Chapter 8: Advanced Native Code Techniques with WinDBG

Overview

Even though I just spent what seemed like a million pages on the Microsoft Visual Studio .NET debugger, there's still another debugger from Microsoft to talk about—Microsoft WinDBG. I've often wondered why Microsoft has two separate teams working on debuggers, but I'm glad they've gone to the effort, because WinDBG has some extremely powerful features for smacking your bugs into submission. When I've asked folks at Microsoft why there are two debuggers, their answer does make sense. Visual Studio .NET is perfect for application development, but folks working on the operating system need something more extensible so that they can automate the heavy bug-finding tasks necessary to track down problems that occur in 40+ million lines of code.

WinDBG all boils down to raw, unadulterated power. Whereas Visual Studio .NET offers some fine extensibility to control the environment (as you'll see in the next chapter), WinDBG is all about the muscle necessary to poke and prod at the debuggee. Of course, with all this power you'll see some trade-offs, which I'll discuss in a moment.

Many of you are thinking that WinDBG is only for device driver developers, but its power extends to your user-mode native applications. WinDBG can show you more information about your processes than Visual Studio .NET could dream of showing. To entice you to consider WinDBG, I'll mention that WinDBG gives you real memory breakpoints and vastly improved binary handling for minidumps and allows you to see the complete operating system heaps and all handle information in your process.

My goal for this chapter is to help you get past some of the obstacles you'll encounter when starting out using WinDBG. Additionally, I want to show some of the power commands and how you use them. I'll also help you work past some of the strange problems, bugs, and other oddities you'll encounter with WinDBG so that you can be more productive with the tool. Finally, as I promised back in Chapter 6, I'll cover the Son of Strike (SOS) debugger extension for dealing with managed applications and dump files.

Debugging Tools for Windows, the package that contains WinDBG, is available with this book's sample files. The sample files contain the latest version of the tool at the time of this book's printing. You'll also want to check http://www.microsoft.com/ddk/debugging, which is where Microsoft posts the latest and greatest information about Debugging Tools for Windows. The development team regularly updates WinDBG to support more debugging features as well as to keep it current with the latest operating system versions. For this chapter, I used the latest version of WinDBG available at the time I wrote it, version 6.1.0017.0.