using x86 Windbg on x64 machine

Hello everyone,

I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine, then I have tried to install x86 Windbg debugger to debug x86 binary on x64 machine, seem every weird issues is gone.

My questions,

1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No conflict?
2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?

thanks in advance,
George

Lin George wrote:

Hello everyone,

I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine, then I have tried to install x86 Windbg debugger to debug x86 binary on x64 machine, seem every weird issues is gone.

My questions,

1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No conflict?

This is what I do, and I’ve never had any trouble with it.

Thanks,

Joseph

2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?

thanks in advance,
George

---

You are currently subscribed to windbg as: xxxxx@vandyke.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

WinDbg does not use registry settings to run with.
You can install it with xcopy or run from a flash drive.

On Thu, Oct 9, 2008 at 10:53 AM, Joseph Galbraith wrote:

> Lin George wrote:
>
>> Hello everyone,
>>
>>
>> I found some weird issues when using x64 Windbg debugger to debug x86
>> binary on x64 machine, then I have tried to install x86 Windbg debugger to
>> debug x86 binary on x64 machine, seem every weird issues is gone.
>>
>> My questions,
>>
>> 1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No
>> conflict?
>>
>
> This is what I do, and I’ve never had any trouble with it.
>
> Thanks,
>
> Joseph
>
> 2. Both debugger could automatically resolve system dependent resources –
>> for example, x64 debugger knows to load x64 system DLL and x86 debugger
>> knows to load x86 system DLL, the same to registry settings?
>>
>>
>> thanks in advance,
>> George
>>
>>
>>
>> —
>> You are currently subscribed to windbg as: xxxxx@vandyke.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
>
> —
> You are currently subscribed to windbg as: xxxxx@jimdonelson.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

>> I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine,

Was the weird issue that you were debugging the WOW layer of the OS, making all of your call stacks look somewhat useless? That is expected. If this is your situation, doing ‘.effmach x86’ when debugging an x86 app with an x64 debugger will be give you your proper x86 context.

Jason

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jim Donelson
Sent: Thursday, October 09, 2008 8:00 AM
To: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine

WinDbg does not use registry settings to run with.
You can install it with xcopy or run from a flash drive.
On Thu, Oct 9, 2008 at 10:53 AM, Joseph Galbraith > wrote:
Lin George wrote:
Hello everyone,

I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine, then I have tried to install x86 Windbg debugger to debug x86 binary on x64 machine, seem every weird issues is gone.

My questions,

1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No conflict?

This is what I do, and I’ve never had any trouble with it.

Thanks,

Joseph
2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?

thanks in advance,
George

—
You are currently subscribed to windbg as: xxxxx@vandyke.commailto:xxxxx
To unsubscribe send a blank email to xxxxx@lists.osr.commailto:xxxxx

—
You are currently subscribed to windbg as: xxxxx@jimdonelson.commailto:xxxxx
To unsubscribe send a blank email to xxxxx@lists.osr.commailto:xxxxx

— You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To unsubscribe send a blank email to xxxxx@lists.osr.com</mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>

On 10/9/08, Jim Donelson wrote:
> WinDbg does not use registry settings to run with.
> You can install it with xcopy or run from a flash drive.

not entirely right windbg does use registry if you have saved workspaces

lkd> !dreg hkcu\software\microsoft\windbg!
No values
lkd> !dreg hkcu\software\microsoft\windbg\workspaces!
Value: “Default” - REG_BINARY:
0000: 57 44 57 53 01 00 00 00 WDWS…
------------------------------------------------------------------------
lkd> !dreg hkcu\software\microsoft\windbg\workspaces\kernel!*
Value: “x86” - REG_BINARY:
0000: 57 44 57 53 01 00 00 00 04 00 03 00 10 00 04 00
WS…
0010: 00 00 00 00 00 00 00 00 04 00 01 00 70 02 68 02 …p.h.

How about this one I asked below? Any comments?

2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?

regards,
George

----- Original Message ----
From: Joseph Galbraith
To: Kernel Debugging Interest List
Sent: Thursday, October 9, 2008 10:53:29 PM
Subject: Re: [windbg] using x86 Windbg on x64 machine

Lin George wrote:
> Hello everyone,
>
>
> I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine, then I have tried to install x86 Windbg debugger to debug x86 binary on x64 machine, seem every weird issues is gone.
>
> My questions,
>
> 1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No conflict?

This is what I do, and I’ve never had any trouble with it.

Thanks,

Joseph

> 2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?
>
>
> thanks in advance,
> George
>
>
>
>
> —
> You are currently subscribed to windbg as: xxxxx@vandyke.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: xxxxx@yahoo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Thanks Jim. From your reply, I feel I have not made myself understood. What I mean is not whether Windbg will load registry settings correctly, but whether the dlls loaded by Windbg will read registry settings correctly, including the system DLLS and extension dlls of Winsbg itself.

regards,
George

----- Original Message ----
From: Jim Donelson
To: Kernel Debugging Interest List
Sent: Thursday, October 9, 2008 10:59:53 PM
Subject: Re: [windbg] using x86 Windbg on x64 machine

WinDbg does not use registry settings to run with.
You can install it with xcopy or run from a flash drive.

On Thu, Oct 9, 2008 at 10:53 AM, Joseph Galbraith wrote:

Lin George wrote:

Hello everyone,

I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine, then I have tried to install x86 Windbg debugger to debug x86 binary on x64 machine, seem every weird issues is gone.

My questions,

1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No conflict?

This is what I do, and I’ve never had any trouble with it.

