How can I extract DLL file from memory dump?
I have a memory dump (unmanaged process) . How can I extract (using windbg) one of the dlls loaded into the process ? I mean actually saving the dll file into the disk ...
windbg
Analysing crash dump in windbg
Hi, I am using a third party closed source API which throws an exception stating that "all named pipes are busy". I would like to debug this further (rather than just stepping through) so I can actually learn what is happening under the covers. I have taken a dump of this process using WinDbg. What commands should I now use to analyse...
Question about using windbg for a dll called from Labview
I am attempting to debug a dll that is called by a Labview application. I have the right symbol files (downloaded from microsoft) for things like ntdll.dll and others. I of course also have the pdb file for my DLL. What I don't have, obviously, is any symbol files for labview; since as far as I know National Instruments does not release....
WinDbg showing different call stacks when attached to process when compared to crash dump
I'm analysing a deadlock that's occurring when using a native library alongside managed code. I'm using WinDbg to debug the problem with the intention of saving a dump such that the vendor might observe the issue on their premises. When attaching to the problematic process I see the following message before any call stacks: WARNING...
WinDbg doesn't load symbol file that is created using the same source but built at a differnt time than the original
Hi, We released a product (C#.NET library) and didn't store the pdb file of the library, assuming that we can always generate symbol files using the same source code. Now, we want to analyze crash dump (mini dump) file of an application that is using our library. Since we didn't store the pdb file, I created a new one using the same s...
Debugging high cpu usage
So I have an issue on our production environment where 2 threads have been running for like 9 hours and 5 hours and they are causing the cpu usage to stay around 99% I've included the stack trace from !Clrstack and kb 2000 I've been trolling around google and etc... forever and I can't find anything that helps me figure out what these t...
How do I get specific versions of the .NET runtime for use in windbg?
I am debugging an old process dump from one of our servers. It was created about a month ago. To work with SOS, I need version 2.0.50727.4016 of mscorwks.dll and mscordacwks.dll for the AMD64 architecture. Is there some official place to get these dlls? I found one question on StackOverflow that somewhat addresses the issue, but the sol...
Tips for debugging a made-for-linux application on windows?
I'm trying to find the source of a bug I have found in an open-source application. I have managed to get a build up and running on my Windows machine, but I'm having trouble finding the spot in the disassembly where the issue is. I have tried three different debuggers (WinDbg, OllyDbg, and VisualStudio) and each pretty much gives me th...
What does "Eclipsed" mean in WinDbg?
In the "Locals" window of WinDbg there are several names with the value <Eclipsed>. In some cases the same name exists multiple times which one real value and the others are shown as <Eclipsed>. What does that mean and why is this word used? Is it some kind of technical term? ...
Unable to debug the kernel driver using Serial cable
I am new to driver stuff. I have tried to debug the kernel driver using serial COM port without success. Could someone show me proper direction how to fix the problem? I am seeing the following messages on kd console. ERROR: DavReadRegistryValues/RegQueryValueExW(4). WStatus = 127 ERROR: DavReadRegistryValues/RegQueryValueExW(5). WSta...
Registry key for Install update and hotfix information on windows 7
Hi All, I am working on windows 7 support. In my application I want to gather installed updates and patches. Currently I am gathering it from WIn32_QuickFixEngineering. But it is not giving information for InstalledSDate , Description. I need to get this either from registry or API (C++ application). In other operating system like XP,...
WinDbg .for loop
I am having trouble getting the WinDbg .for command to work. I would like to dump an array of c++ structs. ?? gpTranData->mpApplCodes[0] works for a single entry but I would like to loop through n of these. .for ($t0=0;$t0<(gpTranData->miApplCodeCount);$t0++){ ?? &gpTranData->mpApplCodes[$t0] } sound logical to me but I get Numeri...
No managed thread in dump created by orphaning IIS application pool of 64 bit ASP.NET
I need to find reason for Event ID 2262, Deadlock Detected of our ASP.NET application (64bit). It happens 1-3 times per day on our development server. I created mini dump with full memory by orphaning the Application Pool as is described here: http://support.microsoft.com/kb/828222 I opened the dump with windbg and tried to find some m...
how to use windbg find out SqlConnection.ConnectionString?
I can use "!do" to dump the SqlConnection instance but not sure how to find out its ConnectionString: 0:018> !do 2fa7730 Name: System.Data.SqlClient.SqlConnection MethodTable: 000007fef4455968 EEClass: 000007fef42b6530 Size: 104(0x68) bytes (C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll) Fields: ...
Process memory increases much faster with gflags +ust
Hello all! I've got stuck in a problem with gflags when trying to find some memory leaks in a windows app. When I turn on the ust flag (in order to collect memory allocations stack traces) the memory of my application increases much faster than it does when the flag is off (it reaches to 800MB in 10 min aprox. which is far from the 50-1...
What does the +0x10 mean next to function addresses in WinDbg SOS exception stacks?
Example: InnerException: StackTrace (generated): SP IP Function 003D8E9C 03B21BD7 Something!Blah.Blah.FunctionName(System.String)+0xa8 What does the +0xa8 part indicate? ...
In windbg, How to set breakpoint on all functions in kernel32.dll ?
I want figure out the call sequence and functions to kernel32.dll in a function example() in example.DLL. In windbg, how to set breakpoint on all functions in kernel32.dll? I tried bm kernel32!* , but seems not work. ...
mscorjit overlaps mscoree when using windbg
Loading Dump File [C:\Crash_Mode__Date_12-05-2009__Time_15-54-2727\PID-4056__CCNET.EXE__1st_chance_Process_Shut_Down__full_13d0_2009-12-06_00-33-14-734_0fd8.dmp] User Mini Dump File with Full Memory: Only application data is available Comment: '1st_chance_Process_Shut_Down_exception_in_CCNET.EXE_running_on_TEST218' Symbol search path is...
WinDbg stacktrace shows wrong values for function arguments (KP command)
I am debugging a minidump in WinDbg and the Visual Studio 2005 debugger and they produce different results. WinDbg gets it wrong When doing KP in WinDbg, the relevant part of the stacktrace is: 0bb6ef30 0a4a25b8 MyModule!SomeClass::methodB( void * buffer = 0x05d8d800, int bufferLen = 1797233953, ...
WinDbg and Intel Visual Fortran
Has anyone used WinDbg to debug an Intel Visual Fortran routine? If I have the Fortran source file that crashes with an AccViol, how can I use WinDbg to determine the line that is crashing? ...