Debugging

Lauterbach is a company that serves a niche-market of in-circuit emulators, especially on systems using JTAG, which it sells under the brand name TRACE32. Practice script is a file containing a …

Use the Microsoft Symbol Server to obtain debug symbol files http://support.microsoft.com/kb/311503 other useful commands: !symfix .reload !analyze -v !sym noisy .symopt+ 0×40 .sympath SRV*f:\localsymbols*http://msdl.microsoft.com/download/symbols Sometimes we could have a dump …

The symbol path specifies locations where the Windows debuggers (WinDbg, KD, CDB, NTST) look for symbol files. Microsoft OS symbols are located at: https://msdl.microsoft.com/download/symbols You can set the symbols in multiple ways: …

This post is for driver or kernel developers/enthusiasts who have encountered a Blue Screen of Death on Windows where the bugcheck code is 0x9F, DRIVER_POWER_STATE_FAILURE, and parameter 1 is 0x3. There …

The command .WRITEMEM allows us to save memory into a disk file. The cool thing about it is that we can save modules too, because they are just raw memory. …

REGISTRY_ERROR (51) Something has gone badly wrong with the registry. If a kernel debugger is available, get a stack trace. It can also indicate that the registry got an I/O …

  !wow64exts.sw Switches between x86 and native mode. I’d like to introduce you to how to switch to a kernal mode from a apps mode. This is how a apps …

We can create a dump file from a running application or active driver crash using WinDbg. After the dump file is collected, it can be copied to another machine to …

It is easily recognizable in process crash dumps by the processor instruction that caused this exception type (DIV or IDIV): FAULTING_IP: DLL!FindHighestID+278 1b2713c4 f775e4 div dword ptr [ebp-0×1c] EXCEPTION_RECORD: ffffffff …