Stack Overflow
Stack Overflow

Questions tagged [dbgeng]

25 questions
5
votes
3 answers

How do I extract a user stream from a WinDbg extension?

I have embedded a custom stream in a dump (i.e. passed the UserStreamParam argument to MiniDumpWriteDump function). Now, I'm trying to extract the stream from a WinDbg extension. (Note that I have verified that I can retrieve the stream using the…
avakar
  • 32,009
  • 9
  • 68
  • 103
3
votes
1 answer

What does 'Stop Debugging' do programmatically in windbg?

I try to replicate the cleanup that is done by windbg after opening a dump, analyzing it and then 'Stop Debugging'. When I try to do this in my own program, I leak a lot of memory. I release the com interfaces I have addref:ed and I call…
Staffan Gustafsson
  • 354
  • 2
  • 9
3
votes
1 answer

Implementing DebugExtensionProvideValue corrupts WinDbg internal state?

I'm implementing DebugExtensionProvideValue in my extension so I can provide custom pseudo-registers. It works perfectly in CDB and it works fine initially in WinDbg but after stopping debugging and opening a new executable something happens and…
Anders
  • 97,548
  • 12
  • 110
  • 164
3
votes
1 answer

How to get section info/offset permissions from windbg/dbgeng api?

I am writing an extension for Windbg, and at a particular point I need to get the permissions for a memory offset, much like how !address addr would provide in Windbg. I have had a look at the available functions of the Debugger Engine API here…
user1831704
  • 245
  • 1
  • 10
2
votes
1 answer

IDebugSymbols::GetNameByOffset and overloaded functions

I'm using IDebugSymbols::GetNameByOffset and I'm finding that I get the same symbol name for different functions that overload the same name. E.g. The code I'm looking up the symbols for might be as follows: void SomeFunction(int) {..} void…
pauldoo
  • 18,087
  • 20
  • 94
  • 116
2
votes
0 answers

Get frame pointer offset for first stack frame

I needed to get the base and top addresses of all the stack frames, for an extension that I am writing for windbg. As an example, here is what I got: (0) ip= 0x779e5604, ret= 0x779cda0d, frame= 0x23c79c, stack= 0x23c79c (1) ip= 0x779cda0d, ret=…
user1831704
  • 245
  • 1
  • 10
2
votes
3 answers

WinDbg, display Symbol Server paths of loaded modules (even if the symbols did not load)?

Is there a way from WinDbg, without using the DbgEng API, to display the symbol server paths (i.e. PdbSig70 and PdbAge) for all loaded modules? I know that lml does this for the modules whose symbols have loaded. I would like to know these paths…
Carlos Rendon
  • 6,174
  • 5
  • 34
  • 50
2
votes
1 answer

How do I debug Illegal Instruction exception?

I'm getting this exception when trying to use dbgeng from mdbglib: First-chance exception at 0x037ba4f4 (dbgeng.dll) in ASDumpAnalyzer.exe: 0xC000001D: Illegal Instruction. I'm wondering how to go about debugging this? It is throwing on the…
David Silva Smith
  • 11,498
  • 11
  • 67
  • 91
1
vote
1 answer

How to get available virtual memory regions for WinDBG preview TTD trace session?

I am writing dbgeng client and try to enumerate available virtual memory for time travel debugging session. Dbgeng API have IDebugDataSpaces2::QueryVirtual method, it's works great for live user-mode debugging sessions, but does not works for TTD…
John199001
  • 13
  • 3
1
vote
0 answers

Record instructions stepping/tracing in a multithreaded application on a multi-core system

I created an extension for WinDbg using DbgEng, which records trace containing the state of the registers and stack for each executed instruction in user mode and in kernel mode. For step-tracing, I use breakpoints (I also tried sets the TRAP flag…
M3ik Shizuka
  • 11
  • 3
1
vote
1 answer

How can I programmatically find a suitable region to reload an unloaded module without overlap?

I am working on a windbg extension for dump analysis that requires symbols from unloaded modules. I'm using the function IDebugSymbols3::Reload, which is analogous to the .reload command. In the case that the region originally occupied by the module…
TractorPulledPork
  • 783
  • 3
  • 8
1
vote
1 answer

Can I use DbgEng extension DLL in custom application?

I am curious can I use DbgEng extension without WinDbg. For example is it possible to use DbgEng extension from managed .NET application? Regards, Remsy
user471023
  • 11
  • 1
1
vote
1 answer

How do I interact with Visual Studios native debugger when writing my own "mixed mode" debugger?

I've spent the last few days searching google, blogs and MSDN looking for any small scrap of info on how "interop" or "mixed mode" debugging is implemented in Visual Studio. I'm attempting to implement my own debugger for a custom VM (actually, it…
Grant Peters
  • 7,691
  • 3
  • 45
  • 57
1
vote
1 answer

How can I read user input from a debugger extension (dbgeng) in a debugger agnostic way?

I am writing a debugger extension and is looking for a way to get user input from the debugger extension after the extension has started executing. I am hosting PowerShell in a debugger extension and try to implement support for Read-Host which…
Staffan Gustafsson
  • 354
  • 2
  • 9
1
vote
0 answers

Debugging a runnig process with dbgeng

I've writen a simple program based on a sample of the wdk that scans the memory from a dump file. Now, I'd like to do the same on the process while it's running and I'm facing several issues: I don't know how to break the running process when…
Damien
  • 300
  • 1
  • 8
1
2