Dror Helper, profile picture
Uploaded byDror Helper
PPTX, PDF1,912 views

Who’s afraid of WinDbg

This document introduces WinDbg, a debugger tool that can be used for post mortem crash analysis, memory leak detection, and deadlock discovery. It discusses how to load crash dumps and symbols, and provides an overview of basic commands like listing processes and threads. Crash analysis commands for .NET like !analyze, !printexception, and !clrstack are presented. Commands for investigating memory issues like !dumpheap and !gcroot are also highlighted. The document concludes with discussing deadlock detection using commands like !dlk and !mwaits.

Embed presentation

Downloaded 35 times
Dror Helper drorh@codevalue.net | http://blog.drorhelper.com | @dhelper Who’s afraid of WinDBG?
About.Me • Senior consultant @CodeValue • Developing software (professionally) since 2002 • Clean coder • Test Driven Developer • Blogger: http://blog.drorhelper.com
How I Learned to Stop Worrying and Love WinDbg From Wikipedia Commons
When we think about debugging
Unfortunately If (Production && Visual studio) { SysAdmin = VeryAngry; Customer != Permission; Application = NotWorking; Debug != DateTime.Now; }
WinDbg to the rescue Post mortem analysis of crash/hang dumps Inspect heap and find memory leaks Discover deadlocks Learn more about your application
Basic commands | list all processes |. current process |<x>s switch to process ~ list all threads ~. current thread ~<n>s – switch to thread k call stack (unmanged) ~* all threads ~* k – call stack for all threads
Wait, you’re forgot something For proper debugging you’ll need symbols 1. lm show all modules + symbol information 2. .symfix + .reload –f 3. ld Loads symbols for the specified module Or use File  Symbol file path
ICanHasWindows!
PART I – CRASH ANALYSIS 11
Analyzing Crush dump A minidump is a snapshot of an application state: { Process(s) Thread(s) Module(s) Register(s) Memory info Handles Call stack … }
Creating MiniDumps WinDbg Task Manager/ProcEx ADPlus (Debugging tools for windows) ProcDump (sysinternals)
sos.dll WinDBG extension Knows .NET Ships with .NET framework/symbol server .loadby sos mscorwks (.net 3.5 or earlier) .loadby sos clr (.net 4.0 or later)
Now what? 1. Load MiniDump in WinDBG 2. Symbols! 3. Load sos.dll 4. !analyze –v
More crash analysis commands (sos) !printexception !threads !dae (dump all exceptions) !dso (dump stack objects) !clrstack -p (shows parameters and values) -l (show locals) -a (same as –p –l)
PART II - INVESTIGATING MEMORY ISSUES 17
Finding memory issues 1. Look at heap 2. List all objects 3. Dive in to see specific object 4. Compare with previous results !dumpheap -stat !dumpheap –type !do !gcroot
Other memory related commands !FinalizeQueue !objsize !GCHandleLeaks !dumpgen !gcgen !refs !mk !mdt
PART III – DEADLOCK DETECTION 20 R1 R2 P2 P1
Deadlock detection 1. .load <folder>sosex.dll 2. !dlk Other options: !syncblk/!DumpHeap –thinlock Plain old !clrstack !mlocks !mwaits
Making WinDBG user friendly(ier) .cmdtree <cmd file> .prefer_dml 1
Dror Helper C: 972.05.7668543 e: drorh@codevalue.net B: blog.drorhelper.com

