Debugging Toolbox
Windbg scripts, debugging and troubleshooting tools and techniques to help you isolate software problems.
Troubleshooting Software Problems: A Scientific Approach
Years ago, when working for an Escalation Team, we decided to create a documentation to formalize...
Author: rafarah Date: 07/03/2008
Special Command—Using Variables and Retrieving Information through Pseudo-Registers
WinDbg for 32 bits and 64 bits has a set of internal pseudo-registers that you can use as variables...
Author: rafarah Date: 06/16/2008
Special Command—.if and j to Use in Breakpoints and Scripts
The .if and j commands are used conditionally to execute a command or series of commands. .if is...
Author: rafarah Date: 06/12/2008
Special Command—Listing the Nearest Symbols with ln
ln is a very useful command. It stands for list nearest. You provide an address as argument, and it...
Author: rafarah Date: 06/10/2008
Special Command—Logging Commands Output and Commands History
If you’ve been following my blog you know I use .logopen and .logclose quite a lot, mainly in...
Author: rafarah Date: 06/10/2008
Special Command—How to See Different Call Stacks Only? !uniqstack
I’ve been travelling a lot in the US and Latin America: that’s why you haven’t seen any new posts...
Author: rafarah Date: 06/05/2008
Special Command—Using Breakpoints: bp, bm, ba, bu
When doing live debugging you’ll use breakpoints at some point when tackling a problem. A simple...
Author: rafarah Date: 05/01/2008
Special Command—Extracting Class and Struct Fields Using dt
dt is another command used almost all the time whenever you want to get the fields and type for a...
Author: rafarah Date: 04/21/2008
Special Command—Use lm* and Get All Details from Modules
Yet another basic and useful command: lm. Hmmmmm… OK so you already know this command. Great! But do...
Author: rafarah Date: 04/16/2008
[PowerShell Script] Displaying the Top 5 Exceptions and Up to 5 Different Call Stacks For Each Exception
During a lab I had about a month ago, one of my colleagues, Tag, whom I had opportunity to mention...
Author: rafarah Date: 04/14/2008
Special Command—Searching the Call Stack for Symbols or Modules Using !findstack
During your debugging session, you may find yourself trying to identify if a specific symbol or...
Author: rafarah Date: 04/08/2008
My Team is Hiring
All my posts are provided "AS IS" with no warranties, and confer no rights For PFE Job Opportunities...
Author: rafarah Date: 04/08/2008
[PowerShell Script] PowerDbg v3.1 - Using PowerShell to Control WinDbg
This new version has one more parser for !PrintException and a killer feature that my colleagues and...
Author: rafarah Date: 04/04/2008
Comparing RegEx.Replace, String.Replace and StringBuilder.Replace – Which has better performance?
A few days ago I was with Frank Taglianetti (no links here, he doesn’t have a blog yet), a PFE from...
Author: rafarah Date: 04/02/2008
Special Command: Using s to Explore The Memory
Very often I found myself scanning the stack or the entire virtual memory for the process to find...
Author: rafarah Date: 03/11/2008
Special Command: Repeating a Command Using z While a Given Condition is True
When doing live debugging, it’s not uncommon to have to repeat a set of commands until a condition...
Author: rafarah Date: 03/09/2008
Special Command: Using ~, the Thread Identifier
When debugging, most of the time, you have to see all stacks for all threads or to set the context...
Author: rafarah Date: 03/05/2008
Special Command: Using ??, @@c++() and poi() with C/C++ Expressions
I really like using C/C++ expressions from WinDbg. It’s a natural way to extract information from C...
Author: rafarah Date: 03/04/2008
Special Command: Advanced Symbol Searching Using x.
This is yet another command that has powerful capabilities. It’s very flexible, too. You can use...
Author: rafarah Date: 03/02/2008
Special Command: Using dv to See the Local Variables
The dv command stands for display variables. It’s easy to memorize. The reality, though, is in the...
Author: rafarah Date: 02/25/2008
Special Command: Analyzing the Memory and Stack Using the dp* Command
When you need to see the raw call stack and memory, you have plenty of options. You can even...
Author: rafarah Date: 02/23/2008
Special Command: Displaying Memory Data Using the d* Command and Its Variations
The d* command and its variations are among the most commonly used commands. In this article I’m...
Author: rafarah Date: 02/22/2008
Special Command: Analyzing and Reconstructing the Stack Using the k* Command and Its Variations
I’m starting a new series of articles focused on explaining special commands and showing how they...
Author: rafarah Date: 02/22/2008
[PowerShell Script] Displaying the Call Stack for Inner and Hidden Exceptions
This script automates a technique I’ve been using for a long time whenever I need to see the stack...
Author: rafarah Date: 01/15/2008
[PowerShell Script] Isolating the Threads Consuming High CPU
When helping my customers with scenarios in which the symptom is high CPU, I very often end up with...
Author: rafarah Date: 12/16/2007
[PowerShell Script] PowerDbg v2.3 - Using PowerShell to Control WinDbg
It has been a while since my previous blog post. I’ve been busy with other tasks, including the new...
Author: rafarah Date: 12/16/2007
[Recommended Books] Awesome Debugging Book
I’ve been exchanging e-mails with Mario Hewardt and Daniel Pravat, authors of the upcoming debugging...
Author: rafarah Date: 10/04/2007
[PowerShell Script] Saving a Module from a .NET Method Call
This is my first script using the PowerDbg functions. It’s a good example of how to use PowerDbg to...
Author: rafarah Date: 09/05/2007
[PowerShell Script] PowerDbg – Using PowerShell to Control WinDbg
[Note: According to Lee Holmes (one of the PowerShell creators) recommendation I changed the name...
Author: rafarah Date: 09/05/2007
Understanding "Magic" Pointers and Offsets
With this blog post I try to explain how "magic" pointers and offsets work. I just copied the term...
Author: rafarah Date: 08/07/2007
NetWiz - Tool to Assist Users in Using NMCap from Netmon 3
Last year my colleague Yuri Diogenes, a network specialist, asked me if I wanted to create a tool...
Author: rafarah Date: 07/31/2007
[Windbg Script] Disassembling Routines and Searching for Instructions
Sometimes you cannot avoid reading the disassembled code to look for a specific assembly...
Author: rafarah Date: 07/20/2007
Sherlock - Tool for Blocker Script analysis - SQL Server 2000 and 7.0
This blog article is about an old tool that never got a kb article (for some reason), but now has...
Author: rafarah Date: 07/09/2007
[Windbg Script] Saving a Module - Extracting Base Address and Image Name from a method call
After creating this script, I have used it in almost every case that requires decompilation, and I...
Author: rafarah Date: 07/02/2007
[Windbg Script] Serviced Components
A few days ago a friend of mine, Fabrício Catae, a SQL Server Ranger here at Microsoft, gave me an...
Author: rafarah Date: 06/04/2007
[Windbg Script] Disabling IsDebuggerPresent()
Years ago I needed to debug an application that just had the binary code with no symbols or source...
Author: rafarah Date: 05/23/2007
My Blog posts in Korean
Courtesy of Taehwa Lee (Jeff), a Microsoft DDK MVP. He writes articles for the biggest Korean device...
Author: rafarah Date: 05/15/2007
[Windbg Script] Get Portable Executable Headers
There are several tools you can use to read the image headers, like Dumpbin.exe and Link.exe, for...
Author: rafarah Date: 05/03/2007
[Windbg Script] Tracing MessageBox calls
In the past I worked on a support case where I needed to find out if some MessageBox from a C++...
Author: rafarah Date: 04/26/2007
[Windbg Script] Extracting Performance Monitor counters from .NET application
Have you ever had a situation where you find yourself debugging a dump from ASP.NET when suddenly...
Author: rafarah Date: 04/18/2007
[Windbg Script] Tracing API calls
This is a very simple script, yet powerful script. You can use it to see the APIs an application is...
Author: rafarah Date: 04/13/2007
[Windbg Script] Playing with Notepad
This is one of my “just for fun” scripts. It’s very simple and has some limitations, but it’s fun!...
Author: rafarah Date: 04/10/2007
[Windbg Script] Retrieving queries/stored procedures from .NET application
Ok, you are debugging a .NET application. You need to find out the queries and stored procedures...
Author: rafarah Date: 04/04/2007
[Windbg Script] Connections from Pool
If you are like me, you may forget the classes and namespaces you need to find out some specific...
Author: rafarah Date: 03/30/2007
[Windbg Script] Playing with Minesweeper
First, this script is not really about cheating. It does that with Minesweeper, but there are...
Author: rafarah Date: 03/27/2007
[Windbg Script] Retrieving information from ASP
Have you ever had this situation: You need to get ASP information from an IIS process? If yes, you...
Author: rafarah Date: 03/21/2007
[Windbg Script] Digging the Call Stack
Windbg has a lot of commands and command variations, so sometimes you may forget some of them, like...
Author: rafarah Date: 03/18/2007
Read Me
The purpose of this blog is to provide you with information that will help you during debugging...
Author: rafarah Date: 03/18/2007