WinDbg newbie

WINDBG
1

I am trying my hand at using WinDbg for the first time.

I am trying to debug a simple “Hello World” x64 console program. It was
built in VS 2005 using the x64 Debug configuration. It runs fine on Windows
2003 x64, but when I load it in WinDbg, I get the error listed below.

I copied Hello.exe, Hello.ilk, and Hello.pdb to the directory, but still no
luck.

Thanks for any tips. Is there any kind of step by step tutorial for WinDbg
basics?

Neil

---- error ----

Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: hello
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 0000000140000000 000000014008c000 Hello.exe
ModLoad: 0000000078ec0000 0000000078ff9000 ntdll.dll
ModLoad: 0000000077d40000 0000000077eb3000
C:\WINDOWS\system32\kernel32.dll
ModLoad: 0000000078c30000 0000000078d3c000
C:\WINDOWS\system32\USER32.dll
ModLoad: 000007ff7fc90000 000007ff7fd29000 C:\WINDOWS\system32\GDI32.dll
(3ac.624): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntdll.dll -
ntdll!DbgBreakPoint:
00000000`78ef3320 cc int 3

2

hello frnd,

I copied Hello.exe, Hello.ilk, and Hello.pdb to the directory, but still no
luck.

Where did you copy them? and after u did did u point windbg to them? In
‘Files’ menu u will see ways to do so.

ntdll!DbgBreakPoint:
00000000`78ef3320 cc int 3

just hit ‘g’ in the command window. u will be fine.

amit

On 7/2/07, Neil Weicher wrote:
>
> I am trying my hand at using WinDbg for the first time.
>
> I am trying to debug a simple “Hello World” x64 console program. It was
> built in VS 2005 using the x64 Debug configuration. It runs fine on
> Windows
> 2003 x64, but when I load it in WinDbg, I get the error listed below.
>
> I copied Hello.exe, Hello.ilk, and Hello.pdb to the directory, but still
> no
> luck.
>
> Thanks for any tips. Is there any kind of step by step tutorial for
> WinDbg
> basics?
>
> Neil
>
> ---- error ----
>
> Microsoft (R) Windows Debugger Version 6.7.0005.0
> Copyright (c) Microsoft Corporation. All rights reserved.
>
> CommandLine: hello
> Symbol search path is: Invalid
>
> ***
> * Symbol loading may be unreliable without a symbol search path.
>
> * Use .symfix to have the debugger choose a symbol path.
>
> * After setting your symbol path, use .reload to refresh symbol locations.
>
>
>
> Executable search path is:
> ModLoad: 0000000140000000 000000014008c000 Hello.exe
> ModLoad: 0000000078ec0000 0000000078ff9000 ntdll.dll
> ModLoad: 0000000077d40000 0000000077eb3000
> C:\WINDOWS\system32\kernel32.dll
> ModLoad: 0000000078c30000 0000000078d3c000
> C:\WINDOWS\system32\USER32.dll
> ModLoad: 000007ff7fc90000 000007ff7fd29000
> C:\WINDOWS\system32\GDI32.dll
> (3ac.624): Break instruction exception - code 80000003 (first chance)
> *** ERROR: Symbol file could not be found. Defaulted to export symbols
> for
> ntdll.dll -
> ntdll!DbgBreakPoint:
> 00000000`78ef3320 cc int 3
>
>
> —
> You are currently subscribed to windbg as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>



- amitr0

3

You need to set a symbol path. It’s the cardinal when it comes to
WinDbg. Generally speaking, WinDbg will be able to find your own code’s
symbols if you leave them right where they are. For the system modules,
enter the following at the WinDbg prompt, substituting a valid directory
on a local drive (that you don’t mind writing to) for :

.sympath srvSYMBOLCACHEhttp://msdl.microsoft.com/download/symbols

This will pull the system symbols from the Microsoft symbol server and
store them in SYMBOLCACHE.

After your done this type the following:

!sym noisy
.reload -f
lml

This may take a few minutes, but you should eventually see a list of
modules with names of pdb’s after them. If you don’t, check your symbol
path, and don’t waste your time doing anything else until this is fixed.

The “error” (ntdll!DbgBreakPoint) is normal.

I don’t know of a good tutorial. WinDbg is great once you get used to
it, but it sucks to learn, mostly due to shitty documentation.

THAT BEING SAID:

Unless this is an exercise purely to learn WinDbg, don’t do this to
yourself. For user mode, use Visual Studio, unless you need otherwise.

Good luck,

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 13:17
To: Kernel Debugging Interest List
Subject: [windbg] WinDbg newbie

I am trying my hand at using WinDbg for the first time.

I am trying to debug a simple “Hello World” x64 console program. It was
built in VS 2005 using the x64 Debug configuration. It runs fine on
Windows
2003 x64, but when I load it in WinDbg, I get the error listed below.

I copied Hello.exe, Hello.ilk, and Hello.pdb to the directory, but still
no
luck.

Thanks for any tips. Is there any kind of step by step tutorial for
WinDbg
basics?

Neil

---- error ----

Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: hello
Symbol search path is: Invalid
***************************************************************
Symbol loading may be unreliable without a symbol search path.

 Use .symfix to have the debugger choose a symbol path.

 After setting your symbol path, use .reload to refresh symbol
locations. *
*****************************************************************
Executable search path is:
ModLoad: 0000000140000000 000000014008c000 Hello.exe
ModLoad: 0000000078ec0000 0000000078ff9000 ntdll.dll
ModLoad: 0000000077d40000 0000000077eb3000
C:\WINDOWS\system32\kernel32.dll
ModLoad: 0000000078c30000 0000000078d3c000
C:\WINDOWS\system32\USER32.dll
ModLoad: 000007ff7fc90000 000007ff7fd29000
C:\WINDOWS\system32\GDI32.dll
(3ac.624): Break instruction exception - code 80000003 (first chance)
 ERROR: Symbol file could not be found. Defaulted to export symbols
for
ntdll.dll -
ntdll!DbgBreakPoint:
00000000`78ef3320 cc int 3


You are currently subscribed to windbg as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

4

Neil Weicher wrote:

I am trying my hand at using WinDbg for the first time.

I am trying to debug a simple “Hello World” x64 console program. It was
built in VS 2005 using the x64 Debug configuration. It runs fine on
Windows
2003 x64, but when I load it in WinDbg, I get the error listed below.

I copied Hello.exe, Hello.ilk, and Hello.pdb to the directory, but
still no luck.

This is not a problem. You don’t have a symbol path or a symbol server
set up, so it doesn’t have symbols for ntdll.dll. Remember that your
process does not actually start executing at your “main” entry point.
There is a vast amount of stuff that has to be set up first. Your
process starts running in the system DLLs, which allocate and configure
things, and eventually pass control to the C run-time library, which
will eventually pass control to your “main”.

If you set a breakpoint at “main” and do “g” to go, I think you’ll find
everything is A-OK.

If you do want symbols for the system DLLs (and they are helpful),
search the windbg help for information on using the Microsoft symbol server.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

5

This is expected behavior. WinDbg (and CDB/NTSD), by default, will run the program you specify until it hits the “program loaded” exception. This is a hard-coded exception early in the life of a process, long before your “main” entry point is called. This allows you to set early breakpoints, and otherwise prepare your debugger environment the way you want it. Then you can use “g” to start the program.

If you don’t want the debugger to halt the program at this early breakpoint, then specify “-g” on the command-line, e.g. “windbg -g foo.exe” (or “cdb -g foo.exe”, etc.).

Similarly, there is a “program is about to exit” breakpoint, which allows you to examine the final state of a process. You can either resume using “g”, or you can specify -G, similar to -g, to have the debugger ignore this final breakpoint.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 10:17 AM
To: Kernel Debugging Interest List
Subject: [windbg] WinDbg newbie

I am trying my hand at using WinDbg for the first time.

I am trying to debug a simple “Hello World” x64 console program. It was
built in VS 2005 using the x64 Debug configuration. It runs fine on Windows
2003 x64, but when I load it in WinDbg, I get the error listed below.

I copied Hello.exe, Hello.ilk, and Hello.pdb to the directory, but still no
luck.

Thanks for any tips. Is there any kind of step by step tutorial for WinDbg
basics?

Neil

---- error ----

Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: hello
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 0000000140000000 000000014008c000 Hello.exe
ModLoad: 0000000078ec0000 0000000078ff9000 ntdll.dll
ModLoad: 0000000077d40000 0000000077eb3000
C:\WINDOWS\system32\kernel32.dll
ModLoad: 0000000078c30000 0000000078d3c000
C:\WINDOWS\system32\USER32.dll
ModLoad: 000007ff7fc90000 000007ff7fd29000 C:\WINDOWS\system32\GDI32.dll
(3ac.624): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntdll.dll -
ntdll!DbgBreakPoint:
00000000`78ef3320 cc int 3

You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

6

Thanks to all of you for your help. You were all correct and it was
positioning me at the start of the module.

Now onto the next problem. I am only seeing Assembler code in the Command
window, no C code at all.

I copied the hello.c and hello.pdb to the directory where hello.exe. I then
run:

windbg hello.exe
g main

As expected it breaks at main. However all I see is Assembler code.

When building, I tried using Auto and Native Only under Debugging
configuration, but got the same results with both.

Thanks again for any tips.

7

Somewhere on one of the menus there is an option that talks about source
mode debugging.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 21:47
To: Kernel Debugging Interest List
Subject: Re: [windbg] WinDbg newbie

Thanks to all of you for your help. You were all correct and it was
positioning me at the start of the module.

Now onto the next problem. I am only seeing Assembler code in the
Command
window, no C code at all.

I copied the hello.c and hello.pdb to the directory where hello.exe. I
then
run:

windbg hello.exe
g main

As expected it breaks at main. However all I see is Assembler code.

When building, I tried using Auto and Native Only under Debugging
configuration, but got the same results with both.

Thanks again for any tips.

You are currently subscribed to windbg as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

8

Yes, thanks. Source Mode debugging is turned on.

