windbg

__vftptr is NULL

We received crash dump from customer site. I see that in one of the structures o nstack __vfptr is NUL. Does it always point to problematic condition (memeory overrun, deleting object twice...) or is there case where this pointer can be null. ...

Can I display GUID in windbg?

I am trying to debug some COM components and want to track down CLSID and IIDs in calls to CoCreateInstance. I am not sure how to display GUID in windbg. Any pointers for that. ...

windbg: Command output to text file

How can I Save Output of a command in WinDbg to a Text File? ...

call stack and disassembly doubt.

Three doubts 1) Suppose I get the call stack as below user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_CallWindowProcAorW@24() + 0x51 bytes user32.dll!_CallWindowProcW@20() + 0x1b bytes Now what are the bytes mentioned at the end of each function? Like for f...

How do I stop windbg from being the interactive debugger?

What is the proper way to undo windbg -I on vista/win7? Is it as simple as deleting the registry keys in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug? ...

How to get return value from a function in windbg?

I am trying to debug some win32API's like Createthread which returns a handle. How to get the return values in windbg? I did some research and found that return values generally stored in EAx register. If I put breakpoint on CreateThread then I can step into assembly of Createthread and ultimatelyw I will hit ret statement which means ...

WinDbg using known module

I am debugging some Windows APIs and stack trace shows Unloaded_hext.dll. I am not able to find this DLL. Even if there are no symbols, WinDbg outputs this DLL name. Process monitor is unable to find this dll. Why is 'unloaded' prefixed? Is this done by WinDbg or are there any tricks? On running the lm command, I could see hext.dll in ...

I got the address of a large managed object in WinDbg, what next?

I created a high memory utilization dump and using !dumpheap -stat and !dumpheap -mt I got the address of two large string generic list of 30 MB each. I want to know more about these lists. What they contain or which piece of code is using them. Is there a way to find them out? 0:000> !do 2b370038 Name: System.Object[] MethodTable: 7...

Remote debugging with visual studio and WinDbg server

Is it possible to use WinDBG as a server (instead of Visual Studio Remote Debugger) and connect to it using Visual Studio? ...

Windbg Thread ID After StackOverflow And Process Shut Down

Using ADPlus (in crash dump mode) to generate .dmp files. The final sequence of unhandled exceptions (that produce full memory dump files) is... 1st chance DLL unload: contains thread id's but doesn't contain the StackOverflowException (I wouldn't expect it to since at this point the exception hasn't been thrown yet). 1st chance Stacko...

does cdb/windbg have an equivalent to autoexp.dat?

I'd like to change the way some types are displayed using either 'dt' or '??' in a manner similar to how you can do that with autoexp.dat. Is there a way to do this? For example, I have a structure something like this: struct Foo { union Bar { int a; void *p; } b; }; And I've got an array of a few hundred o...

How can I get a list of COM apartments for a process from WinDBG

I have DLL running in IE context and it crashed on UnLoad under ApplicationVerifier. The error states that COM proxy was called from wrong context or in other words, COM object was accessed from a wrong apartment. A COM Proxy was called from the wrong context. 75a867c0 - Pointer to IID of interface being called on. 2 - ...

WinDBG Dump Analysis without symbols

We had an incident in which I called Microsoft Support and they were able to use WinDBG to analyze one of my mini-dumps and identify the exact problem occurring. I WinDBG analyzed the same dump and could not get past the stack trace. I'm assuming I am unable to find the golden nugget because I'm ignorant, but Microsoft won't tell me what...

Are there any WinDBG replacements with a better GUI?

I'm using WinDBG occasionally to analyze problems in production environment, where VS cannot be installed. There's no doubt it's an extremely powerful tool, but using it is a bit annoying. Even though the product is frequently updated, its GUI goes back to the Win95 days or so, and its usability is accordingly. Having to fight the GUI to...

windbg/cdb hangs when bp hit

I have a problem where cdb or windbg hangs frequently, but not all the time, when I'm debugging with it and I attach to a specific application on my machine. I found this article: http://www.nynaeve.net/?p=164 which talks about a symbol loading race condition being the problem, but I can force load the symbols, actually have a breakpoin...

How to get the windbg command output into a array? Not by reading the logfile.

I want to get the windbg output data to a array,not by reading the log file .Is there any function? ...

WinDbg not showing useful information

First let me say I am a total WinDbn noob, so this might be an easy question... I have an application ("MyApp" - name changed to protect the innocent!) that I am trying to debug because it is throwing an exception. This only happens on user machines - I have not been able to reproduce it on my development machine. So I set up Debug...

Windbg: SOS.dll: !gcroot: DOMAIN(xxx):HANDLE(Pinned):Does it really mean object is pinned?

The documentation on the SOS.dll Windbg extension seems sparse. After issuing a !gcroot <address>, I am getting something containing the following: DOMAIN(XXX):HANDLE(Pinned):XXX:Root:XXX(System.Object[])-> Does "HANDLE(Pinned)" really mean there is a GCHandle of type GCHandleType.Pinned that is rooting this object? ...

Where was handle allocated?

I am wondering if it is possible to use WinDbg to kwown the callstack that lead to the allocation of a handle. For example: #include <windows.h> #include <conio.h> #include <iostream> using namespace std; int _tmain(int argc, _TCHAR* argv[]) { cout << "Press ENTER to leak handles." << endl; _getch(); cout << "Leaking ha...

How to find all instances of types that implement a given interface during debugging

I am looking for a way to locate all current instances on the heap of types that implement a given interface (during WinDbg debugging that is). As interfaces are not types in the sense that you can create instances of an interface, they obviously do not show up when inspecting the heap. I.e. !dumpheap is of little help here. However, !d...