Informational Posts
Brief Introduction to the Windows' Debugger
Windbg is from Debugging Tools For Windows.
Download and install Debugging Tools for Windows
http://msdn.microsoft.com/en-us/windows/hardware/hh852363
Install the Windows SDK but just choose the debugging tools.
Create a folder called Symbols in C:\
Start Windbg. File menu - Symbol File Path and enter
srv*C:\symbols*http://msdl.microsoft.com/download/symbols
then (for example)
windbg -o -g -G c:\windows\system32\cmd.exe /k batfile.bat
There is an automatic breakpoint set after loading but before any code runs and one at the end after all code has finished but before being terminated. This allows you to examine memory etc before and after the code has run. Press g to continue.
You can press F12 to stop it and kb will show the call stack (g continues the program). If there's errors it will also stop and show them. You may be able to press g to ignore and continue.
Type lm to list loaded modules, x *!* to list the symbols and bp symbolname to set a breakpoint
F12 - break into program
g - continue
p - Step
kb - list call stack
lm - list loaded modules
x *!* - list all symbols
ln <address>
- lists the nearest symbols to that address - used when you have a crash address
bp symbolname - sets a breakpoint
da <address>
- displays the ascii data found at that address
dda <address>
- displays the value of the pointer
dv - display local variables
kv 10 - displays last 10 stack frames
-----------------------------------------------------------------
If programming in VB6 then this environmental variable link=/pdb:none stores the symbols in the dll rather than seperate files. Make sure you compile the program with No Optimisations and tick the box for Create Symbolic Debug Info. Both on the Compile tab in the Project's Properties.
Also CoClassSyms (microsoft.com/msj/0399/hood/hood0399.aspx) can make symbols from type libraries.
-----------------------------------------------------------------
WinDbg can also analyse Blue Screen Crash Dumps (and indeed application crash dumps).
Dump Files
Dump files are files containing the state of the machine when it crashed. We can analyse the file to identify the driver (or program) causing the crash. See the last section on how to get them analysed by a volunteer.
Analyse Dump Files
If you want to analyse your own dump files.
You need to start Explorer as Administrator to access the files in C:\windows\Minidump. Right click Explorer and choose Run As Administrator.
Download and install Debugging Tools for Windows
http://msdn.microsoft.com/en-us/windows/hardware/hh852363
Install theWindows SDK but just choose the debugging tools.
Create a folder called Symbols in C:\
Start Windbg. File menu - Symbol File Path and enter
srv*C:\symbols*http://msdl.microsoft.com/download/symbols
Close and reopen WinDbg. File menu - Open Crash Dump
This will analyse the crash dump. You need to close and reopen WinDbg for each dump file analysed. Because you are downloading symbols from the internet WinDbg will appear to be doing nothing. But it's downloading. Be patient.
You are looking for a driver or system library that the crash occurred in at the end of the listing. Find the file, right click then Properties - Details tab. If it shows a driver you'll need to update the driver identified. Most drivers are in c:\windows\system32\drivers.
.
No comments:
Post a Comment