Debugging Toolbox

Windbg scripts, debugging and troubleshooting tools and techniques to help you isolate software problems.

[WinDbg Script] Hacking Minesweeper for Windows 8

<IMPORTANT UPDATE> Today two people told me the script was not working and they also said they...

Author: rafarah Date: 05/14/2014

Debugging – Low Level Software Analysis

Anybody there? Yeah I know, it’s been a while… Unfortunately in my current position I...

Author: rafarah Date: 05/13/2014

Tools for Your Debugging Toolbox

This article was just updated to include an internal Microsoft tool that is now public. There are...

Author: rafarah Date: 10/04/2012

D3v3l0p3r PF3s – 0bs3rv1ng Th3m in Th31r Natural Hab1tat

PFE has engineers who specialize in areas which can contain one or more technologies. This species...

Author: rafarah Date: 05/19/2012

[WinDbg Script] Displaying the COM object referenced by an RCW object

Here we go again after a long time without blogging and an even longer time without blogging about...

Author: rafarah Date: 03/02/2012

Top Things to Consider When Troubleshooting Complex Application Issues

1- For reactive incidents: “Bring the engineer onsite because it is going to be easier to...

Author: rafarah Date: 10/03/2011

New Debugging Book – Windows Debugging Notebook: Essential User Space WinDbg Commands

A reference book for technical support and escalation engineers troubleshooting and debugging...

Author: rafarah Date: 09/29/2011

[PowerShell Script] PowerDbg v6.0 – Using PowerShell to Control WinDbg

Last October the latest version of the PowerDbg tool was released, version 6.0. This release has...

Author: rafarah Date: 02/28/2011

[PowerShell Script] Troubleshooting for Port Exhaustion Using NetStat

Problem Description: Applications that use a great deal of TCP network activity may use all of the...

Author: rafarah Date: 10/11/2010

[WinDbg Script] Displaying Parameters for Microsoft.ReportingServices.ReportProcessing

Here is a new script from a PFE from Portugal, Marcio Parente. Marcio kindly shared his source code...

Author: rafarah Date: 08/13/2010

New PowerDbg – I Need Your Help

First, let me fix the title. It should be: “New PowerDbg – We Need Your Help”. I...

Author: rafarah Date: 05/25/2010

PSSCOR2, the Superset of SOS.DLL is Now Public!!!

Whenever I’m debugging with customers watching it’s inevitable: they always ask me what this...

Author: rafarah Date: 03/29/2010

XPerf Tool – Why Can’t You Live Without It?

Israel Burman (Israel is one of the ADPlus creators and the guy who taught me the XPerf tool) and...

Author: rafarah Date: 03/15/2010

Special Command—Editing memory with a, eb, ed, ew, eza, ezu

When talking about editing memory, we usually think about patching code. Patching code means...

Author: rafarah Date: 01/05/2010

[PowerShell Script] PowerDbg v5.3—Using PowerShell to Control WinDbg

This version has a fix in Parse-PowerDbgDSO. Thanks to Igor Dvorkin that found the bug and suggested...

Author: rafarah Date: 12/21/2009

Special Command—Unassembling code with u, ub and uf

When debugging sooner or later you will need to disassemble code to get a better understanding of...

Author: rafarah Date: 11/05/2009

Special Command—Using # to Find Patterns of Assembly Instructions

Sometimes you need to look for patterns of disassembled code. You can browse the disassembled code...

Author: rafarah Date: 10/23/2009

Special Command—Tracing Applications Using wt

wt [WatchOptions] [= StartAddress] [EndAddress] Transcribing the WinDbg documentation, this command...

Author: rafarah Date: 10/12/2009

Special Command—Saving Modules Using .writemem

This command enables you to save memory into a disk file. The cool thing about it is that you can...

Author: rafarah Date: 09/22/2009

Special Command—Using .dump/.dumpcab to Get Dumps and Symbols from Production Servers

Using WinDbg you can create a dump file from an application running, for instance, in a production...

Author: rafarah Date: 09/15/2009

Special Command—Using !chksym/!itoldyouso to Check PDB Files Against Modules

These are two debugger extensions that are used to see the PDB file that matches a specific module....

Author: rafarah Date: 09/04/2009

Special Command—Displaying Information From Modules/DLLs with !dlls

!dlls extension displays the table entries of all loaded modules. You can also use it to display all...

Author: rafarah Date: 08/19/2009

Special Command—Using !for_each_frame to Run Commands

!for_each_frame is a favorite among debuggers. It's a very flexible and powerful command that...

Author: rafarah Date: 08/19/2009

Special Command—Displaying More PE Header Information with !dh

The !dh extension displays the PE header information from a specified module. Usage: !dh [options]...

Author: rafarah Date: 08/19/2009

Special Command—Displaying the PE Header Information with !lmi

Like its cousin !dh, the !lmi extension displays the PE header information from a specified module....

Author: rafarah Date: 08/19/2009

Special Command—CPU Time for Each Thread with !runaway

This is one of my favorite commands! !runaway displays information about the CPU time consumed by...

Author: rafarah Date: 08/19/2009

For the second time I have had the privilege of being one of the reviewers for another debugging...

Author: rafarah Date: 05/15/2009

[PowerShell Script] Statistics from .NET Applications

This script is more a template to show you how to use PowerDbg. I must say the idea is from my...

Author: rafarah Date: 04/15/2009

[PowerShell Script] PowerDbg v5.2—Using PowerShell to Control WinDbg

This version has two improvements and some scripts were changed to be compatible with this new...

Author: rafarah Date: 04/15/2009

[PowerShell Script] PowerDbg v5.1—Using PowerShell to Control WinDbg

So, here we go again. This is a minor version with a few new cmdlets. These new cmdlets are those...

Author: rafarah Date: 03/19/2009

Special Command—Peeking Memory Addresses Using !address

Let’s say that you get a memory address and you want to know if it’s from the heap, the stack, or...

Author: rafarah Date: 03/17/2009

Special Command—Parsing Strings, Files, and Commands Output Using .foreach

This is by far one of the most powerful WinDbg commands. Even if you don’t create scripts, you’ll...

Author: rafarah Date: 03/11/2009

Special Command—Parsing Commands Using .shell

Finally I’m writing about this command. I love it! It’s so powerful! .shell command launches a shell...

Author: rafarah Date: 02/19/2009

[PowerShell Script] PowerDbg v5.0—Using PowerShell to Control WinDbg

I’m very excited to present the new PowerDbg v5.0! There’s just one change, but it’s a HUGE change...

Author: rafarah Date: 02/03/2009

[WinDbg Script] Displaying Queries/Stored Procedures from Threads Running Managed Code

There’s another script that gives you all queries/stored procedures from SQL Server or Oracle that...

Author: rafarah Date: 02/01/2009

Special Command—Advanced Programming Techniques for WinDbg Scripts

It has been a long time since my last post, but I’m back on the blog. The article for today is about...

Author: rafarah Date: 01/31/2009

[PowerShell Script] Finding Out the Managed Objects that "Leaked"

Here in PFE most of my teammates use the same approach to identify managed objects that “leak”. The...

Author: rafarah Date: 11/13/2008

Check this out.

Author: rafarah Date: 11/01/2008

[PowerShell Script] Extracting All Key/Value Pairs from a Dictionary Object

Brad Linscott, a teammate of mine since the old times of SIE, came up with a very helpful idea: find...

Author: rafarah Date: 10/28/2008

Special Command—Execute Commands from a Customized User Interface with .cmdtree

A few weeks ago I received an e-mail from Brad Wilson, a Support Escalation Engineer from the OCS...

Author: rafarah Date: 09/16/2008

How to Decipher Strings Originating from SQL Injection Attacks

This blog article was written by Ayax Vargas, a friend and co-worker from my team. Ayax is very...

Author: rafarah Date: 09/09/2008

NetWiz - How to Download the Tool (finally!)

I just updated this blog post. Now you can download NetWiz. Latest version here.

Author: rafarah Date: 08/30/2008

[PowerShell Script] Chart and Statistics from Top 20 Objects Leaking

If you want to know the top 20 objects associated with the GC Handles that are leaking, you have...

Author: rafarah Date: 08/22/2008

[PowerShell Script] PowerDbg v4.0 - Using PowerShell to Control WinDbg

Good news! Here’s the newest PowerDbg library. This version is more stable and has more features....

Author: rafarah Date: 08/14/2008

CSI is Cool, But What About Lieutenant Columbo?

OK, you may be wondering, “If this blog is supposed to be a technical blog, why is he talking about...

Author: rafarah Date: 08/12/2008

[PowerShell Script] Downloading PDB for Specific Modules

A few weeks ago, during a laboratory with a customer, I found myself struggling to download the...

Author: rafarah Date: 08/08/2008

The Microsoft Interview Process – Videos, Articles and Material

VIDEO WITH MICROSOFT RECRUITERS PART 1 https://channel9.msdn.com/ShowPost.aspx?PostID=18472 PART 2...

Author: rafarah Date: 07/16/2008

If I Only Could Change the Interview Process

I think Microsoft has one of the best interview processes of any major corporation around. There are...

Author: rafarah Date: 07/16/2008

Who Is More Creative?

Not so long ago I had an interesting Messenger conversation with a great friend of mine that is a...

Author: rafarah Date: 07/09/2008

Tools for Troubleshooting Applications (including SharePoint)

Let me share with you some public tools I’ve been using when working with applications and...

Author: rafarah Date: 07/03/2008

Next>