Jaa


WinDBG tutorial - Introduction

Learning Windows Debugging is a rather tedious job not necessarily due to the lack of documentation, but rather due to the lack of an "Idiots' guide to" WinDBG.

The following series of tutorials have as target the average noob in Windows Debugging. This obviously does not translate to "bad programming skills"- or "what is a function"- type of noobs.

Part I - Software prerequisites

For a quick start, here are the programs one needs to have installed:

1. Debugging tools for Windows (either x86 or 64 version): https://www.microsoft.com/whdc/devtools/debugging/default.mspx. The "Debugging tools" include several debuggers (WinDBG, cdg) and other additional tools (ADPlus, symchk, etc).

2. The Windows symbols: one should download the Windows symbols corresponding to one's development machine. The public symbols can be downloaded from: https://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx#d.

3. After installing the symbols to a local directory, one should set the path to the symbols. This is an environmental variable:

set _NT_SYMBOL_PATH = srv*DownstreamStore*\\Server\Share

If the local Symbol directory is C:\Symbols, then path should be:

set _NT_SYMBOL_PATH = srv*C:\Symbols*\\Server\Share

4. A development environment for compiling programs (e.g. Visual Studio 2008).

 

Part II - Symbols

The first question that should come up for the target noop of these tutorial is what are symbols?

The symbols are files (normally .PDB) which contain compiler-generated information that let the debugger resolve module names, function names, call stacks, frames and other data that can be found in the binaries of a program.

If one doesn't have symbols, one cannot debug a program, not only because the names of modules and functions are displayed in hexa, but also because the frames and stacks cannot be calculated. So: EXEs and DLLs contain raw bytes, PDB map these bytes to names.  

 

Part III - Documentation

Documentation:

1. The WinDBG Help. I myself don't have any expectations of finding relevant information in EXE files but this help files is really good.

2. MSDN documentation on symbols: https://msdn.microsoft.com/en-us/library/cc266472.aspx

3. MSDN Debugging techniques: https://msdn.microsoft.com/en-us/library/cc267480.aspx

4. Again the WinDBG help: the complete list of WinDBG commands can be found under: Index -> Debugging Tools for Windows -> Debuggers -> Debugger Reference -> Debugger Commands -> Commands.