More Related Content

PDF
Crash dump analysis - experience sharing
byJames Hsieh
 
PPTX
Advanced windows debugging
bychrisortman
 
PPTX
Debugging NET Applications With WinDBG
byCory Foy
 
PPTX
Advanced Debugging with WinDbg and SOS
bySasha Goldshtein
 
PPTX
Debugging tricks you wish you knew - Tamir Dresher
byTamir Dresher
 
PPTX
VS Debugging Tricks
bySasha Goldshtein
 
PPTX
C++ Production Debugging
bySasha Goldshtein
 
PPTX
Windows Crash Dump Analysis
byMicrosoft TechNet - Belgium and Luxembourg
 
Crash dump analysis - experience sharing
byJames Hsieh
 
Advanced windows debugging
bychrisortman
 
Debugging NET Applications With WinDBG
byCory Foy
 
Advanced Debugging with WinDbg and SOS
bySasha Goldshtein
 
Debugging tricks you wish you knew - Tamir Dresher
byTamir Dresher
 
VS Debugging Tricks
bySasha Goldshtein
 
C++ Production Debugging
bySasha Goldshtein
 
Windows Crash Dump Analysis
byMicrosoft TechNet - Belgium and Luxembourg
 

What's hot

PPT
.NET Debugging Workshop
bySasha Goldshtein
 
PPTX
The Veil-Framework
byVeilFramework
 
PDF
Code quality par Simone Civetta
byCocoaHeads France
 
PDF
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
byCTruncer
 
PDF
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
byCTruncer
 
PPTX
Introduction to .NET Performance Measurement
bySasha Goldshtein
 
PDF
WAF protections and bypass resources
byAntonio Costa aka Cooler_
 
PDF
Pentester++
byCTruncer
 
PPTX
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
bymidnite_runr
 
PDF
An EyeWitness View into your Network
byCTruncer
 
PPT
Google C++ Testing Framework in Visual Studio 2008
byAndrea Francia
 
PDF
Масштабируемый и эффективный фаззинг Google Chrome
byPositive Hack Days
 
PDF
Higher Level Malware
byCTruncer
 
PDF
Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde
byNSConclave
 
PDF
Firmware Extraction & Fuzzing - Jatan Raval
byNSConclave
 
PDF
Csw2016 d antoine_automatic_exploitgeneration
byCanSecWest
 
PDF
Экспресс-анализ вредоносов / Crowdsourced Malware Triage
byPositive Hack Days
 
PDF
Static analysis for beginners
byAntonio Costa aka Cooler_
 
ODP
Testing Toolbox
byMichael Peters
 
PPTX
.Net debugging 2017
byTess Ferrandez
 
.NET Debugging Workshop
bySasha Goldshtein
 
The Veil-Framework
byVeilFramework
 
Code quality par Simone Civetta
byCocoaHeads France
 
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
byCTruncer
 
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
byCTruncer
 
Introduction to .NET Performance Measurement
bySasha Goldshtein
 
WAF protections and bypass resources
byAntonio Costa aka Cooler_
 
Pentester++
byCTruncer
 
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
bymidnite_runr
 
An EyeWitness View into your Network
byCTruncer
 
Google C++ Testing Framework in Visual Studio 2008
byAndrea Francia
 
Масштабируемый и эффективный фаззинг Google Chrome
byPositive Hack Days
 
Higher Level Malware
byCTruncer
 
Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde
byNSConclave
 
Firmware Extraction & Fuzzing - Jatan Raval
byNSConclave
 
Csw2016 d antoine_automatic_exploitgeneration
byCanSecWest
 
Экспресс-анализ вредоносов / Crowdsourced Malware Triage
byPositive Hack Days
 
Static analysis for beginners
byAntonio Costa aka Cooler_
 
Testing Toolbox
byMichael Peters
 
.Net debugging 2017
byTess Ferrandez
 

Similar to Who’s afraid of WinDbg

PPTX
Large Scale Crash Dump Analysis with SuperDump
byChristoph Neumüller
 
PDF
Debugging a .NET program after crash (Post-mortem debugging)
byMirco Vanini
 
PPT
Advanced driver debugging (13005399) copy
byBurlacu Sergiu
 
PPTX
Windows Debugging with WinDbg
byArno Huetter
 
PPT
.NET Debugging Tips and Techniques
byBala Subra
 
PPT
.Net Debugging Techniques
byBala Subra
 
PDF
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
byShanmuga KS
 
PPTX
Sql Bits Sql Server Crash Dump Analysis
byPablo Alvarez Doval
 
PPT
Windbg dot net_clr2
byWei Sun
 
PPT
Windbg dot net_clr2
byWei Sun
 
PPTX
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
byCamilo Alvarez Rivera
 
PDF
PAC 2019 virtual Christoph NEUMÜLLER
byNeotys
 
PPTX
Windows Debugging and Troubleshooting
byMicrosoft TechNet - Belgium and Luxembourg
 
PDF
Accelerated .NET Memory Dump Analysis training public slides
byDmitry Vostokov
 
PPTX
Driver Debugging Basics
byBala Subra
 
PDF
Diagnosing Application Problems using Microsoft WinDbg Debugger
byDmitry Vostokov
 
PPTX
Creating user-mode debuggers for Windows
byMithun Shanbhag
 
PDF
Антон Наумович, Система автоматической крэш-аналитики своими средствами
bySergey Platonov
 
PPTX
How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp...
byDevOpsDays Tel Aviv
 
PPTX
Automatic crash analysis system
bycorehard_by
 
Large Scale Crash Dump Analysis with SuperDump
byChristoph Neumüller
 
Debugging a .NET program after crash (Post-mortem debugging)
byMirco Vanini
 
Advanced driver debugging (13005399) copy
byBurlacu Sergiu
 
Windows Debugging with WinDbg
byArno Huetter
 
.NET Debugging Tips and Techniques
byBala Subra
 
.Net Debugging Techniques
byBala Subra
 
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
byShanmuga KS
 
Sql Bits Sql Server Crash Dump Analysis
byPablo Alvarez Doval
 
Windbg dot net_clr2
byWei Sun
 
Windbg dot net_clr2
byWei Sun
 
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
byCamilo Alvarez Rivera
 
PAC 2019 virtual Christoph NEUMÜLLER
byNeotys
 
Windows Debugging and Troubleshooting
byMicrosoft TechNet - Belgium and Luxembourg
 
Accelerated .NET Memory Dump Analysis training public slides
byDmitry Vostokov
 
Driver Debugging Basics
byBala Subra
 
Diagnosing Application Problems using Microsoft WinDbg Debugger
byDmitry Vostokov
 
Creating user-mode debuggers for Windows
byMithun Shanbhag
 
Антон Наумович, Система автоматической крэш-аналитики своими средствами
bySergey Platonov
 
How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp...
byDevOpsDays Tel Aviv
 
Automatic crash analysis system
bycorehard_by
 

More from Dror Helper

PPTX
Unit testing patterns for concurrent code
byDror Helper
 
PPTX
The secret unit testing tools no one ever told you about
byDror Helper
 
PPTX
Debugging with visual studio beyond 'F5'
byDror Helper
 
PPTX
From clever code to better code
byDror Helper
 
PPTX
From clever code to better code
byDror Helper
 
PPTX
A software developer guide to working with aws
byDror Helper
 
PPTX
The secret unit testing tools no one has ever told you about
byDror Helper
 
PPTX
The role of the architect in agile
byDror Helper
 
PDF
Harnessing the power of aws using dot net core
byDror Helper
 
PPTX
Developing multi-platform microservices using .NET core
byDror Helper
 
PPTX
Harnessing the power of aws using dot net
byDror Helper
 
PPTX
Secret unit testing tools no one ever told you about
byDror Helper
 
PPTX
C++ Unit testing - the good, the bad & the ugly
byDror Helper
 
PPTX
Working with c++ legacy code
byDror Helper
 
PPTX
Visual Studio tricks every dot net developer should know
byDror Helper
 
PPTX
Secret unit testing tools
byDror Helper
 
PPTX
Electronics 101 for software developers
byDror Helper
 
PPTX
Navigating the xDD Alphabet Soup
byDror Helper
 
PPTX
Building unit tests correctly
byDror Helper
 
PPTX
Unit testing patterns for concurrent code
byDror Helper
 
Unit testing patterns for concurrent code
byDror Helper
 
The secret unit testing tools no one ever told you about
byDror Helper
 
Debugging with visual studio beyond 'F5'
byDror Helper
 
From clever code to better code
byDror Helper
 
From clever code to better code
byDror Helper
 
A software developer guide to working with aws
byDror Helper
 
The secret unit testing tools no one has ever told you about
byDror Helper
 
The role of the architect in agile
byDror Helper
 
Harnessing the power of aws using dot net core
byDror Helper
 
Developing multi-platform microservices using .NET core
byDror Helper
 
Harnessing the power of aws using dot net
byDror Helper
 
Secret unit testing tools no one ever told you about
byDror Helper
 
C++ Unit testing - the good, the bad & the ugly
byDror Helper
 
Working with c++ legacy code
byDror Helper
 
Visual Studio tricks every dot net developer should know
byDror Helper
 
Secret unit testing tools
byDror Helper
 
Electronics 101 for software developers
byDror Helper
 
Navigating the xDD Alphabet Soup
byDror Helper
 
Building unit tests correctly
byDror Helper
 
Unit testing patterns for concurrent code
byDror Helper
 

Recently uploaded

PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PPTX
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
The year in review - MarvelClient in 2025
bypanagenda
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
AI Technology important knowledge ......
byutkarshj2007
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 

Who’s afraid of WinDbg

  • 1.
    Dror Helper drorh@codevalue.net |http://blog.drorhelper.com | @dhelper Who’s afraid of WinDBG?
  • 2.
    About.Me • Senior consultant@CodeValue • Developing software (professionally) since 2002 • Clean coder • Test Driven Developer • Blogger: http://blog.drorhelper.com
  • 3.
    How I Learnedto Stop Worrying and Love WinDbg From Wikipedia Commons
  • 4.
    When we thinkabout debugging
  • 5.
    Unfortunately If (Production &&Visual studio) { SysAdmin = VeryAngry; Customer != Permission; Application = NotWorking; Debug != DateTime.Now; }
  • 6.
    WinDbg to therescue Post mortem analysis of crash/hang dumps Inspect heap and find memory leaks Discover deadlocks Learn more about your application
  • 7.
    Basic commands | listall processes |. current process |<x>s switch to process ~ list all threads ~. current thread ~<n>s – switch to thread k call stack (unmanged) ~* all threads ~* k – call stack for all threads
  • 8.
    Wait, you’re forgotsomething For proper debugging you’ll need symbols 1. lm show all modules + symbol information 2. .symfix + .reload –f 3. ld Loads symbols for the specified module Or use File  Symbol file path
  • 9.
  • 10.
    PART I –CRASH ANALYSIS 11
  • 11.
    Analyzing Crush dump Aminidump is a snapshot of an application state: { Process(s) Thread(s) Module(s) Register(s) Memory info Handles Call stack … }
  • 12.
    Creating MiniDumps WinDbg Task Manager/ProcEx ADPlus(Debugging tools for windows) ProcDump (sysinternals)
  • 13.
    sos.dll WinDBG extension Knows .NET Shipswith .NET framework/symbol server .loadby sos mscorwks (.net 3.5 or earlier) .loadby sos clr (.net 4.0 or later)
  • 14.
    Now what? 1. LoadMiniDump in WinDBG 2. Symbols! 3. Load sos.dll 4. !analyze –v
  • 15.
    More crash analysiscommands (sos) !printexception !threads !dae (dump all exceptions) !dso (dump stack objects) !clrstack -p (shows parameters and values) -l (show locals) -a (same as –p –l)
  • 16.
    PART II -INVESTIGATING MEMORY ISSUES 17
  • 17.
    Finding memory issues 1.Look at heap 2. List all objects 3. Dive in to see specific object 4. Compare with previous results !dumpheap -stat !dumpheap –type !do !gcroot
  • 18.
    Other memory relatedcommands !FinalizeQueue !objsize !GCHandleLeaks !dumpgen !gcgen !refs !mk !mdt
  • 19.
    PART III –DEADLOCK DETECTION 20 R1 R2 P2 P1
  • 20.
    Deadlock detection 1. .load<folder>sosex.dll 2. !dlk Other options: !syncblk/!DumpHeap –thinlock Plain old !clrstack !mlocks !mwaits
  • 21.
    Making WinDBG userfriendly(ier) .cmdtree <cmd file> .prefer_dml 1
  • 22.
    Dror Helper C: 972.05.7668543 e:drorh@codevalue.net B: blog.drorhelper.com

Editor's Notes

  • #20 !FinalizeQueue – show finalizer queue !threads – show managed threads !objsize – calculate “real” object size !GCHandleLeaks – track down GCHandle leaks !finq/frq – show finilizer/freachable queue !dumpgen – Dumps the contents gen X !gcgen - GC generation of the specified object !refs - all references from/to object !mk - unmanaged and managed call stack !mdt - fields of an object or type