Thanks,

Joseph

2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?

thanks in advance,
George

—
You are currently subscribed to windbg as: xxxxx@vandyke.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: xxxxx@jimdonelson.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: xxxxx@yahoo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Hi Jason,

.effmach does not solve the issue of one additonal break point in WOW64 code. Here is Windbg output. Any comments?

0:000> .effmach x86
Effective machine: x86 compatible (x86)
0:000:x86> bp main
0:000:x86> bl
?0 e x86 0000000000411450???? 0001 (0001)? 0:\*\*\*\* TestDebug1!main 0:000:x86\> g ModLoad: 0000000077d40000 0000000077eb3000?? NOT_AN_IMAGE ModLoad: 000000007d4c0000 000000007d5f0000?? NOT_AN_IMAGE ModLoad: 000000007d600000 000000007d6f0000?? C:\WINDOWS\SysWOW64\ntdll32.dll ModLoad: 0000000077d40000 0000000077eb3000?? NOT_AN_IMAGE ModLoad: 0000000077c20000 0000000077d2c000?? NOT_AN_IMAGE ModLoad: 000000007d4c0000 000000007d5f0000?? C:\WINDOWS\syswow64\kernel32.dll ModLoad: 0000000010480000 0000000010557000?? C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCP90D.dll ModLoad: 0000000010200000 0000000010323000?? C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCR90D.dll (198c.1338): WOW64 breakpoint - code 4000001f (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. ntdll32!DbgBreakPoint: 000000007d61002d cc??? int??? 3
0:000:x86> k
ChildEBP??? RetAddr???
002dfb48 7d649b01 ntdll32!DbgBreakPoint
002dfcac 7d637010 ntdll32!LdrpInitializeProcess+0x111c
002dfd0c 7d61e99d ntdll32!_LdrpInitialize+0xd0
00000000 00000000 ntdll32!KiUserApcDispatcher+0x25
0:000:x86> g
Breakpoint 0 hit
TestDebug1!main:
00000000`00411450 55??? push??? ebp
0:000:x86> k
ChildEBP??? RetAddr???
002dff68 00411b28 TestDebug1!main [d:\visual studio 2008\projects\testdebug1\testdebug1\main.cpp @ 22]
002dffb8 0041196f TestDebug1!__tmainCRTStartup+0x1a8
002dffc0 7d4e7d2a TestDebug1!mainCRTStartup+0xf
002dfff0 00000000 kernel32!BaseProcessStart+0x28

regards,
George

----- Original Message ----
From: Jason Shay
To: Kernel Debugging Interest List
Sent: Thursday, October 9, 2008 11:36:31 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine

>> I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine,
?
Was the weird issue that you were debugging the WOW layer of the OS, making all of your call stacks look somewhat useless?? That is expected.? If this is your situation, doing ?.effmach x86? when debugging an x86 app with an x64 debugger will be give you your proper x86 context.
?
Jason
?
From:xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jim Donelson
Sent: Thursday, October 09, 2008 8:00 AM
To: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine
?
WinDbg does not use registry settings to run with.
You can install it with xcopy or run from a flash drive.
On Thu, Oct 9, 2008 at 10:53 AM, Joseph Galbraith wrote:
Lin George wrote:
Hello everyone,

I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine, then I have tried to install x86 Windbg debugger to debug x86 binary on x64 machine, seem every weird issues is gone.

My questions,

1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No conflict?

This is what I do, and I’ve never had any trouble with it.

Thanks,

Joseph
2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?

thanks in advance,
George

? ? ?
—
You are currently subscribed to windbg as: xxxxx@vandyke.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: xxxxx@jimdonelson.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
?
— You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To unsubscribe send a blank email to xxxxx@lists.osr.com
—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Yes. ‘.effmach x86’ won’t be identical to running an x86 debugger. It will only affect the interpretation of state. You’re still running a 64-bit debugger against a WOW process, so you’re going to see things in the WOW environment. In the process creation case, you’ll actually get 2 ‘initial breakpoints’ (1 for native 64, and 1 for the 32 under WOW), which is what you see below.

In addition, if the debugger gets an event in the 64-bit context, it may change the view on you, and you’ll need to do another ‘.effmach x86’ to see your app’s state.

Jason

From: Lin George [mailto:xxxxx@yahoo.com]
Sent: Friday, October 10, 2008 1:12 AM
To: Jason Shay
Cc: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine

Hi Jason,

.effmach does not solve the issue of one additonal break point in WOW64 code. Here is Windbg output. Any comments?

0:000> .effmach x86
Effective machine: x86 compatible (x86)
0:000:x86> bp main
0:000:x86> bl
0 e x86 0000000000411450 0001 (0001) 0:\*\*\*\* TestDebug1!main 0:000:x86\> g ModLoad: 0000000077d40000 0000000077eb3000 NOT_AN_IMAGE ModLoad: 000000007d4c0000 000000007d5f0000 NOT_AN_IMAGE ModLoad: 000000007d600000 000000007d6f0000 C:\WINDOWS\SysWOW64\ntdll32.dll ModLoad: 0000000077d40000 0000000077eb3000 NOT_AN_IMAGE ModLoad: 0000000077c20000 0000000077d2c000 NOT_AN_IMAGE ModLoad: 000000007d4c0000 000000007d5f0000 C:\WINDOWS\syswow64\kernel32.dll ModLoad: 0000000010480000 0000000010557000 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCP90D.dll ModLoad: 0000000010200000 0000000010323000 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCR90D.dll (198c.1338): WOW64 breakpoint - code 4000001f (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. ntdll32!DbgBreakPoint: 000000007d61002d cc int 3
0:000:x86> k
ChildEBP RetAddr
002dfb48 7d649b01 ntdll32!DbgBreakPoint
002dfcac 7d637010 ntdll32!LdrpInitializeProcess+0x111c
002dfd0c 7d61e99d ntdll32!_LdrpInitialize+0xd0
00000000 00000000 ntdll32!KiUserApcDispatcher+0x25
0:000:x86> g
Breakpoint 0 hit
TestDebug1!main:
00000000`00411450 55 push ebp
0:000:x86> k
ChildEBP RetAddr
002dff68 00411b28 TestDebug1!main [d:\visual studio 2008\projects\testdebug1\testdebug1\main.cpp @ 22]
002dffb8 0041196f TestDebug1!__tmainCRTStartup+0x1a8
002dffc0 7d4e7d2a TestDebug1!mainCRTStartup+0xf
002dfff0 00000000 kernel32!BaseProcessStart+0x28

