WinDbg: Difference between revisions
Thumperward (talk | contribs) formatting: 2x whitespace (using Advisor.js) |
|||
Line 31: | Line 31: | ||
==Coupling with Virtual Machines== |
==Coupling with Virtual Machines== |
||
WinDbg allows debugging [[Microsoft Windows]] kernel running on a [[VMware]] or [[Windows Virtual PC|VPC]] virtual machine using a [[Named pipe]]. This can be achieved by using a [[Virtuality|virtual]] [[COM port]]. In the case of VMware or VirtualBox, the [[VirtualKD]] extension adds native support for VM debugging to [[Microsoft Windows|Windows]] kernel. |
WinDbg allows debugging [[Microsoft Windows]] kernel running on a [[VMware]] or [[Windows Virtual PC|VPC]] or [[Parallels]] virtual machine using a [[Named pipe]]. This can be achieved by using a [[Virtuality|virtual]] [[COM port]]. In the case of VMware or VirtualBox, the [[VirtualKD]] extension adds native support for VM debugging to [[Microsoft Windows|Windows]] kernel. |
||
==!analyze== |
==!analyze== |
Revision as of 08:18, 3 August 2012
Developer(s) | Microsoft |
---|---|
Stable release | 6.12.2.633
/ February 26, 2010 |
Operating system | Microsoft Windows |
Type | Debugger |
License | Commercial |
Website | WinDbg at microsoft.com |
WinDbg is a multipurposed debugger for Microsoft Windows, distributed on the web by Microsoft. It can be used to debug user mode applications, drivers, and the operating system itself in kernel mode. It is a GUI application, but has little in common with the more well-known, but less powerful, Visual Studio Debugger.
WinDbg can be used for debugging kernel-mode memory dumps, created after what is commonly called the Blue Screen of Death which occurs when a bug check is issued. It can also be used to debug user-mode crash dumps. This is known as Post-mortem debugging.
WinDbg also has the ability to automatically load debugging symbol files (e.g., PDB files) from a server by matching various criteria (e.g., timestamp, CRC, single or multiprocessor version). This is a very helpful and time saving alternative to creating a symbol tree for a debugging target environment. If a private symbol server is configured, the symbols can be correlated with the source code for the binary. This eases the burden of debugging problems that have various versions of binaries installed on the debugging target by eliminating the need for finding and installing specific symbols version on the debug host. Microsoft has a public symbol server that has most of the public symbols for Windows 2000 and later versions of Windows (including service packs).
Recent versions of WinDbg have been distributed as part of the free Debugging Tools for Windows suite, which shares a common debugging engine between WinDbg and command line debuggers like KD, CDB, and NTSD. This means that most commands will work in all alternative versions without modification, allowing users to use the style of interface with which they are most comfortable.
Extensions
WinDbg allows the loading of extension DLLs that can augment the debugger's supported commands and allow for help in debugging specific scenarios: for example, displaying an MSXML document given an IXMLDOMDocument, or debugging the Common Language Runtime (CLR). These extensions are a large part of what makes WinDbg such a powerful debugger. WinDbg is used by the Microsoft Windows product team to build Windows, and everything needed to debug Windows is included in these extension DLLs.
Extension commands are always prefixed with !.
While some extensions are used only inside Microsoft, most of them are part of the public Debugging Tools for Windows package.
The extension model is documented in the help file included with the Debugging Tools for Windows.
Coupling with Virtual Machines
WinDbg allows debugging Microsoft Windows kernel running on a VMware or VPC or Parallels virtual machine using a Named pipe. This can be achieved by using a virtual COM port. In the case of VMware or VirtualBox, the VirtualKD extension adds native support for VM debugging to Windows kernel.
!analyze
The most commonly-used extension is !analyze -v, which analyzes the current state of the program being debugged and the machine/process state at the moment of crash or hang. This extension is often able to debug the current problem in a completely automated fashion.
When used without any switches, !analyze simply returns the results of its analysis. The -v and -vv give further details about that analysis.
SOS
SOS is an extension that allows the debugging of .NET code. Psscor2 and Psscor4 is a superset of SOS.
Psscor2
Psscor2 is a Windows Debugger extension used to debug .NET Framework (versions 2-3.5) applications.
Psscor4
Psscor4 is a Windows Debugger extension used to debug .NET Framework 4 applications
External links
- Getting Started: Install Instructions, Part 1, Part 2
- Debugging Tools for Windows - information and free downloads
- WinDbg. From A to Z! - Theory and examples, 111 slides
- Common WinDbg Commands (Thematically Grouped)
- Tutorial on solving system crashes using WinDbg
- Symbols loading in WinDbg
- Windows Debuggers: Part 1: A WinDbg Tutorial
- KD extension for fast VMWare and VirtualBox debugging
- SOS Debugging Extension (SOS.dll)
- [1] WinDBG v6.12.2.633 available via Windows Driver Kit Version 7.1.0
- Extension for python scripting (pykd)