WINDBG (2)

Excerpted from: http://www.cnblogs.com/awpatp/category/228209.html Debug-related tips summary: 1. How to debug a child process of a process? Answer: Use WinDBG to attach to the parent process, and then enter the command ".childdbg 1" (without quotes). So when the child process is just loaded, WinDBG is attached. The debug sessions of these two processes are in a WinDBG window. If you want to switch the current process, you can use Command "|" to view all processes, use "|0s" to switch to the process with ID 0, and so on...Read more
 

Collection summary of some ADPlus configuration files: The breakpoint is set on the method ntdll!RtlEnterCriticalSection, once the method is executed, it will write log, record the callstack, and print the value of the register. The set breakpoint is on the address 77f5b380, and the action is the same as the previous one. <ADPlus> <!-- Configuring ADPlus for breakpoints --> <!...Read more
 

Kernel Mode Debugging Preliminary Summary: What is kernel mode debugging? Kernel debugging uses WinDBG to check restricted memory, call stack, internal data structure, internal layout, and system information of operating system components and drivers running in kernel mode Process. In kernel mode, you are debugging the entire operating system, not an application, thread, or process. This means that you have complete control over the execution of the program, and you need to ensure that you...Read more
 

Summary of some "magic" values commonly used in debugging: CCCCCCCC Use this value to mark uninitialized stack memory during Microsoft C++ debugging CDCDCDCD Use this value to mark uninitialized heap memory during Microsoft C++ debugging FEEEFEEE Microsoft's HeapFree function uses this value To mark the released...Read more
 

What is the use of poi in WinDBG? Abstract: The Poi operator can be used to dereference pointers in WinDBG. It is similar to the pointer operator* in the C language. For example, if an address is 0×00123456 Pointer, pointing to the address 0×00420000, that is, the value stored in the memory address address 0×00123456 0×00123456 0×...Read more
 

How to find the first to fourth parameters in a 64-bit dump? Abstract: The three methods explained in this article are very detailed, and you can also follow the author's code to experiment. Recommended. Challenges of Debugging Optimized x64 Code http:/ /blogs.msdn.com/b/ntdebugging/archive/2009/01/09/challenges-of-debugging-optimized-x64-code.aspx The other two articles are also worth a visit...Read more
posted @ 2012-08-03 14:03 Zhongdao Xueyou Reading (168) | Comments (0) Edit

An experiment summary of X64 Calling Convention: I haven’t updated the blog for a long time, and I have been busy recently. This article is transferred to my onenote, so it is available in both Chinese and English. Write it to yourself and share it with everyone. There is no need to struggle with language, just understand it. Haha. The following conclusion is very important, taken from <<Advanced Windows Debugging>> Page 606. Rcx: contains the 1st parameter passed to the function. Rdx: contains the 2nd parameter passed to the function. R8: contains the 3rd parameter passed to read the full text
 

Summary of Getting Started with WinDBG Script: Recently I started to see the use of WinDBG for unmanaged processes. Tess recommends to see the Debugging Toolbox. The first article stumped me, and the script could not be understood. I practiced it and found the following The content of the article is particularly helpful, so I reprint it here. The original address is First steps with WinDBG scripting... (Memento) http://www.msuiche.net/2007/08/03...Read more
 

Use PsExec to improve the security level of the command line and bypass Group Policy to execute the command summary: Once, I needed to capture Time Travel Tracing, abbreviated as TTT (a type of dump) on the customer's environment. But it just couldn't capture successfully. An error was reported As follows: The specific error message is as follows: c:\Debuggers\ttt>tttracer -dumpfull -out e:\tttoutput -attach 3384 Microsoft (R) TTTracer 2.010.40929 (Se...Read more
 

Unable to capture DUMP, error "Could not attach to process XXXX, NTSTATUS 0xC0000048" Abstract: Problem Description ================= We tried to use ADPlus to capture dump file. But the size of dump files are all under 20K. We tried it many times. Trouble Shoot ================= I tried ...Read more
 

Failed to load data access DLL, 0x80004005 Abstract: The first article of the new year, first of all, I wish you all good health and good work in 2012. Let me start with a simple article. 0:031> .load psscor2 0:031> !clrstack CLRDLL: CLR DLL load disabled Failed to load data access DLL, 0x80004005 Verify that 1) you have a rece...Read more
 

Remember a tangled troubleshooting-Use WinDBG to solve the problem of WinDBG HangSummary: This morning, the customer sent a hang dump and was anxious to see it. As a result, every time WinDBG clicked Open Crash Dump in the menu, it would hang. Try again, the result is the same. Restart WinDBG, the result is the same. Restart the machine, the result is the same. Uninstall and reinstall WinDBG, the result is the same. Suspected that there is a problem with Debug Diag 1.2, uninstall it, and the result is the same. Modified the default symbol path...Read more
 

[Tip] How to get the thread number of the thread where a callstack is located? Abstract: When checking the dump file, we often use the following command to get the call stack on all threads~*e !clrstack The output results are as follows: OS Thread Id : 0x1b30 (15) Child-SP RetAddr Call Site 0000000034a9ed00 000006424e611fc0 System.Thread...Read more
 

Remember a solution summary of the problem that BPMD cannot set a breakpoint when debugging a managed process live: Some DLLs of SharePoint 2010 will be optimized by a kind of pre-compiling, and the tool used is called Ngen.exe. After optimization, the managed dll will be made into a native image. After that, the Runtime will use the native image every time instead of the traditional managed DLL. This optimization can speed up the loading of the DLL, because many actions that need to execute the code are done in advance Well. However, such optimization will give Liv in WinDBG...Read more
 

A little summary of the experience: Today I solved a SharePoint performance problem by looking at dump, accidentally digging into the corner. Staring at the managed call stack. In fact, replace the k command to traverse the unmanaged call stack of each thread. You can see that most threads are waiting for SQL. Therefore, although w3wp.exe is mostly a managed thread processing page requests, when you find that the managed call stack information is limited, you may wish to change to the unmanaged call stack to check. Read the full text
 

View the memory command summary in WinDBG: When we analyze the problem in the debugger, we often need to view the contents of different memory blocks to analyze the cause, and then verify whether the assumptions made are correct. Due to the status of each object They are all stored in memory, so the content of the memory is equivalent to the state of the object. The most common format of the d command is to display the data stored in a certain address based on the specified type information. The debugger does not guess this What data is stored on the address, because in most cases the guess is wrong. So the user needs to explicitly specify the format in which to parse the data. Command...Read more
 

View the command summary of the variable in WinDBG: Command ============= Abbreviation of dv Display Variable, view local variable. dv /i View local variable, and display the symbol type and parameter type. dv / V View local variables and display the storage location of the variable. dv /V VariableName Specify the name of the variable to be viewed dv 02sample!gGlo* The dv command can have wildcards to view variables with a certain naming pattern. Example: dt Display Typ. ..Read the full text
 

Command summary for setting breakpoints in WinDBG: Command ==========~0 bp 02sample!KBTest::Fibonacci_stdcall "r esp" sets a breakpoint on the Fibonacci_stdcall function of the KBTest class on the zero thread, And execute the "r esp" command when the breakpoint is triggered. bl lists all the breakpoints that have been set bc *clear all breakpoints bp 02sample!KBTest::Fibonacci_stdcall "r esp;g" sets breakpoints on all threads, And execute the "resp;g" two commands when the breakpoint is triggered. bm 02sample!*kbtest* command bm can specify a symbol pattern in the parameter, so that a breakpoint will be set on all addresses that match this symbol. Use the above command to read the full text
 

Commands to view the call stack in WinDBG Summary: Command ========== k k command displays a certain number of stack frames, the number of frames is controlled by the .kframes command, and the default value is 256. kp 5 displays the first five functions in the call stack and their parameters. kb 5 displays the first five functions in the call stack and their first three parameters. kf 5 displays the size of the stack used by the five functions in the call stack. The calculation method of the space usage of each stack frame is: Subtract the stack base pointer of the current function with any function stack base pointer called in the function. Example: Manual stack construction practice-How to manually construct a call stack ============ First, use a few pictures to explain the characteristics of the stack, to help everyone understand. 1. The stack grows to a lower address. 2. Push data into the stack, the situation in the stack. 3 .Read the full text
 

View the command summary of the disassembly code of the function in WinDBG: Command========== u. U $ip The above two commands are the same in effect, disassembling 8 items on the current $ip address Command. uf. uf $ip The effect of the above two commands is the same, disassemble the entire function at the current $ip address. ub. ub $ip Disassemble the 8 instructions before $ip. ub $ip L2a Disassemble $ 42 instructions before the ip address. u $ip $ip+a Disassemble the instructions from address $ip to address $ip+10. Note that this includes $ip, not $ip+10. Example: Read the full text
 

Move EDI, EDI summary of the role: When playing WinDBG, I found that the first part of the disassembly code of the function always contains a move edi, edi instruction. For example, the following code generates the beginning part of the assembly code as follows: Push EBP and Mov The two instructions EBP and ESP are the instructions established by the standard stack frame, but what do Mov EDI and EDI do? It seems that it is a two-byte NOPInstructions. Positive solution: mov edi, edi is indeed a double-byte no-op instruction, its purpose is to make hot-patc...Read more
 

Base conversion and simple calculations in WinDBG Summary: Some simple calculations can be performed in WinDBG, such as the mutual conversion between hexadecimal and decimal, addition, subtraction, multiplication and division, etc. Example 1, Base conversion: Note that the second command in the above example tells us that when decimal numbers are expressed in windbg, the prefix "0n" should be added to the front, while the hexadecimal number does not need to be prefixed with "0x". Example 2 , Division calculation: Debugging Tips: Use windbg as a calculator, a chat...Read more
 

Pseudo-register summary: The names of many registers depend on the architecture of the processor, so it is difficult for users who occasionally use the debugger to remember the names of the registers on all platforms. To overcome this problem, the debugger development team introduced various A kind of pseudo-register (Pseudo-Register), the debugger maps these pseudo-registers to different hardware architectures. All pseudo-registers start with a dollar sign ($). If you use MASM syntax, you can precede the $ sign Add an @ symbol, this @ character will tell debugger the next tok...Read more
 

How to use symbol files? Abstract: Almost every command uses symbol information directly or indirectly. There are not many commands for symbol checking. The command to view symbols is x, which means "view symbol". The syntax is as follows: 0.00 >x [options] module!symbols Both module and symbols can contain wildcards. When debugging unfamiliar code, wildcards are a powerful tool because they enable us to guess the names of functions or global variables before reading the code. Among them, Functions with the prefix _imp...Read more
 

How to verify that the loaded symbol file matches the module? Abstract: You can use the !chksym command. This command accepts a memory address as a parameter, as long as the memory address is within the range of a module, the command will check the module Whether the symbol and module match. !chksym 01000005 An example is as follows: Read the full text
 

Successfully run WinDBG Commands–12-26-2010 Abstract: lm vm 02samp* lists module information, v stands for verbose, which means detailed, m stands for wildcards, 02samp* intent is to match all modules starting with 02samp !lmi 02sample displays the information in the module's header. !lmi accepts the module name or module address as a parameter! sym noisy !sym quiet The detailed output and non-detailed output of the symbol loading process. It is used to help you check the possible problems in the symbol loading process. ..Read the full text
 

Summary of some common forms of the .reload command: The .reload /f command will force the debugger to immediately parse all the symbol files associated with the module. So I thought, is there any command to immediately remove all the symbol files associated with the module? I found it I haven't found it for a long time, and finally found that the reverse command of .reload /f is .reload Other forms =========== .reload <module> Abandon the symbol information of the module <module>. Any action to resolve the symbol is Symbols will be reloaded from the hard disk...Read more
 

Summary of configuring the symbol path for <<Advanced Windows Debugging>>: It’s only on the paper, but I don’t know how to do it. I have started to run the examples in the AWD book. Download the source files, executable files and Symbol file. I encountered difficulties when setting the symbol path at the beginning, here is the process of solving the problem. First write the command that will work normally here: .sympath srv*c:\symstore.pri*http:// msdl.microsoft.com/download/symbols 1. Read the full text at http:...
 

What is a symbol file? Abstract: When building an application, library, driver or operating system, the compiler and linker will create .exe, .dll, .sys and other executable files (also known as binary files or At the same time, a certain number of additional files are also created. These files are also called symbol files. Starting from Windows XP and Windows Server 2003, symbol files only use the PDB format. Symbol files usually contain the following content: The name and address letter of global variables...Read more
 

Introduce a useful tool for grabbing dump-ProcDump Abstract: Procdump is a command-line tool developed by the lightweight Sysinternal team. Its main purpose is to monitor the abnormal movement of the CPU of the application and generate a crash dump when this is abnormal. File, for developers and administrators to determine the cause of the problem. You can also use it as a tool to generate dumps in other scripts. With it, there is no need to use it on the same server such as a 32-bit system Debug Diag 1.1 or ADPlus on 64-bit systems. Problem description...Read more
 

Remember a managed dump can’t view the managed call stack problem summary: A friend asked me to help look at a dump, I opened it and found a weird problem. Use the command "~*e!clrstack" to view the managed call stacks of all threads , Actually said that all threads are not managed threads. 0:045> ~*e!clrstackOS Thread Id: 0x16d4 (0)Unable to walk the managed stack. The current thread is likely not a manage...Read more
 