regards,
George

----- Original Message ----
From: Jason Shay
To: Kernel Debugging Interest List
Sent: Thursday, October 9, 2008 11:36:31 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine
>> I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine,

Was the weird issue that you were debugging the WOW layer of the OS, making all of your call stacks look somewhat useless? That is expected. If this is your situation, doing ?.effmach x86? when debugging an x86 app with an x64 debugger will be give you your proper x86 context.

Jason

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jim Donelson
Sent: Thursday, October 09, 2008 8:00 AM
To: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine

WinDbg does not use registry settings to run with.
You can install it with xcopy or run from a flash drive.
On Thu, Oct 9, 2008 at 10:53 AM, Joseph Galbraith > wrote:
Lin George wrote:
Hello everyone,

I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine, then I have tried to install x86 Windbg debugger to debug x86 binary on x64 machine, seem every weird issues is gone.

My questions,

1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No conflict?

This is what I do, and I’ve never had any trouble with it.

Thanks,

Joseph
2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?

thanks in advance,
George

—
You are currently subscribed to windbg as: xxxxx@vandyke.commailto:xxxxx
To unsubscribe send a blank email to xxxxx@lists.osr.commailto:xxxxx

—
You are currently subscribed to windbg as: xxxxx@jimdonelson.commailto:xxxxx
To unsubscribe send a blank email to xxxxx@lists.osr.commailto:xxxxx

— You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>

Lin George wrote:

Thanks Jim. From your reply, I feel I have not made myself understood.
What I mean is not whether Windbg will load registry settings
correctly, but whether the dlls loaded by Windbg will read registry
settings correctly, including the system DLLS and extension dlls of
Winsbg itself.

George, you’re not using common sense.

Win64 supports both 32-bit and 64-bit applications, and has done so for
quite a long time, relatively speaking. It would not be able to do so
if it weren’t able to keep the two environments straight.

Think for a moment about the kinds of things WinDbg probably stores in
the registry. It’s stuff like your settings, your window layouts, your
source file locations, etc. Basically, it’s the kind of thing that you
would want to use in BOTH environments. That is, it shouldn’t matter to
you, the user, whether you are debugging an x86 app or an x64 app. Your
WinDbg settings should be there.

You are once again drilling in to a level of detail that is not useful.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Hi Jason,

I am wondering in what?situation should we use?.effmach command other than using an x86 debugger? From my issue discussed below, I did not see any benefits and fix of issues (e.g. additional break points in WOW code) when using .effmach.

It is appreciated if you could show some benefits of .effnach, especially the benefits which we do not have when use an x86 debugger on x64 machine.

regards,
George

----- Original Message ----
From: Jason Shay
To: Lin George
Cc: Kernel Debugging Interest List
Sent: Friday, October 10, 2008 10:56:06 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine

Yes.? ?.effmach x86?? won?t be identical to running an x86 debugger.? It will only affect the interpretation of state.? You?re still running a 64-bit debugger against a WOW process, so you?re going to see things in the WOW environment. ?In the process creation case, you?ll actually get 2 ?initial breakpoints? (1 for native 64, and 1 for the 32 under WOW), which is what you see below.
?
In addition, if the debugger gets an event in the 64-bit context, it may change the view on you, and you?ll need to do another ?.effmach x86? to see your app?s state.
?
Jason
?
From:Lin George [mailto:xxxxx@yahoo.com]
Sent: Friday, October 10, 2008 1:12 AM
To: Jason Shay
Cc: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine
?
Hi Jason,
?
.effmach does not solve the issue of one additonal break point in WOW64 code. Here is Windbg output. Any comments?
?
--------------------
0:000> .effmach x86
Effective machine: x86 compatible (x86)
0:000:x86> bp main
0:000:x86> bl
?0 e x86 0000000000411450???? 0001 (0001)? 0: **** TestDebug1!main<br>0:000:x86&gt; g<br>ModLoad: 0000000077d40000 0000000077eb3000?? NOT_AN_IMAGE<br>ModLoad: 000000007d4c0000 000000007d5f0000?? NOT_AN_IMAGE<br>ModLoad: 000000007d600000 000000007d6f0000?? C:\WINDOWS\SysWOW64\ntdll32.dll<br>ModLoad: 0000000077d40000 0000000077eb3000?? NOT_AN_IMAGE<br>ModLoad: 0000000077c20000 0000000077d2c000?? NOT_AN_IMAGE<br>ModLoad: 000000007d4c0000 000000007d5f0000?? C:\WINDOWS\syswow64\kernel32.dll<br>ModLoad: 0000000010480000 0000000010557000?? C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCP90D.dll<br>ModLoad: 0000000010200000 0000000010323000?? C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCR90D.dll<br>(198c.1338): WOW64 breakpoint - code 4000001f (first chance)<br>First chance exceptions are reported before any exception handling.<br>This exception may be expected and handled.<br>ntdll32!DbgBreakPoint:<br>000000007d61002d cc??? int??? 3
0:000:x86> k
ChildEBP??? RetAddr???
002dfb48 7d649b01 ntdll32!DbgBreakPoint
002dfcac 7d637010 ntdll32!LdrpInitializeProcess+0x111c
002dfd0c 7d61e99d ntdll32!_LdrpInitialize+0xd0
00000000 00000000 ntdll32!KiUserApcDispatcher+0x25
0:000:x86> g
Breakpoint 0 hit
TestDebug1!main:
00000000`00411450 55??? push??? ebp
0:000:x86> k
ChildEBP??? RetAddr???
002dff68 00411b28 TestDebug1!main [d:\visual studio 2008\projects\testdebug1\testdebug1\main.cpp @ 22]
002dffb8 0041196f TestDebug1!__tmainCRTStartup+0x1a8
002dffc0 7d4e7d2a TestDebug1!mainCRTStartup+0xf
002dfff0 00000000 kernel32!BaseProcessStart+0x28
--------------------
?
regards,
George
?
----- Original Message ----
From: Jason Shay
To: Kernel Debugging Interest List
Sent: Thursday, October 9, 2008 11:36:31 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine
>> I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine,
?
Was the weird issue that you were debugging the WOW layer of the OS, making all of your call stacks look somewhat useless?? That is expected.? If this is your situation, doing ?.effmach x86? when debugging an x86 app with an x64 debugger will be give you your proper x86 context.
?
Jason
?
From:xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jim Donelson
Sent: Thursday, October 09, 2008 8:00 AM
To: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine
?
WinDbg does not use registry settings to run with.
You can install it with xcopy or run from a flash drive.
On Thu, Oct 9, 2008 at 10:53 AM, Joseph Galbraith wrote:
Lin George wrote:
Hello everyone,

I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine, then I have tried to install x86 Windbg debugger to debug x86 binary on x64 machine, seem every weird issues is gone.

My questions,

1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No conflict?

This is what I do, and I’ve never had any trouble with it.

Thanks,

Joseph
2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?

thanks in advance,
George

? ? ?
—
You are currently subscribed to windbg as: xxxxx@vandyke.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: xxxxx@jimdonelson.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
?
— You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Thanks Tim,

Good to know using two debuggers on the same machine is fine. No conflciting.

regards,
George

----- Original Message ----
From: Tim Roberts
To: Kernel Debugging Interest List
Sent: Saturday, October 11, 2008 12:49:01 AM
Subject: Re: [windbg] using x86 Windbg on x64 machine

Lin George wrote:
> Thanks Jim. From your reply, I feel I have not made myself understood.
> What I mean is not whether Windbg will load registry settings
> correctly, but whether the dlls loaded by Windbg will read registry
> settings correctly, including the system DLLS and extension dlls of
> Winsbg itself.

George, you’re not using common sense.

Win64 supports both 32-bit and 64-bit applications, and has done so for
quite a long time, relatively speaking.? It would not be able to do so
if it weren’t able to keep the two environments straight.

Think for a moment about the kinds of things WinDbg probably stores in
the registry.? It’s stuff like your settings, your window layouts, your
source file locations, etc.? Basically, it’s the kind of thing that you
would want to use in BOTH environments.? That is, it shouldn’t matter to
you, the user, whether you are debugging an x86 app or an x64 app.? Your
WinDbg settings should be there.

You are once again drilling in to a level of detail that is not useful.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

—
You are currently subscribed to windbg as: xxxxx@yahoo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

In general, there is no benefit to using the x64 debugger in preference to the x86 debugger if you’re debugging an x86 app.

Unless you are debugging the WOW64 layer itself, or the part of process initialization that occurs before the 32-bit ntdll is loaded, the x86 debugger will likely be simpler to use and capable of doing everything that you need to do.

Otherwise, you’re just introducing extra complexity into the mix.

• S

From: Lin George
Sent: Saturday, October 11, 2008 05:01
To: Kernel Debugging Interest List
Cc: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine

Hi Jason,

I am wondering in what situation should we use .effmach command other than using an x86 debugger? From my issue discussed below, I did not see any benefits and fix of issues (e.g. additional break points in WOW code) when using .effmach.

It is appreciated if you could show some benefits of .effnach, especially the benefits which we do not have when use an x86 debugger on x64 machine.

regards,
George
----- Original Message ----
From: Jason Shay
To: Lin George
Cc: Kernel Debugging Interest List
Sent: Friday, October 10, 2008 10:56:06 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine

Yes. ?.effmach x86? won?t be identical to running an x86 debugger. It will only affect the interpretation of state. You?re still running a 64-bit debugger against a WOW process, so you?re going to see things in the WOW environment. In the process creation case, you?ll actually get 2 ?initial breakpoints? (1 for native 64, and 1 for the 32 under WOW), which is what you see below.

In addition, if the debugger gets an event in the 64-bit context, it may change the view on you, and you?ll need to do another ?.effmach x86? to see your app?s state.

Jason

From: Lin George [mailto:xxxxx@yahoo.com]
Sent: Friday, October 10, 2008 1:12 AM
To: Jason Shay
Cc: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine

Hi Jason,

.effmach does not solve the issue of one additonal break point in WOW64 code. Here is Windbg output. Any comments?

