Cyberiafreak

"Fortunate are those who take the first steps.” ― Paulo Coelho

Windbg commands -Part 2

>NTSD,CDB,KD – from chm
>.sympath c:\symbols;c:\program files; ->To set/display display sympath
>.chain -> to see the list of extn
>.hh -> to load chm & .help /D (very useful one)
>.version
>vertarget
>.cls
>.lastevent
>.q, .restart
>.chain /D
>ld * (loaded modules)
>.sympath (to display the path)
>.symfix (this automatically point to http://msdl.microsoft.com/download/symbol
>.reload
>x*l (list all modules)
>!analyze (most used) -v, -hang, -f (switches)
>exr -1 (display most recent exception)
>lm (list modules)
>!runaway [flags:0|1|2] -> display info about time consumed by each thread(0-user time, 1-kernal time,2-time elapsed since thread creation)
>~*K -> call stack for all threads
>~!uniqstack
>!findstack kernel32 2 -> displays all stacks that contain “kernel32”
>.frame (show current frame)
>d* -> memory
>!heap -stat (dump heap handle list)
>!threads

userful links -> http://windbg.info/, C:\Program Files\Debugging Tools for Windows (x86)\debugger.chm, type simply .hh inside windbg cmd prompt
DUMPBIN, EDITBIN -> for header analysis
srv*[DOWNLOAD PATH LOCAL]*[SYMBOL SERVER LOCATION] -> for Downloading symbols
Symstore.exe ->Setting up private symbol store -> create own symbol server
IMAGE_FILE_LARGE_ADDRESS_AWARE http://msdn.microsoft.com/en-us/library/wz223b1z.aspx – setting 32 bit/64 bit target

Advertisements

September 5, 2012 - Posted by | windbg

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: