Cyberiafreak

"Fortunate are those who take the first steps.” ― Paulo Coelho

About Windows Debugging Tools (windbg,adplus)

There are four Microsoft debuggers availabe for debugging as part of Windows SDK download.
1)WinDbg (Windbg.exe) -A user-mode and kernel-mode debugger with a graphical interface.
2)KD (Kd.exe) -A kernel-mode debugger with a console interface.
3)CDB (Cdb.exe) -A user-mode debugger with a console interface.
4)NTSD (Ntsd.exe) -A user-mode debugger with a console interface. CDB and NTSD are virtually identical.

>Out of this, Windbg is often used by programmer to analyze dumps
Download it from here – http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx
Easier Steps..
1) Instal Windows Debugging tools from web
2) Go the installed folder and invoke adplus tool to start capture the crash/hang
ex: C:\Program Files\Debugging Tools for Windows (x86)>adplus -crash -pn “LogViewer.exe” -o d:\dumps
3) Wait till it crash, so it will write the dumps after crash
4) Now launch Windbg from start menu,
4.1)Set the Symbol File path (where pdb’s available) in Windbg > file -symbol path specifies the directories where the symbol files are located.
4.2)Set the Source File path (where application pdb’s & .NET pdb’s available). You can specify more than one path with ‘;’ separator.
4.3)Set the Executale Image path -executable file path. These files typically have the .exe, .dll, or .sys file name extension
5) For better debugging & complete trace, download the whole .NET symbol path from net
http://referencesource.microsoft.com/downloadsetup.aspx – so you’ll get all pdb’s for all microsoft .net assemblies.
4) Last step in debugging a crashed target computer or application is to use the !analyze extension command (inside Windbg after loading dump)
ex: 0:000> !analyze -v
Now start investigating the stack trace from the dump file for understanding the issue.

About Adplus: ADPlus (adplus.vbs), also known as Autodump+, is a console-based Microsoft Visual Basic script. This tool automates the CDB debugger
to produce memory dumps and log files that contain debug output from one or more processes.
– using this we can trace user-mode process(.exe) or service such as IIS, or MTS, or Microsoft COM+ applications.
When Should You Use ADPlus? You should use ADPlus to capture debugging information if you are experiencing the following problems:
1) Processes that stop responding (that is, hang).
2) Processes that have 100 % CPU utilization on a single processor computer, 50 % utilization on a dual processor computer, 25 % utilization on a quad processor computer, and so on.
3) Processes that fail (that is, crash) or shut down unexpectedly.

Usefil ADPlus command line options:
ADPlus -hang -iis -pn myapp.exe -o c:\temp
ADPlus -crash -iis -pn myapp.exe -o c:\temp
ADPlus -quiet -crash -iis -notify RemoteComputer -o c:\temp
ADPlus -quiet -crash -iis -notify RemoteComputer -o c:\temp

Advertisements

February 14, 2012 Posted by | windbg | Leave a comment

What is DUMPBIN and EDITBIN ?

What is DUMPBIN?
The DUMPBIN utility, which is provided with the 32-bit version of Microsoft Visual C++, combines the abilities of the LINK, LIB, and EXEHDR utilities. The combination of these tools features the ability to provide information about the format and symbols provided in executable, library, and DLL files.
– use for verifying the stack reserve using Header options
What is EDITBIN?
The Microsoft COFF Binary File Editor (EDITBIN.EXE) modifies Common Object File Format (COFF) binary files. You can use EDITBIN to modify object files, executable files, and dynamic-link libraries (DLL).
An application’s stack size is set when the executable is built. The stack size is typically specified in the Module-Definition File (.DEF) when you use the STACKSIZE command or the /STACK Linker command. You can modify an executable’ s stack size after it has been built by using the EDITBIN tool that is included with Visual C+
– Use for changing the stack size to your desired size. ( this can be done at the time of Stack overflow exception in some exe )

Syntax and usage ?

dumpbin /HEADERS “Your.exe” ( Get the Header and see the stack reserve )
editbin /STACK:262144 “Your.exe”
dumpbin /HEADERS “Your.exe” ( Get again the header and see the stack reserve changed this time )

I see the stack reserve changed from 100000 size of stack reserve
40000 size of stack reserve

Note: This needs to be run it under .NET command prompt.

February 9, 2012 Posted by | windbg | 1 Comment

   

%d bloggers like this: