Tagged Questions
0
votes
0answers
9 views
Debug program Nexus Mod Manager with WinDbg
I'm tried to debug a program that I use called Nexus Mod Manager. This is not my own authored program. I'm having issues getting support from the author and I have been trying to figure out what the ...
1
vote
1answer
35 views
Crash Debugging Win32 Application
I'm spending lot of time doing crash debugging of Win32 apps. One thing i'm very curious to know about is, How to find whether any address belongs to stack / heap or program code section. Is there any ...
5
votes
1answer
39 views
In Windbg, how can I list the values of an enumeration while debugging?
Usually, enum values are simple compiler-incremented values or are set directly to an integral literal, and so the values can be deduced easily or seen directly by looking at the source file.
...
5
votes
1answer
75 views
What can WinDbg tell me that Visual Studio can't?
I'm still a relative novice with C++, and I've run into a problem with at third-party DLL that I'm statically linking to from my native C++ DLL. I'm using Visual Studio 2012 to debug my DLL.
(FWIW, ...
1
vote
1answer
40 views
When Kernel Debugging - Find The Page Protection of a User Mode Address
While kernel debugging a windows (XP SP3) machine,
I would like to find the page protection of a user mode address (actually just to check if it's a No-Execute page).
The extension !vprot (which does ...
0
votes
3answers
39 views
Windbg, how to show more code?
I am new to using windbg, I normally use debuggers such as ollydbg or dissassemblers such as ida pro. However, I am wanting to debug 64 bit assembly code.
In ollydbg and ida pro's interface, it will ...
2
votes
0answers
26 views
What does “internal” mean in windbg “!heap -a” output [duplicate]
I am using windbg command "!heap -a " to check the memory status, and get the following results.
what does internal mean at the end of this entry "00d168f0: 03d20 . 06b48 [101] - busy (6b40) ...
0
votes
1answer
50 views
Windbg “Processes and Threads” window doesn't change context when kernel debugging
My "Processes and Threads" window is stuck on 000:f0f0f0f0 ntkrnlpa.exe.
I tried changing the context in various ways, none of which affected the window.
My actions:
kd> !process 0 0 notepad.exe
...
0
votes
0answers
37 views
Is it possible to analyze windows message queue from a crash dump?
My application once crashed because of windows message queue limit was exceeded. This bug is very hard to reproduce. How do I analyze windows message queue contents from a crash dump?
1
vote
1answer
47 views
WinDBG debugging a C++ /CLI module
I'm trying to use WINDBG to debug a C++/CLI module loaded in some application (Autodesk Revit). The problem is that the breakpoints set in unmanaged class methods are not hit. I have this class :
...
0
votes
2answers
105 views
How could it happen? (in debugging minidump file)
I'm tracing dmp file which seems like crashed calling virtual function of broken object instance.
it seems that vft of the broken object pointer pointed wrong address(0x3822a497) and program crashed ...
0
votes
0answers
48 views
dbghelp.dll has a version mismatch with the debugger
I have been getting the following error while trying to open the crash dump file in the WinDbg....
I am using 64bit version and having windows 7 OS.
versionof the WinDbg is 6.11
Error:
"dbghelp.dll ...
0
votes
2answers
74 views
detatch windbg kernel debugger & keep target running
Consider below scenario:
I have setup debug over serial port on a windows 7 system.
On another machine, I have installed windbg & connected serial cable between them.
When I start the target ...
0
votes
1answer
49 views
When windows releases threads?
Our product consumes a lot of windows resources, such as socket handles, memory, threads and so on. Usually there are 700-900 active threads, but in some cases product can rapidly create new threads ...
0
votes
0answers
53 views
Windbg remote debugging a user mode dll
I have a usermode dll that's loaded from a kernel driver that I want to debug on machine B. The symbols are on machine A, which is connected to machine B via 1394.
What's the best way to go about ...
3
votes
2answers
104 views
Crash dump with unknown origin
I have my application crashing with following CallStack on the error (from WinDbg):
ntdll!ZwWaitForMultipleObjects+0xa
KERNELBASE!WaitForMultipleObjectsEx+0xe8
...
