Brief Introduction to the Windows' Debugger #2

1. Brief Introduction to the Windows' Debugger
2.  
3. Windbg is from Debugging Tools For Windows.
4.  
5. Download and install Debugging Tools for Windows
6.  
7. http://msdn.microsoft.com/en-us/windows/hardware/hh852363
8.  
9. Install the Windows SDK but just choose the debugging tools.
10.  
11. Create a folder called Symbols in C:\
12.  
13. Start Windbg. File menu - Symbol File Path and enter
14.  
15. srv*C:\symbols*http://msdl.microsoft.com/download/symbols
16.  
17. then (for example)
18.  
19. windbg -o -g -G c:\windows\system32\cmd.exe /k batfile.bat
20.  
21. There is an automatic breakpoint set after loading but before any code runs and one at the end after all code has finished but
22.  
23. before being terminated. This allows you to examine memory etc before and after the code has run. Press g to continue.
24.  
25. You can press F12 to stop it and kb will show the call stack (g continues the program). If there's errors it will also stop and
26.  
27. show them. You may be able to press g to ignore and continue.
28.  
29.  
30.  
31. Type lm to list loaded modules, x *!* to list the symbols and bp symbolname to set a breakpoint
32.  
33. F12 - break into program
34. g - continue
35. p - Step
36. kb - list call stack
37. lm - list loaded modules
38. x *!* - list all symbols
39. ln <address> - lists the nearest symbols to that address - used when you have a crash address
40. bp symbolname - sets a breakpoint
41. da <address> - displays the ascii data found at that address
42. dda <address> - displays the value of the pointer
43. dv - display local variables
44. kv 10 - displays last 10 stack frames
45.  
46. -----------------------------------------------------------------
47.  
48. If programming in VB6 then this environmental variable link=/pdb:none stores the symbols in the dll rather than seperate files.
49.  
50. Make sure you compile the program with No Optimisations and tick the box for Create Symbolic Debug Info. Both on the
51.  
52. Compile tab in the Project's Properties.
53.  
54. Also CoClassSyms (microsoft.com/msj/0399/hood/hood0399.aspx) can make symbols from type libraries.
55.  
56. -----------------------------------------------------------------
57.  
58. WinDbg can also analyse Blue Screen Crash Dumps (and indeed application crash dumps).
59.  
60. Dump Files
61.  
62. Dump files are files containing the state of the machine when it crashed. We can analyse the file to identify the driver (or
63.  
64. program) causing the crash. See the last section on how to get them analysed by a volunteer.
65.  
66. Analyse Dump Files
67.  
68. If you want to analyse your own dump files.
69.  
70. You need to start Explorer as Administrator to access the files in C:\windows\Minidump. Right click Explorer and choose Run
71.  
72. As Administrator.
73.  
74. Download and install Debugging Tools for Windows
75.  
76. http://msdn.microsoft.com/en-us/windows/hardware/hh852363
77.  
78. Install theWindows SDK but just choose the debugging tools.
79.  
80. Create a folder called Symbols in C:\
81.  
82. Start Windbg. File menu - Symbol File Path and enter
83.  
84. srv*C:\symbols*http://msdl.microsoft.com/download/symbols
85.  
86. Close and reopen WinDbg. File menu - Open Crash Dump
87.  
88. This will analyse the crash dump. You need to close and reopen WinDbg for each dump file analysed. Because you are
89.  
90. downloading symbols from the internet WinDbg will appear to be doing nothing. But it's downloading. Be patient.
91.  
92. You are looking for a driver or system library that the crash occurred in at the end of the listing. Find the file, right click then
93.  
94. Properties - Details tab. If it shows a driver you'll need to update the driver identified. Most drivers are in c:\windows
95.  
96. \system32\drivers.
97.  
98.  
99. .