Use WinDBG to troubleshoot application crashes when loading. Summary: Suppose there is an application that crashes as soon as it starts. It is too late for you to use Visual Studio to attach, and the application will not be able to use Visual Studio to directly lunch. What should I do if such a problem occurs? In addition to using the method in <<Automatically grab a DUMP file when the process crashes>>, you can also use WinDBG to directly load the executable file of the application, and then exit the application System function up and down breakpoints, so as to get...Read more
 

How to clearly specify the debugger extension where the command is located? Abstract: The problem scenario is this, you are looking at the dump file and ran a command, but you think this command is a bit different from the output of the command you usually see. You I feel very confused. I wonder if this command does not belong to the debugger extension you want. What to do? For example, both psscor2.dll and sos.dll contain some commands, and your debugger loads two debuggers at the same time, and you run I have a! threads, but I don’t know this...Read more
 

!aspxpages (i.e.!dumphttpcontext) command output explanation summary: When troubleshooting ASP.NET website High CPU problems, hang dump is often used to determine the reasons that are difficult to find by conventional means. The !aspxpages command is often used to view the current process Those resources are being requested, and how long have the requested resources been running. The output sample of this command is as follows. 0:000> !aspxpagesGoing to dump the HttpContexts found in the heap.Loading the ...Read more
 

Can't view the dump file of .NET Framework 1.1? Abstract: The dump files that I often read are at least the dump file of .net framework 2. I didn't just open a dump of .net 1.1 and found that there are quite a few problems. After some exploration, I finally succeeded I checked this dump. The solution is as follows: 1. Install .net framework 1.1 on the machine where the debugger is located. 2. Install .net fraemwork 1.1 SP1 on the machine where the debugger is located 3. Use .loadby so...Read more
 

WinDBG command to capture Full Memory Dump Abstract: .dump /u /ma c:\temp\notepad.dmp Attached with ADPlus command example ADPlus -hang -p 1896 -o c:\temp ADPlus -hang -pn myapp.exe Read the full text
 

Introducing the SaveModule command summary in SOS: This command allows you to write an image (DLL, EXE) that has been loaded into memory back to a file. This is very useful, especially if you are debugging a full memory dump, and there is no Original exe or dll. This command is usually used to save a managed binary information to a file. Later you can use Reflector to disassemble the code inside. First, use the lm command to get the base address of the image. 0:000&g...Read more
 

How to get help on commands in WinDBG? Summary: Standard command help ===========?? /D meta command help=========== .help .help /D .help /D a* Extended command help ============= !help !help savemodule Open WinDBG's chm help in the command line============ = .hh .hh lm Reference: Windows Debuggers: Part 1: A...Read more
 

How do I know what process the dump currently grabbed belongs to from the WinDBG command line? Abstract: You can use the command "|", the English name of this command is called vertical bar. Example: 0:018> |. 0 id: 598 examine name: C :\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\OWSTIMER.EXE Reference material: WinDBG help read the full text
 

How to save the history of the commands that have been run in WinDBG? Abstract: For example, if you grab a full dump and debug a very complicated problem, you may already have the results, or you are still researching it. I was disturbed by my affairs and went home. I reopened the dump file the next day. I don’t remember where I did it yesterday. In other words, your colleague is very good. He analyzed the dump file and came to a conclusion. You want to learn Let’s take a look at his thoughts. In these two cases, it is quite helpful to let windbg write the previously entered commands into the file in order. Examples of commands are as follows: .writ...Read more
 

How to switch the current thread in WinDBG? Summary: The command is very simple: ~0s to switch to thread 0~3s to switch to thread 3 Some other commands: ~*e !clrstack Traverse each thread and output their managed call stack in turn . !threads View all managed threads Read the full text
 

A summary of some links to help beginners analyze the dump: Common WinDbg Commands (Thematically Grouped) http://windbg.info/doc/1-common-cmds.html Getting started with WinDbg and Sos.dll http://rynsim.spaces .live.com/blog/cns!1DA5A63F849536B6!671.entry Read the full text
 

Highlight the command you entered in WinDBG to distinguish it from the result output of the command. Summary: In the Command window of WinDBG, by default, the command you entered is easily mixed with the output of the command and nearby commands. When looking for the result of the previous command, the eyes will look tired. WinDBG provides an option through which you can set the color of the command input and output. Option name: Prompt level command window text Prompt level command windows text ba...Read more
 