0
votes
1answer
92 views
using windbg for monitoring a memory leak
Monitoring a memory leak using WinDbg ? I am looking for a way to get a deeper stack-trace using !htrace (!htrace enable --> !htrace -snapshot --> !htrace -diff) to nail down a MEM leak we are having. ...
1
vote
1answer
158 views
WinDbg: Version mismatch of dbghelp.dll when trying to attach to a process
Over a year ago I already used WinDbg and DebugDiag to find a memory leak in a JNI native DLL that we use from within Java. Now I am searching for a thread handle leak.
I created a memory dump using ...
1
vote
1answer
141 views
Windbg !heap -stat -h command How to get more than 20 entries
I am looking into a heap, which has many few allocations and number of entries are much more than 20, which is the default of !heap -stat -h command. For example, if you see below, the numbers don't ...
2
votes
0answers
70 views
Windbg _imp__xxx symbol's address seems to be dereferenced using the data segment register
I am learning Windbg. And for practice, I am debugging a 64bit fre app that create a process.
I added a breakpoint on CreateProcess (bp KERNEL32!CreateProcessWStub)
When the breakpoint is hit, I ...
0
votes
1answer
142 views
How to analyze exception after Chrome Aw Snap using windbg
I keep having "Aw Snap" in my web application. Using windbg and with the help of How do I debug a tab crash in Google Chrome I tried to figure out the problem.
Step I've done so far:
Got a .dmp ...
google-chrome
0
votes
0answers
109 views
windbg C# source level debugging and single step run
As we know, one can use windbg do source level debugging for C/C++, but is there a way for using windbg do source level debugging for C#? Using sos.dll command we can do some basic works, but for C# ...
0
votes
0answers
106 views
Nonsensical windbg thread output (symbols loaded correctly)
I have a project that uses Java to do GUI and C++ to do computations, connected via JNI. I have a deadlock in the app that manifests itself after 3+ hours. I thought I would debug using WinDBG. So I ...
0
votes
1answer
104 views
Application crash on start without exception raised
I am trying to track what causes my application to crash on start when launched from production. When launched from debug in Visual Studio, this C#/.NET windows application starts without any problem, ...
0
votes
0answers
55 views
Debug running Windows application
I am trying to debug a running x64 application on Windows using WinDbg.
I successfully attached the debugger to the program but it seems that I cannot follow any thread created by this application.
...
3
votes
1answer
111 views
What does it mean by “Followup: MachineOwner”?
The following message is copied from WinDBG's output window:
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, 8f9ec9f8, 8f9ec5d0, 87c4fccc}
Probably caused by : Ntfs.sys ...
3
votes
2answers
484 views
Windbg expects different version of mscordacwks.dll
I'm having a very strange issue in trying to debug a minidump file using windbg.
I've tried this both on my own machine & by running windbg on the target machine from where the minidump was taken ...
0
votes
1answer
51 views
Extracting binary name from PDB file
I am working on a project where I need to extract binary name information from a pdb(program database information) file. Earlier I thought that I will be able to do it as:
hr = ...
0
votes
1answer
191 views
How do I create a full memory dump to a remote machine?
I want to take a full physical memory dump of a remote machine.
What is the easiest way to achieve this goal?
2
votes
1answer
192 views
Stepping into MFC source code with Windbg
What settings do I need to set in Windbg to be able to step into/through MFC source code like I can with Visual Studio?
1
vote
1answer
96 views
Getting the type by address in WinDbg
Suppose I have an address of some object placed in unmanaged heap. How can I get the C++ type of the object in WinDbg?
1
vote
1answer
190 views
what does “BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_READ_AFTER_CALL” mean in windbg !analyze -v output
I try to analyze the crash dump file by using windbg, and type the extension command to get some basic analysis result "!analyze -v", and get the result as follow:- (I only pasted part of the info ...
1
vote
2answers
166 views
why get “first/second chance not available” in the core dump
I use windbg to debug the crash dump, in the following output from the windbg, you can see that "first/second chance not available", Why the first/second chance not available here? what does this ...
