WinDbg

Source: Wikipedia, the free encyclopedia.
WinDbg
Developer(s)Microsoft
Stable release
10.0.20153.1000 / April 29, 2020 (2020-04-29)
Operating systemMicrosoft Windows
TypeDebugger
LicenseCommercial
WebsiteDebugging Tools at docs.microsoft.com

WinDbg is a multipurpose

kernel mode
.

Overview

Like the better-known

service packs).[4]

WinDbg can also be used for debugging kernel-mode

Recent versions of WinDbg have been and are being distributed as part of the free

front-ends like KD, CDB, and NTSD
. Most commands can be used as is with all the included debugger front-ends.

In 2017 Microsoft announced new version of WinDbg called WinDbg Preview (aka WinDbgX).[7] One of the most notable features of WinDbg Preview is so called Time-Travel-Debugging (TTD).[8] The main idea here is that the user can record an actual live process (at a performance penalty) to later debug going back and forth in time. This feature is especially useful during reverse-engineering process. It also allows writing scripts in JavaScript language.[9]

Extensions

WinDbg allows the loading of extension DLLs[10] that can augment the debugger's supported commands and allow for help in debugging specific scenarios: for example, displaying an MSXML document given an IXMLDOMDocument, or debugging the Common Language Runtime (CLR).[11] These extensions are a large part of what makes WinDbg such a powerful debugger. WinDbg is used by the Microsoft Windows product team to build Windows, and everything needed to debug Windows is included in these extension DLLs.

Extension commands are always prefixed with !.

While some extensions are used only inside Microsoft, most of them are part of the public Debugging Tools for Windows package.

The extension model is documented in the help file included with the Debugging Tools for Windows.

Ext.dll

Ext is a standard Windows Debugger extension that ships with WinDBG and is loaded by default.

!analyze command

The most commonly used command is !analyze -v,[12] which analyzes the current state of the program being debugged and the machine/process state at the moment of crash or hang. This command is often able to debug the current problem in a completely automated fashion.

When used without any switches, !analyze simply returns the results of its analysis. The -v and -vv give further details about that analysis.

Wow6432exts.dll

Wow6432exts is a standard Windows Debugger extension that ships with WinDBG. It is used to debug processes running inside WoW64 (32-bit processes running in 64-bit Windows).[13]

SOS.dll

The SOS (Son of Strike)[14] Debugging Extension (SOS.dll) assists in debugging managed programs in Visual Studio and WinDbg by providing information about the internal common language runtime (CLR) environment. This tool requires a project to have unmanaged debugging enabled. SOS.dll is automatically installed with the .NET Framework. To use SOS.dll in Visual Studio, install the Windows Driver Kit (WDK).[15] To debug a process or memory dump, the sos.dll version must match the .NET Framework version. Psscor2 and Psscor4 are a superset of SOS.

Psscor2.dll

Psscor2 is the Windows Debugger Extension used to debug .NET Framework applications that use the .NET CLR version 2.0 (.NET Framework versions 2 through 3.5). Psscor2 was developed for internal use at Microsoft as part of their Product Support Services tools.[16] While Microsoft only released Psscor2 in 2010 [17] Microsoft had been publishing commands from the extension several years before,[18] causing difficulty for those who were trying to follow their processes.

Psscor4.dll

Psscor4 is a Windows Debugger extension used to debug .NET Framework 4 applications.

Coupling with virtual machines

WinDbg allows debugging a Microsoft Windows kernel running on a

COM port. In the case of VMware and VirtualBox, the VirtualKD extension adds native support for VM debugging to the Windows kernel, claiming to speed debugging by a factor of up to 45.[19] For Windows 8 and later, kernel debugging over network is allowed,[20]
allowing fast kernel debugging without special configuration.

Protocol

The WinDbg protocol is not documented, but is supported by the IDA Pro and radare2 disassemblers.

See also

References

  1. ^ EliotSeattle. "Download the Windows Driver Kit (WDK)". Msdn.microsoft.com. Retrieved 23 April 2018.
  2. ^ "PE/COFF Specification Addendum". Retrieved 11 March 2024.
  3. ^ "Debugging with Symbols (Windows)". Support.microsoft.com. Retrieved 23 April 2018.
  4. ^ DOMARS. "Microsoft public symbol server". Msdn.microsoft.com. Retrieved 23 April 2018.
  5. ^ "How do I use WinDBG Debugger to troubleshoot a Blue Screen of Death?". TechRepublic. 18 December 2009. Retrieved 23 April 2018.
  6. ^ "Post-mortem debugging of .NET applications using WinDbg". Tewarid.github.io. 10 September 2010. Retrieved 23 April 2018.
  7. ^ "New WinDbg available in preview! – Debugging Tools for Windows". blogs.msdn.microsoft.com. Retrieved 2019-08-13.
  8. ^ "Leveraging the new WinDbgX and Time-Travel-Trace –Script to list all access to files – Rodney Viana's (MSFT) Blog". blogs.msdn.microsoft.com. Retrieved 2019-08-13.
  9. ^ "Easier WinDbg scripting with Javascript for malware research – Avar 2018". Retrieved 2019-08-13.
  10. ^ DOMARS. ".load, .loadby (Load Extension DLL)". Msdn.microsoft.com. Retrieved 23 April 2018.
  11. ^ "MSDN Magazine Issues". Msdn.microsoft.com. Retrieved 23 April 2018.
  12. ^ DOMARS. "analyze". Msdn.microsoft.com. Retrieved 23 April 2018.
  13. ^ "Debugging WOW64 (Windows)". Msdn.microsoft.com. Retrieved 23 April 2018.
  14. ^ "SOS Debugging of the CLR, Part 1". Blogs.msdn.com. Archived from the original on 28 June 2010. Retrieved 23 April 2018.
  15. ^ mairaw. "SOS.dll (SOS Debugging Extension)". Msdn.microsoft.com. Retrieved 23 April 2018.
  16. ^ "New debugger extension for .NET (PSSCOR2)". Blogs.msdn.com. Retrieved 23 April 2018.
  17. ^ "New debugger extension for .NET, Psscor2, released". Blogs.msdn.com. Retrieved 23 April 2018.
  18. ^ "MSDN Magazine Issues". Msdn.microsoft.com. Retrieved 23 April 2018.
  19. ^ "VirtualKD - Windows Kernel Debugger Booster for Virtual Machines". Virtualkd.sysprogs.org. Retrieved 23 April 2018.
  20. ^ DOMARS. "Setting Up Kernel-Mode Debugging over a Network Cable Manually". Msdn.microsoft.com. Retrieved 23 April 2018.

External links

This page is based on the copyrighted Wikipedia article: WinDbg. Articles is available under the CC BY-SA 3.0 license; additional terms may apply.Privacy Policy