How to save the output of commands in WinDBG to a text file? Abstract: Essentially, this function is WinDBG's log function is just an application. WinDBG's log function can record every command you use in WinDBG and its corresponding output. So how to turn on WinDBG's log function? First, you can choose to start WinDBG from the command line. For example, use the following command with the -logo parameter: Second, if you are already in a debug session, you can use the .logopen command to start logging. Answer in the title of this article...Read more
 

The call to LoadLibrary(YourExtensionName) failed, Win32 error 0n14001, "This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem." Abstract: With WinDBG, sometimes it is necessary to load some third-party debugger extension These extensions will provide some functions, such as dumping specific types of information, to help you complete the debugging tasks. When loading a third-party debugging extension, if you encounter an error similar to the title, what should you do? Reason == ======= This third-party extension development platform does not exist on the machine where the problem occurs...Read more
 

Using foreach in WinDBG Abstract: We can use the .foreach command to process the output results of one or more debugger commands, and each result in the result set can be passed as a parameter to one or more other commands. Syntax: .foreach [ Options] (Variable {InCommands}) {OutCommands }.foreach [Options] /s (Variable "InString") {OutCommands ...Read more
 

Summary of tools, counters, and WinDBG commands involved in studying managed memory issues: Window Task Manager============== Mem Usage represents the process working set (just like process\working set Performance counter). It does not indicate the number of bytes used (committed bytes). VM Size reflects the number of bytes used by the process (just like the process\private byte count performance counter). VM Size can provide the first clue as to whether you are facing memory leaks (if your application is leaking, VM Size will increase over time). GC performance...Read more
 

How to attach WinDBG during process creation Abstract: When troubleshooting errors when the service starts, the debugger will run in the background and we cannot interact with it. Because the service is running in a different winstation, this means we cannot Interact with them through the desktop. This also means that even if the loaded debugger is running, it is running in the background, and we cannot interact with it. The solution is to enter services.msc, find the properties of this service, and let it use the local system Account operation, and then check the option...Read more
 

Summary of WinDBG Common Command List: Start, Attaching, Executing and Exiting ===================== Start -> All Programs -> Debugging Tools for Windows -> WinDBG start F6 attach to process Ctrl-Break...Read more
 

In WinDBG, use the .shell command to search for the string summary: For me, one of the most useful commands when using WinDGB is the .shell command. The Debugging Tools For Windows help file says: .shell command can load a shell process , And redirect its output to debugger, or redirect to a specified file. So why do I think loading a shell process will help daily work? The simplest and most commonly used function of loading a shell process is to search for strings. You may think, why not...Read more
 

SOS help output summary: SOS is a debugger extension DLL, its design goal is to help us debug managed programs. The following commands are arranged by category, and then roughly in order of importance. Taken from the help output of Windbg !helpRead the full text
 

Summary of the command list of SOS.dll used in WinDbg.exe: SOS Debugging Extension (SOS.dll) can help you debug managed programs by providing CLR internal environment information in WinDgb.exe and Visual Studio. Here is the command list It is not found in WinDbg's help. Listed below, for reference. Command Description BPMD [<module name> <method name>] [-m...Read more
 

Take a look at the actual combat summary of DUMP: Command: .sympath srv*d:\symcache*\\symbols\symbols Explanation: The .sympath command changes the default path of the host debugger for symbol search. Command: .reload /f ntdll. dll explanation: The .reload command deletes all s...Read more
 

How to use WinDBG to debug a 32bit .NET application on an x64 machine Summary: Encountered an error: The call to LoadLibrary(C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sos) failed, Win32 error 0n193 Search found the following articles, the main points are displayed as follows. Unfinished... Original address: How to use Windbg to debug a dump of a 32bit .NET app run...Read more
 

Deferred Symbol Loading Abstract: By default, the symbol information is not actually loaded when the target module is loaded. Instead, the symbol is loaded when the debugger needs it. This is called deferred symbol loading or lazy symbol loading. When this option is enabled, the debugger will load symbols whenever it encounters a symbol that it does not recognize. From: Debugging ...Read more
 

Automatically grab a DUMP file summary when the process crashes: In the following situations, you need to use this technique: 1. There is a problem in the production environment, we need to grab the dump file and debug online. 2. A lot of running Test, when one of them crashes, you don’t want to interfere with the entire test action at runtime, you only need to collect some test information. 3. The problem cannot be reproduced after connecting to the debugger. Simply put, you want to have the least impact on the environment Under the premise, grab as much information as possible. In order to meet this demand, the best way is to configure just-in-...Read more
 

Summary of basic knowledge about DUMP: What is a memory dump file, that is, dump? ==================== When a memory dump file is a process or system in a certain A snapshot of a given time. There are many types of dump files, and different types of dump files contain inadequate data. User mode memory dump files VS kernel mode memory dump files =========== =========== If you grab a dump file of a process, then you grab a user-mode dump file. If you grab the entire system memory d...Read more
 

Symbol Abstract: Symbol can contain some of the following information: global variables, local variables, function names, parameter structures, source code line numbers. There are three types of Symbol export symbols that are part of the dll itself. For example, ntdll.dll and kernel32.dll expose a lot Some of their functions, so that they can be called like APIs, but most dlls have very few exported symbols. Generally, export symbol...Read more
 

ADPlus Summary: What is ADPlus? =============== ADPlus is a Microsoft Product Support Services (PSS) tool that can be used to troubleshoot any process or application stop responding (hang) , Or crash error. Frequently, you can use ADPlus (ADPlus.vbs) as Microsoft Internet Information Server (IIS)...Read more
 

First chance exceptions and Second chance exceptions Abstract: Each type of exception (such as access violation or stack overflow) can be used as First chance exceptions (the first chance exception) or Second chance exceptions (the second chance exception) Raised to the debugger. By definition, First chance exceptions are non-fatal exceptions unless they are not handled correctly by the error handler. If it is not handled correctly by the error handler, it will be treated as a second chance...Read more
 

Some link abstracts about catching DUMP: Comparison of Debug Diagnostic Tool and WinDBG In this article, the difference between the two is compared, and some simple usages are introduced, such as how to catch hung dump and crash dump. http://blogs. msdn.com/tess/archive/2008/05/21/debugdiag-1-1-or-windbg-which-one-should-i-use-and-how-do-i-...Read more
 

Overview of WinDBG Commands (Part 2)-Summary of Extended Commands: Extension Commands are used to implement debugging functions for specific debugging targets. Unlike standard commands and meta-commands that are built-in in WinDBG program files, extended commands are implemented dynamically In the loaded extension module (DLL). Using WinDBG SDK, users can write extension modules and extension commands by themselves. The WinDBG package contains commonly used extension command modules. Stored in the following subdirectories. NT4CHK: The debugging target is Windows NT 4.0 chec...Read more
 

WinDBG command overview (medium)-Meta-command summary: Meta-Command is used to provide common debugging functions that are not provided by standard commands. Like standard commands, meta-commands are also built into the debugger engine or WinDBG program files All meta-commands have started with a dot (.), so meta-commands are also called Dot Commands. According to their functions, meta-commands can be divided into the following categories. Display and set debugging session and debugger options. Use. For symbol options. symopt- Set Symbol Options is used for symbol path...
 

Overview of WinDBG Commands (Part 1)-Summary of Standard Commands: Most of the functions of WinDBG work in command mode. This series will introduce the three types of commands of WinDBG, standard commands, meta commands and extended commands. Standard commands ====== ========= Standard commands are used to provide basic debugging functions applicable to all debugging targets. All basic commands are implemented in WinDBG, and there is no need to load any extension modules when executing these commands. Most standard commands It is one or two characters or symbols, except for a few commands such as version. The first character of a standard command is regardless of size...
 

Classic thread deadlock Abstract: The code example is as follows: public class TestDeadLock implements Runnable{ public int flag = 1; static Object S1 = new Object(), S2=new Object(); public void run() {System.out.println("flag="+flag); if(flag==1 ) {synchro...
 

Summary of information that needs to be paid attention to in the Crash dump: Crashes all occur in a certain function, and 95% of crashes are caused by one of the following two situations: The function that crashed received the wrong parameter. Occurred The crash function uses damaged internal data. The execution of the code is the process of changing the data. For the same piece of code, in the same environment, if the data used is the same, then the result of the execution must be unique. If The function crashes, so the data used must be different from the ideal situation. The data source used by the function: First, the function passed in...
 

Summary of basic information that can be obtained through a simple dump: If there is a dump of the error program, even if the dump is not obtained at the right time, useful information can be analyzed. Use vertarget to check the system version and how long the system has been running. Passed! Peb view the environment variables. Since many third-party software are used to adding their own paths to the environment variables, there are many times to see some installed software. At the same time, you can also see the DLL loaded by the current process and the corresponding path When checking the DLL and the corresponding path, you can focus on the following items: Is there an antivirus program...
Windbg(2)