tutorial.
Comments
- Anonymous
July 10, 2007
The comment has been removed - Anonymous
November 08, 2007
We are testing our Windows Server based product on Longhorn and are debugging a memory leak in a stress environment. Look at the UMDH log (snippet below). The first stack trace (BackTrace162528) is suspect, but inspite of all symbols being present, the trace is incomplete (shows only the call to RtlAllocateHeap).. Can you guys tell me what's going on? Is this a bug with UMDH on Longhorn?
- 36686968 ( 40772037 - 4085069) 13723 allocs BackTrace162528
- 4185 ( 13723 - 9538) BackTrace162528 allocations ntdll!RtlAllocateHeap+0000021D
- 811504 ( 811504 - 0) 1 allocs BackTraceD4354F4
- 1 ( 1 - 0) BackTraceD4354F4 allocations ntdll!RtlAllocateHeap+0000021D pdh!PdhiHeapAlloc+00000029 pdh!BuildNameTable+00000619 pdh!ConnectMachine+0000029C pdh!GetMachine+0000019F pdh!InitCounter+000000F3 pdh!PdhiAddCounter+000000AB pdh!PdhAddCounterW+000000F7 LMS20Rules!_CreatePdhQueryHelper+00000420 LMS20Rules!LMSRuleDLL_Interface::CreatePdhQueryNT5+0000002A LmsSs!LMS_Subsystem::SampleRuleLoads+00000034 LmsSs!LMS_Subsystem::UpdateLoadRecords+0000006D LmsSs!LMS_Subsystem::TimerWakeHandler+000000F0 ImaCommon!DispatchWorkItem+00000132 ImaCommon!WorkItemDispatchThread+00000322 MSVCR80!_endthreadex+0000003B MSVCR80!_endthreadex+000000C7 ntdll!__RtlUserThreadStart+00000023 ntdll!_RtlUserThreadStart+0000001B
Anonymous
May 07, 2008
Desktop heap is probably not something that you spend a lot of time thinking about, which is a good thing.Anonymous
July 03, 2008
very good information, receive a dump, loose my symbols path everything I need was here :)Anonymous
August 27, 2008
"이 문서는 http://blogs.msdn.com/ntdebugging blog 의 번역이며 원래의 자료가 통보 없이 변경될 수 있습니다. 이 자료는 법률적 보증이 없으며Anonymous
August 27, 2008
"이 문서는 http://blogs.msdn.com/ntdebugging blog 의 번역이며 원래의 자료가 통보 없이 변경될 수 있습니다. 이 자료는 법률적 보증이 없으며Anonymous
October 07, 2008
The comment has been removedAnonymous
October 07, 2008
"You probably can’t avoid tech support problems entirely, but by using tools that Microsoft’s Global