We received crash dump from customer site. I see that in one of the structures o nstack __vfptr is NUL. Does it always point to problematic condition (memeory overrun, deleting object twice...) or is there case where this pointer can be null. ...
I am trying to debug some COM components and want to track down CLSID and IIDs in calls to CoCreateInstance. I am not sure how to display GUID in windbg. Any pointers for that. ...
How can I Save Output of a command in WinDbg to a Text File? ...
Three doubts 1) Suppose I get the call stack as below user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_CallWindowProcAorW@24() + 0x51 bytes user32.dll!_CallWindowProcW@20() + 0x1b bytes Now what are the bytes mentioned at the end of each function? Like for f...
What is the proper way to undo windbg -I on vista/win7? Is it as simple as deleting the registry keys in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug? ...
I am trying to debug some win32API's like Createthread which returns a handle. How to get the return values in windbg? I did some research and found that return values generally stored in EAx register. If I put breakpoint on CreateThread then I can step into assembly of Createthread and ultimatelyw I will hit ret statement which means ...
I am debugging some Windows APIs and stack trace shows Unloaded_hext.dll. I am not able to find this DLL. Even if there are no symbols, WinDbg outputs this DLL name. Process monitor is unable to find this dll. Why is 'unloaded' prefixed? Is this done by WinDbg or are there any tricks? On running the lm command, I could see hext.dll in ...
I created a high memory utilization dump and using !dumpheap -stat and !dumpheap -mt I got the address of two large string generic list of 30 MB each. I want to know more about these lists. What they contain or which piece of code is using them. Is there a way to find them out? 0:000> !do 2b370038 Name: System.Object[] MethodTable: 7...
Is it possible to use WinDBG as a server (instead of Visual Studio Remote Debugger) and connect to it using Visual Studio? ...
Using ADPlus (in crash dump mode) to generate .dmp files. The final sequence of unhandled exceptions (that produce full memory dump files) is... 1st chance DLL unload: contains thread id's but doesn't contain the StackOverflowException (I wouldn't expect it to since at this point the exception hasn't been thrown yet). 1st chance Stacko...
I'd like to change the way some types are displayed using either 'dt' or '??' in a manner similar to how you can do that with autoexp.dat. Is there a way to do this? For example, I have a structure something like this: struct Foo { union Bar { int a; void *p; } b; }; And I've got an array of a few hundred o...
I have DLL running in IE context and it crashed on UnLoad under ApplicationVerifier. The error states that COM proxy was called from wrong context or in other words, COM object was accessed from a wrong apartment. A COM Proxy was called from the wrong context. 75a867c0 - Pointer to IID of interface being called on. 2 - ...
We had an incident in which I called Microsoft Support and they were able to use WinDBG to analyze one of my mini-dumps and identify the exact problem occurring. I WinDBG analyzed the same dump and could not get past the stack trace. I'm assuming I am unable to find the golden nugget because I'm ignorant, but Microsoft won't tell me what...
I'm using WinDBG occasionally to analyze problems in production environment, where VS cannot be installed. There's no doubt it's an extremely powerful tool, but using it is a bit annoying. Even though the product is frequently updated, its GUI goes back to the Win95 days or so, and its usability is accordingly. Having to fight the GUI to...
I have a problem where cdb or windbg hangs frequently, but not all the time, when I'm debugging with it and I attach to a specific application on my machine. I found this article: http://www.nynaeve.net/?p=164 which talks about a symbol loading race condition being the problem, but I can force load the symbols, actually have a breakpoin...
I want to get the windbg output data to a array,not by reading the log file .Is there any function? ...
First let me say I am a total WinDbn noob, so this might be an easy question... I have an application ("MyApp" - name changed to protect the innocent!) that I am trying to debug because it is throwing an exception. This only happens on user machines - I have not been able to reproduce it on my development machine. So I set up Debug...
The documentation on the SOS.dll Windbg extension seems sparse. After issuing a !gcroot <address>, I am getting something containing the following: DOMAIN(XXX):HANDLE(Pinned):XXX:Root:XXX(System.Object[])-> Does "HANDLE(Pinned)" really mean there is a GCHandle of type GCHandleType.Pinned that is rooting this object? ...
I am wondering if it is possible to use WinDbg to kwown the callstack that lead to the allocation of a handle. For example: #include <windows.h> #include <conio.h> #include <iostream> using namespace std; int _tmain(int argc, _TCHAR* argv[]) { cout << "Press ENTER to leak handles." << endl; _getch(); cout << "Leaking ha...
I am looking for a way to locate all current instances on the heap of types that implement a given interface (during WinDbg debugging that is). As interfaces are not types in the sense that you can create instances of an interface, they obviously do not show up when inspecting the heap. I.e. !dumpheap is of little help here. However, !d...