1
vote
1answer
89 views
WinDbg Unresponsive After Crash
I am debugging a driver in a VirtualBox VM, with WinDbg attached to the target via COM port exposed to the host as a named pipe.
Debugging works fine - I can pause the target, set breakpoints, step ...
2
votes
1answer
197 views
Advanced .NET Debugging
I'm reading Advanced .NET Debugging book and I like it very much. However I have some problems with the examples. I would really appreciate if someone that has read it helped me.
I have two ...
0
votes
0answers
236 views
Kernel debugging Windows 7 through serial port
I have debugged drivers on VM (pipe connection) with Windows 7. Now I want to debug a driver in a laptop with Windows 7 (x64) but the WinDbg keeps waiting forever for the connection:
Microsoft (R) ...
3
votes
0answers
94 views
WaitForDebugEvent() API on .NET application
I have a launcher application that creates a process and monitors it with the WaitForDebugEvent/ContinueDebugEvent API functions. That application is written i C++ and it works fine for the unmanaged ...
10
votes
2answers
482 views
ASP.NET Hang - Generic Dictionary concurrency issues causes GC deadlock
In the last month our ASP.NET web app has stopped responding to requests and we have had to reset the app pool to get it back up.
We are having trouble identifying the exact cause of the issue, as ...
0
votes
0answers
139 views
Can't get Windbg to load symbols
I'll admit to being completely new to Windbg so hopefully this is a noobish question that I couldn't find the answer for on the internet.
Anyways, here is my symbol path: ...
0
votes
0answers
94 views
Getting each step in windbg during execution
I'm trying to get each step that was done between 2 addresses (or until a breakpoint is reached).
I know that PA does what I need but I want it to get the output from ALL the threads and not just the ...
1
vote
1answer
134 views
Windbg, how to check memory segment permission?
For example output stack as non-executable, some heap is executable/non-executable..
0
votes
1answer
147 views
High committed memory but small heap size
One of my app is reported to be using 5 gigs memory, when i took the dump of the process and analyze in windbg, i can see that the total committed size is 5 gigs as was reported, but then the total ...
1
vote
0answers
101 views
What are the consequences of unregistering MSOXMLMF.DLL
Got a weird crash (access violation) where an address is “called” in MSOXMLMF while, accoring to windbg, the library is not (more) loaded on the moment of the “call”.
Note: the "call" is a return to ...
2
votes
0answers
73 views
Need help trying to replicate Microsoft steps in WinDBG [closed]
We sent this dump to MS and they sent us back these results. I am trying to replicate this so that we can find out why the web app crashed on a different server. My comments start with @@@. Any help ...
1
vote
1answer
173 views
Disassemble unloaded module
Got a stack trace that ends in an unloaded module. To make sure the stack makes sense I would like to disassemble the unloaded module (in other to check whether a call can start on the address given ...
3
votes
1answer
112 views
view datetime method parameter using sos
How do I view a datetime that is being passed in as a parameter?
I found this example on the internet but I am having problems understanding it? I dont see where they use the output from clrstack at ...
1
vote
1answer
125 views
Debugging Windows XP kernel using 1394 connection
Host: Windows 7 x64
Guest: Windows XP SP3 x86
I got 2 PCI firewire cards on both ends (SIIG 1394 installed as Texas Instruments OHCI Compliant IEEE 1394 Host Controller).
On Windows XP I added the ...
1
vote
2answers
104 views
Patch an executable file
In short
What would be the easiest way to make sure that the high word of ecx contains 0 by replacing following instruction in the exe file?
004044be 0fbf4dfc movsx ecx,word ptr [ebp-4]
...
0
votes
0answers
117 views
0x80004005 Exception when opening dump file in Windbg [closed]
On opening any dump file in windbg I get the prompt "Failure when opening file .dmp HRESULT 0x80004005 It may be corrupt or in a format not understood by debugger" and then the debugger window closes. ...
1
vote
2answers
168 views
WinDbg break on button click
Imagine an application that displays a button: OK. Is it possible to break the execution of the program and view the disassembly using WinDbg, right after the button has received a click? How would I ...