--------------------
0:000> .effmach x86
Effective machine: x86 compatible (x86)
0:000:x86> bp main
0:000:x86> bl
0 e x86 0000000000411450 0001 (0001) 0: **** TestDebug1!main<br>0:000:x86&gt; g<br>ModLoad: 0000000077d40000 0000000077eb3000 NOT_AN_IMAGE<br>ModLoad: 000000007d4c0000 000000007d5f0000 NOT_AN_IMAGE<br>ModLoad: 000000007d600000 000000007d6f0000 C:\WINDOWS\SysWOW64\ntdll32.dll<br>ModLoad: 0000000077d40000 0000000077eb3000 NOT_AN_IMAGE<br>ModLoad: 0000000077c20000 0000000077d2c000 NOT_AN_IMAGE<br>ModLoad: 000000007d4c0000 000000007d5f0000 C:\WINDOWS\syswow64\kernel32.dll<br>ModLoad: 0000000010480000 0000000010557000 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCP90D.dll<br>ModLoad: 0000000010200000 0000000010323000 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCR90D.dll<br>(198c.1338): WOW64 breakpoint - code 4000001f (first chance)<br>First chance exceptions are reported before any exception handling.<br>This exception may be expected and handled.<br>ntdll32!DbgBreakPoint:<br>000000007d61002d cc int 3
0:000:x86> k
ChildEBP RetAddr
002dfb48 7d649b01 ntdll32!DbgBreakPoint
002dfcac 7d637010 ntdll32!LdrpInitializeProcess+0x111c
002dfd0c 7d61e99d ntdll32!_LdrpInitialize+0xd0
00000000 00000000 ntdll32!KiUserApcDispatcher+0x25
0:000:x86> g
Breakpoint 0 hit
TestDebug1!main:
00000000`00411450 55 push ebp
0:000:x86> k
ChildEBP RetAddr
002dff68 00411b28 TestDebug1!main [d:\visual studio 2008\projects\testdebug1\testdebug1\main.cpp @ 22]
002dffb8 0041196f TestDebug1!__tmainCRTStartup+0x1a8
002dffc0 7d4e7d2a TestDebug1!mainCRTStartup+0xf
002dfff0 00000000 kernel32!BaseProcessStart+0x28
--------------------

regards,
George

----- Original Message ----
From: Jason Shay
To: Kernel Debugging Interest List
Sent: Thursday, October 9, 2008 11:36:31 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine
>> I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine,

Was the weird issue that you were debugging the WOW layer of the OS, making all of your call stacks look somewhat useless? That is expected. If this is your situation, doing ?.effmach x86? when debugging an x86 app with an x64 debugger will be give you your proper x86 context.

Jason

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jim Donelson
Sent: Thursday, October 09, 2008 8:00 AM
To: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine

WinDbg does not use registry settings to run with.
You can install it with xcopy or run from a flash drive.
On Thu, Oct 9, 2008 at 10:53 AM, Joseph Galbraith > wrote:
Lin George wrote:
Hello everyone,

I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine, then I have tried to install x86 Windbg debugger to debug x86 binary on x64 machine, seem every weird issues is gone.

My questions,

1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No conflict?

This is what I do, and I’ve never had any trouble with it.

Thanks,

Joseph
2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?

thanks in advance,
George

—
You are currently subscribed to windbg as: xxxxx@vandyke.commailto:xxxxx
To unsubscribe send a blank email to xxxxx@lists.osr.commailto:xxxxx

—
You are currently subscribed to windbg as: xxxxx@jimdonelson.commailto:xxxxx
To unsubscribe send a blank email to xxxxx@lists.osr.commailto:xxxxx

— You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>

“WOW64 layer itself, or the part of process initialization that occurs before the 32-bit ntdll is loaded” – why I am not able to debug this part? Because when run an x86 program on x64, x64 initialization code runs first and then loads the x86 emulator (WOW64) – this part of code is x64, and x86 debugger can not debug x64 code?
?
?
regards,
George

----- Original Message ----
From: Skywing
To: Kernel Debugging Interest List
Sent: Saturday, October 11, 2008 11:00:32 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine

In general, there is no benefit to using the x64 debugger in preference to the x86 debugger if you’re debugging an x86 app.

Unless you are debugging the WOW64 layer itself, or the part of process initialization that occurs before the 32-bit ntdll is loaded, the x86 debugger will likely be simpler to use and capable of doing everything that you need to do.

Otherwise, you’re just introducing extra complexity into the mix.

- S

________________________________
From: Lin George
Sent: Saturday, October 11, 2008 05:01
To: Kernel Debugging Interest List
Cc: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine

Hi Jason,

I am wondering in what?situation should we use?.effmach command other than using an x86 debugger? From my issue discussed below, I did not see any benefits and fix of issues (e.g. additional break points in WOW code) when using .effmach.

It is appreciated if you could show some benefits of .effnach, especially the benefits which we do not have when use an x86 debugger on x64 machine.

regards,
George

----- Original Message ----
From: Jason Shay
To: Lin George
Cc: Kernel Debugging Interest List
Sent: Friday, October 10, 2008 10:56:06 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine

Yes.? ?.effmach x86?? won?t be identical to running an x86 debugger.? It will only affect the interpretation of state.? You?re still running a 64-bit debugger against a WOW process, so you?re going to see things in the WOW environment. ?In the process creation case, you?ll actually get 2 ?initial breakpoints? (1 for native 64, and 1 for the 32 under WOW), which is what you see below.
?
In addition, if the debugger gets an event in the 64-bit context, it may change the view on you, and you?ll need to do another ?.effmach x86? to see your app?s state.
?
Jason
?
From:Lin George [mailto:xxxxx@yahoo.com]
Sent: Friday, October 10, 2008 1:12 AM
To: Jason Shay
Cc: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine
?
Hi Jason,
?
.effmach does not solve the issue of one additonal break point in WOW64 code. Here is Windbg output. Any comments?
?
--------------------
0:000> .effmach x86
Effective machine: x86 compatible (x86)
0:000:x86> bp main
0:000:x86> bl
?0 e x86 0000000000411450???? 0001 (0001)? 0: **** TestDebug1!main<br>0:000:x86&gt; g<br>ModLoad: 0000000077d40000 0000000077eb3000?? NOT_AN_IMAGE<br>ModLoad: 000000007d4c0000 000000007d5f0000?? NOT_AN_IMAGE<br>ModLoad: 000000007d600000 000000007d6f0000?? C:\WINDOWS\SysWOW64\ntdll32.dll<br>ModLoad: 0000000077d40000 0000000077eb3000?? NOT_AN_IMAGE<br>ModLoad: 0000000077c20000 0000000077d2c000?? NOT_AN_IMAGE<br>ModLoad: 000000007d4c0000 000000007d5f0000?? C:\WINDOWS\syswow64\kernel32.dll<br>ModLoad: 0000000010480000 0000000010557000?? C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCP90D.dll<br>ModLoad: 0000000010200000 0000000010323000?? C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCR90D.dll<br>(198c.1338): WOW64 breakpoint - code 4000001f (first chance)<br>First chance exceptions are reported before any exception handling.<br>This exception may be expected and handled.<br>ntdll32!DbgBreakPoint:<br>000000007d61002d cc??? int??? 3
0:000:x86> k
ChildEBP??? RetAddr???
002dfb48 7d649b01 ntdll32!DbgBreakPoint
002dfcac 7d637010 ntdll32!LdrpInitializeProcess+0x111c
002dfd0c 7d61e99d ntdll32!_LdrpInitialize+0xd0
00000000 00000000 ntdll32!KiUserApcDispatcher+0x25
0:000:x86> g
Breakpoint 0 hit
TestDebug1!main:
00000000`00411450 55??? push??? ebp
0:000:x86> k
ChildEBP??? RetAddr???
002dff68 00411b28 TestDebug1!main [d:\visual studio 2008\projects\testdebug1\testdebug1\main.cpp @ 22]
002dffb8 0041196f TestDebug1!__tmainCRTStartup+0x1a8
002dffc0 7d4e7d2a TestDebug1!mainCRTStartup+0xf
002dfff0 00000000 kernel32!BaseProcessStart+0x28
--------------------
?
regards,
George
?
----- Original Message ----
From: Jason Shay
To: Kernel Debugging Interest List
Sent: Thursday, October 9, 2008 11:36:31 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine
>> I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine,
?
Was the weird issue that you were debugging the WOW layer of the OS, making all of your call stacks look somewhat useless?? That is expected.? If this is your situation, doing ?.effmach x86? when debugging an x86 app with an x64 debugger will be give you your proper x86 context.
?
Jason
?
From:xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jim Donelson
Sent: Thursday, October 09, 2008 8:00 AM
To: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine
?
WinDbg does not use registry settings to run with.
You can install it with xcopy or run from a flash drive.
On Thu, Oct 9, 2008 at 10:53 AM, Joseph Galbraith wrote:
Lin George wrote:
Hello everyone,

I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine, then I have tried to install x86 Windbg debugger to debug x86 binary on x64 machine, seem every weird issues is gone.

My questions,

1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No conflict?

This is what I do, and I’ve never had any trouble with it.

Thanks,

Joseph
2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?

thanks in advance,
George

? ? ?
—
You are currently subscribed to windbg as: xxxxx@vandyke.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: xxxxx@jimdonelson.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
?
— You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
?

—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

That is what I said, yes.

• S

From: Lin George [mailto:xxxxx@yahoo.com]
Sent: Monday, October 13, 2008 10:25 AM
To: Skywing
Cc: xxxxx@lists.osr.com
Subject: Re: [windbg] using x86 Windbg on x64 machine

“WOW64 layer itself, or the part of process initialization that occurs before the 32-bit ntdll is loaded” – why I am not able to debug this part? Because when run an x86 program on x64, x64 initialization code runs first and then loads the x86 emulator (WOW64) – this part of code is x64, and x86 debugger can not debug x64 code?

regards,

George
----- Original Message ----
From: Skywing
To: Kernel Debugging Interest List
Sent: Saturday, October 11, 2008 11:00:32 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine

In general, there is no benefit to using the x64 debugger in preference to the x86 debugger if you’re debugging an x86 app.

Unless you are debugging the WOW64 layer itself, or the part of process initialization that occurs before the 32-bit ntdll is loaded, the x86 debugger will likely be simpler to use and capable of doing everything that you need to do.

Otherwise, you’re just introducing extra complexity into the mix.

- S
________________________________
From: Lin George
Sent: Saturday, October 11, 2008 05:01
To: Kernel Debugging Interest List
Cc: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine
Hi Jason,

I am wondering in what situation should we use .effmach command other than using an x86 debugger? From my issue discussed below, I did not see any benefits and fix of issues (e.g. additional break points in WOW code) when using .effmach.

It is appreciated if you could show some benefits of .effnach, especially the benefits which we do not have when use an x86 debugger on x64 machine.

regards,
George
----- Original Message ----
From: Jason Shay
To: Lin George
Cc: Kernel Debugging Interest List
Sent: Friday, October 10, 2008 10:56:06 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine
Yes. ?.effmach x86? won?t be identical to running an x86 debugger. It will only affect the interpretation of state. You?re still running a 64-bit debugger against a WOW process, so you?re going to see things in the WOW environment. In the process creation case, you?ll actually get 2 ?initial breakpoints? (1 for native 64, and 1 for the 32 under WOW), which is what you see below.

In addition, if the debugger gets an event in the 64-bit context, it may change the view on you, and you?ll need to do another ?.effmach x86? to see your app?s state.

Jason

From: Lin George [mailto:xxxxx@yahoo.com]
Sent: Friday, October 10, 2008 1:12 AM
To: Jason Shay
Cc: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine

Hi Jason,

.effmach does not solve the issue of one additonal break point in WOW64 code. Here is Windbg output. Any comments?

--------------------
0:000> .effmach x86
Effective machine: x86 compatible (x86)
0:000:x86> bp main
0:000:x86> bl
0 e x86 0000000000411450 0001 (0001) 0: **** TestDebug1!main<br>0:000:x86&gt; g<br>ModLoad: 0000000077d40000 0000000077eb3000 NOT_AN_IMAGE<br>ModLoad: 000000007d4c0000 000000007d5f0000 NOT_AN_IMAGE<br>ModLoad: 000000007d600000 000000007d6f0000 C:\WINDOWS\SysWOW64\ntdll32.dll<br>ModLoad: 0000000077d40000 0000000077eb3000 NOT_AN_IMAGE<br>ModLoad: 0000000077c20000 0000000077d2c000 NOT_AN_IMAGE<br>ModLoad: 000000007d4c0000 000000007d5f0000 C:\WINDOWS\syswow64\kernel32.dll<br>ModLoad: 0000000010480000 0000000010557000 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCP90D.dll<br>ModLoad: 0000000010200000 0000000010323000 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCR90D.dll<br>(198c.1338): WOW64 breakpoint - code 4000001f (first chance)<br>First chance exceptions are reported before any exception handling.<br>This exception may be expected and handled.<br>ntdll32!DbgBreakPoint:<br>000000007d61002d cc int 3
0:000:x86> k
ChildEBP RetAddr
002dfb48 7d649b01 ntdll32!DbgBreakPoint
002dfcac 7d637010 ntdll32!LdrpInitializeProcess+0x111c
002dfd0c 7d61e99d ntdll32!_LdrpInitialize+0xd0
00000000 00000000 ntdll32!KiUserApcDispatcher+0x25
0:000:x86> g
Breakpoint 0 hit
TestDebug1!main:
00000000`00411450 55 push ebp
0:000:x86> k
ChildEBP RetAddr
002dff68 00411b28 TestDebug1!main [d:\visual studio 2008\projects\testdebug1\testdebug1\main.cpp @ 22]
002dffb8 0041196f TestDebug1!__tmainCRTStartup+0x1a8
002dffc0 7d4e7d2a TestDebug1!mainCRTStartup+0xf
002dfff0 00000000 kernel32!BaseProcessStart+0x28
--------------------

regards,
George

----- Original Message ----
From: Jason Shay
To: Kernel Debugging Interest List
Sent: Thursday, October 9, 2008 11:36:31 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine
>> I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine,

Was the weird issue that you were debugging the WOW layer of the OS, making all of your call stacks look somewhat useless? That is expected. If this is your situation, doing ?.effmach x86? when debugging an x86 app with an x64 debugger will be give you your proper x86 context.

Jason

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jim Donelson
Sent: Thursday, October 09, 2008 8:00 AM
To: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine

WinDbg does not use registry settings to run with.
You can install it with xcopy or run from a flash drive.
On Thu, Oct 9, 2008 at 10:53 AM, Joseph Galbraith > wrote:
Lin George wrote:
Hello everyone,

I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine, then I have tried to install x86 Windbg debugger to debug x86 binary on x64 machine, seem every weird issues is gone.

My questions,

1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No conflict?

This is what I do, and I’ve never had any trouble with it.

Thanks,

Joseph
2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?

thanks in advance,
George

—
You are currently subscribed to windbg as: xxxxx@vandyke.commailto:xxxxx
To unsubscribe send a blank email to xxxxx@lists.osr.commailto:xxxxx

—
You are currently subscribed to windbg as: xxxxx@jimdonelson.commailto:xxxxx
To unsubscribe send a blank email to xxxxx@lists.osr.commailto:xxxxx

— You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>

Thanks Skywing,

Question answered!

regards,
George

----- Original Message ----
From: Skywing
To: Kernel Debugging Interest List
Cc: “xxxxx@lists.osr.com”
Sent: Monday, October 13, 2008 10:25:53 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine

That is what I said, yes.
?
- S
?
From:Lin George [mailto:xxxxx@yahoo.com]
Sent: Monday, October 13, 2008 10:25 AM
To: Skywing
Cc: xxxxx@lists.osr.com
Subject: Re: [windbg] using x86 Windbg on x64 machine
?
“WOW64 layer itself, or the part of process initialization that occurs before the 32-bit ntdll is loaded” – why I am not able to debug this part? Because when run an x86 program on x64, x64 initialization code runs first and then loads the x86 emulator (WOW64) – this part of code is x64, and x86 debugger can not debug x64 code?
?
?
regards,
George
----- Original Message ----
From: Skywing
To: Kernel Debugging Interest List
Sent: Saturday, October 11, 2008 11:00:32 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine

In general, there is no benefit to using the x64 debugger in preference to the x86 debugger if you’re debugging an x86 app.

Unless you are debugging the WOW64 layer itself, or the part of process initialization that occurs before the 32-bit ntdll is loaded, the x86 debugger will likely be simpler to use and capable of doing everything that you need to do.

Otherwise, you’re just introducing extra complexity into the mix.

- S

________________________________

From: Lin George
Sent: Saturday, October 11, 2008 05:01
To: Kernel Debugging Interest List
Cc: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine
Hi Jason,
?
I am wondering in what?situation should we use?.effmach command other than using an x86 debugger? From my issue discussed below, I did not see any benefits and fix of issues (e.g. additional break points in WOW code) when using .effmach.
?
It is appreciated if you could show some benefits of .effnach, especially the benefits which we do not have when use an x86 debugger on x64 machine.
?
?
regards,
George
----- Original Message ----
From: Jason Shay
To: Lin George
Cc: Kernel Debugging Interest List
Sent: Friday, October 10, 2008 10:56:06 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine
Yes.? ?.effmach x86?? won?t be identical to running an x86 debugger.? It will only affect the interpretation of state.? You?re still running a 64-bit debugger against a WOW process, so you?re going to see things in the WOW environment. ?In the process creation case, you?ll actually get 2 ?initial breakpoints?(1 for native 64, and 1 for the 32 under WOW), which is what you see below.
?
In addition, if the debugger gets an event in the 64-bit context, it may change the view on you, and you?ll need to do another ?.effmach x86?to see your app?s state.
?
Jason
?
From:Lin George [mailto:xxxxx@yahoo.com]
Sent: Friday, October 10, 2008 1:12 AM
To: Jason Shay
Cc: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine
?
Hi Jason,
?
.effmach does not solve the issue of one additonal break point in WOW64 code. Here is Windbg output. Any comments?
?
--------------------
0:000> .effmach x86
Effective machine: x86 compatible (x86)
0:000:x86> bp main
0:000:x86> bl
?0 e x86 0000000000411450???? 0001 (0001)? 0: **** TestDebug1!main<br>0:000:x86&gt; g<br>ModLoad: 0000000077d40000 0000000077eb3000?? NOT_AN_IMAGE<br>ModLoad: 000000007d4c0000 000000007d5f0000?? NOT_AN_IMAGE<br>ModLoad: 000000007d600000 000000007d6f0000?? C:\WINDOWS\SysWOW64\ntdll32.dll<br>ModLoad: 0000000077d40000 0000000077eb3000?? NOT_AN_IMAGE<br>ModLoad: 0000000077c20000 0000000077d2c000?? NOT_AN_IMAGE<br>ModLoad: 000000007d4c0000 000000007d5f0000?? C:\WINDOWS\syswow64\kernel32.dll<br>ModLoad: 0000000010480000 0000000010557000?? C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCP90D.dll<br>ModLoad: 0000000010200000 0000000010323000?? C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_F863C71F\MSVCR90D.dll<br>(198c.1338): WOW64 breakpoint - code 4000001f (first chance)<br>First chance exceptions are reported before any exception handling.<br>This exception may be expected and handled.<br>ntdll32!DbgBreakPoint:<br>000000007d61002d cc??? int??? 3
0:000:x86> k
ChildEBP??? RetAddr???
002dfb48 7d649b01 ntdll32!DbgBreakPoint
002dfcac 7d637010 ntdll32!LdrpInitializeProcess+0x111c
002dfd0c 7d61e99d ntdll32!_LdrpInitialize+0xd0
00000000 00000000 ntdll32!KiUserApcDispatcher+0x25
0:000:x86> g
Breakpoint 0 hit
TestDebug1!main:
00000000`00411450 55??? push??? ebp
0:000:x86> k
ChildEBP??? RetAddr???
002dff68 00411b28 TestDebug1!main [d:\visual studio 2008\projects\testdebug1\testdebug1\main.cpp @ 22]
002dffb8 0041196f TestDebug1!__tmainCRTStartup+0x1a8
002dffc0 7d4e7d2a TestDebug1!mainCRTStartup+0xf
002dfff0 00000000 kernel32!BaseProcessStart+0x28
--------------------
?
regards,
George
?
----- Original Message ----
From: Jason Shay
To: Kernel Debugging Interest List
Sent: Thursday, October 9, 2008 11:36:31 PM
Subject: RE: [windbg] using x86 Windbg on x64 machine
>> I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine,
?
Was the weird issue that you were debugging the WOW layer of the OS, making all of your call stacks look somewhat useless?? That is expected.? If this is your situation, doing ?.effmach x86?when debugging an x86 app with an x64 debugger will be give you your proper x86 context.
?
Jason
?
From:xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jim Donelson
Sent: Thursday, October 09, 2008 8:00 AM
To: Kernel Debugging Interest List
Subject: Re: [windbg] using x86 Windbg on x64 machine
?
WinDbg does not use registry settings to run with.
You can install it with xcopy or run from a flash drive.
On Thu, Oct 9, 2008 at 10:53 AM, Joseph Galbraith wrote:
Lin George wrote:
Hello everyone,

I found some weird issues when using x64 Windbg debugger to debug x86 binary on x64 machine, then I have tried to install x86 Windbg debugger to debug x86 binary on x64 machine, seem every weird issues is gone.

My questions,

1. Install two debuggers, Windbg x86 and x64 on one machine will be ok? No conflict?

This is what I do, and I’ve never had any trouble with it.

Thanks,

Joseph
2. Both debugger could automatically resolve system dependent resources – for example, x64 debugger knows to load x64 system DLL and x86 debugger knows to load x86 system DLL, the same to registry settings?

thanks in advance,
George

? ? ?
—
You are currently subscribed to windbg as: xxxxx@vandyke.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: xxxxx@jimdonelson.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
?
— You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
?

—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
?
—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com