Unable to execute extension commands in WinDBG

(Sorry for the analogous question I posted, I've modified it.) I'm trying to debug an excutable PE file on windows XP to see how PDE and PTE works in a real system. I've learned that windbg have some commands to see the details. It seems that !pte wo

Get the right native .net symbols for Windbg

I'm doing some crash dump debugging, where I am looking a dump taken from a production server. The machine I'm running WinDbg on must have a slightly different version of the .NET runtime installed -- I'm getting errors loading the native images of .

Windows Segment Segment Header Analysis and Size Calculation

How can I calculate heap chunk size from raw bytes read from memory. I tried below thing. 0:001> !heap Index Address Name Debugging options enabled 1: 00500000 2: 00280000 3: 008f0000 4: 00ab0000 5: 00cc0000 0:001> !heap -a 00500000 .. .. Heap entri

Windbg, how to read the output! Locks?

I am debugging a program which I suspect there could be deadlock or other mutli-thread related bug, I follow people's suggestions to use WinDBG to open the crash dump file and used !locks to get the following output: CritSec MSVCR100D!lclcritsects+48

WCF self-hosted service at maximum cpu load

I am looking into an issue at work with a WindowsService that is taking 100% CPU on a machine with 16 CPU's. The service is hosting a self-hosted .NET WCF service. I have received a crash dump which I have loaded up in windbg, in order to look for cl

Win7 SDK installed. Can not find winDbg

I installed everything including the debugging tools. I've looked through the Microsoft SDK folder and couldn't find anything that resembled winDbg or an installer for it. Anyone? Edit: I'm trying to use a dump file to figure out why I had a BSOD. Wi

Can Reserved Memory Cause Out of Memory Exception?

We have a 32 bit windows service that leaks memory - OutOfMemory exception is thrown. It is .net 4.0 executable running on windows server 2003. While debugging crash dump files using WinDbg, I see that most of the memory is actually reserved and not

Can I track registry access in WinDbg as Process Monitor?

I have received a WinDbg log and a Process Monitor log. Some of the items are shown in WinDbg and in Process Monitor, i.e. Module Load events. I think I would also be able to trace Thread Exit events if I use sxe -c ".echo Thread Exit;g" et or s

What is .ni.dll and .ni.exe files in a minidump?

I got a minidump from the Windows Store Apps submission process (sent by a reviewer) because of a crash in my app. I am having problems loading the symbols for my app, because the error occurs inside App.ni.exe, a file which I don't know where comes

WinDbg, SOS, how to empty all the strings on the stack

How can I print the string value of all the System.String objects on the current thread's clrstack? Pseudo code for what I want to do: foreach ($string in !dso -type System.String) !do $string or better yet foreach ($string in !dso -type System.Strin

WinDBG - ASP.NET and VB.NET - .loadby sos clr

I am trying to use WinDBG to create a breakpoint in a source file. I have followed the advice here: http://www.codeproject.com/Articles/22245/Quick-start-to-using-WinDbg, but when I press F5 I get an error which says: Unable to insert breakpoint 0 at

Debugging an IndexOutOfRangeException Exception in WinDBG

i am trying to debug some .NET executable (that i don't have the source code for) which is acting strange. When attaching to it using WinDBG, i've noticed it's throwing an IndexOutOfRangeException. I am trying to understand which line is actually thr

Application crash when creating the stl string

I am getting an application crash in two locations of my application. One of the locations is the following statement of the method given below. The application crashes while creating an stl string object for the string pass to LogMessage method. EMC

! heap failed. Invalid type information for ntdll! _HEAP_ENTRY

I'm trying to dump heap information from full dump memory file sitting on Windows Server 2003 SP2 x86. Dump was created for 32-bit mixed (native/clr) application which was running on Windows Server 2003 SP2 x64 machine. From the following windbg log

Using Windbg from Visual Studio

Is it possible to use windbg commands like !locks and .loadby sos mscorwks from the Visual Studio command window (in a debug session)? I've noticed I can use eg k to print a stack trace, so I was wondering if there is some way to get access to the ot

How to see the value of the GDTR?

In the book "Rootkit Arsenal" page 84 (Chapter 3) mentions: ..., we can view the contents of the target machine's descriptor registers using the command with the 0x100 mask: kd> rM 0x100 and a paragraph below: Note that the same task can be a

How to crack WinDbg in an anonymous method?

Title kinda says it all. The usual SOS command !bpmd doesn't do a lot of good without a name. Some ideas I had: dump every method, then use !bpmd -md when you find the corresponding MethodDesc not practical in real world usage, from what I can tell.

Finding symbols for the C ++ source file

I have a project that is C++ WIN32 project. I found a problem that some symbol can be recognized by the windbg but some don't. I don't know why. The characteristics are: 1) both are C++ method 2) both function are in one .cpp file 3) the two function

OutOfMemory, but not gcroots for many objects

We are developing a rather large Windows Forms application. In several customers' computers it often crashes with OutOfMemory exception. After obtaining full memory dump of the application moments after the exception (clrdump invoked from UnhandledEx