----- Original Message -----
From: “Martin O’Brien”
To: “Kernel Debugging Interest List”
Sent: Tuesday, July 03, 2007 5:14 AM
Subject: RE: [windbg] WinDbg newbie

Somewhere on one of the menus there is an option that talks about source
mode debugging.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 21:47
To: Kernel Debugging Interest List
Subject: Re: [windbg] WinDbg newbie

Thanks to all of you for your help. You were all correct and it was
positioning me at the start of the module.

Now onto the next problem. I am only seeing Assembler code in the
Command
window, no C code at all.

I copied the hello.c and hello.pdb to the directory where hello.exe. I
then
run:

windbg hello.exe
g main

As expected it breaks at main. However all I see is Assembler code.

When building, I tried using Auto and Native Only under Debugging
configuration, but got the same results with both.

Thanks again for any tips.


You are currently subscribed to windbg as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

9

Are you still not seeing any source code, or are you OK?

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Tuesday, July 03, 2007 05:55
To: Kernel Debugging Interest List
Subject: Re: [windbg] WinDbg newbie

Yes, thanks. Source Mode debugging is turned on.

----- Original Message -----
From: “Martin O’Brien”
To: “Kernel Debugging Interest List”
Sent: Tuesday, July 03, 2007 5:14 AM
Subject: RE: [windbg] WinDbg newbie

Somewhere on one of the menus there is an option that talks about source
mode debugging.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 21:47
To: Kernel Debugging Interest List
Subject: Re: [windbg] WinDbg newbie

Thanks to all of you for your help. You were all correct and it was
positioning me at the start of the module.

Now onto the next problem. I am only seeing Assembler code in the
Command
window, no C code at all.

I copied the hello.c and hello.pdb to the directory where hello.exe. I
then
run:

windbg hello.exe
g main

As expected it breaks at main. However all I see is Assembler code.

When building, I tried using Auto and Native Only under Debugging
configuration, but got the same results with both.

Thanks again for any tips.


You are currently subscribed to windbg as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

10

So, if I want to cache the symbols to c:\mydir, I would enter this?

.sympath srv*c:\mydir*http://msdl.microsoft.com/download/symbols

Thanks.

----- Original Message -----
From: “Martin O’Brien”
To: “Kernel Debugging Interest List”
Sent: Monday, July 02, 2007 1:54 PM
Subject: RE: [windbg] WinDbg newbie

You need to set a symbol path. It’s the cardinal when it comes to
WinDbg. Generally speaking, WinDbg will be able to find your own code’s
symbols if you leave them right where they are. For the system modules,
enter the following at the WinDbg prompt, substituting a valid directory
on a local drive (that you don’t mind writing to) for :

.sympath srvSYMBOLCACHEhttp://msdl.microsoft.com/download/symbols

This will pull the system symbols from the Microsoft symbol server and
store them in SYMBOLCACHE.

After your done this type the following:

!sym noisy
.reload -f
lml

This may take a few minutes, but you should eventually see a list of
modules with names of pdb’s after them. If you don’t, check your symbol
path, and don’t waste your time doing anything else until this is fixed.

The “error” (ntdll!DbgBreakPoint) is normal.

I don’t know of a good tutorial. WinDbg is great once you get used to
it, but it sucks to learn, mostly due to shitty documentation.

THAT BEING SAID:

Unless this is an exercise purely to learn WinDbg, don’t do this to
yourself. For user mode, use Visual Studio, unless you need otherwise.

Good luck,

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 13:17
To: Kernel Debugging Interest List
Subject: [windbg] WinDbg newbie

I am trying my hand at using WinDbg for the first time.

I am trying to debug a simple “Hello World” x64 console program. It was
built in VS 2005 using the x64 Debug configuration. It runs fine on
Windows
2003 x64, but when I load it in WinDbg, I get the error listed below.

I copied Hello.exe, Hello.ilk, and Hello.pdb to the directory, but still
no
luck.

Thanks for any tips. Is there any kind of step by step tutorial for
WinDbg
basics?

Neil

---- error ----

Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: hello
Symbol search path is: Invalid
***************************************************************
Symbol loading may be unreliable without a symbol search path.

 Use .symfix to have the debugger choose a symbol path.

 After setting your symbol path, use .reload to refresh symbol
locations. *
*****************************************************************
Executable search path is:
ModLoad: 0000000140000000 000000014008c000 Hello.exe
ModLoad: 0000000078ec0000 0000000078ff9000 ntdll.dll
ModLoad: 0000000077d40000 0000000077eb3000
C:\WINDOWS\system32\kernel32.dll
ModLoad: 0000000078c30000 0000000078d3c000
C:\WINDOWS\system32\USER32.dll
ModLoad: 000007ff7fc90000 000007ff7fd29000
C:\WINDOWS\system32\GDI32.dll
(3ac.624): Break instruction exception - code 80000003 (first chance)
 ERROR: Symbol file could not be found. Defaulted to export symbols
for
ntdll.dll -
ntdll!DbgBreakPoint:
00000000`78ef3320 cc int 3


You are currently subscribed to windbg as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

11

Indeed.

Also, if the lml doesn’t look good and you can’t figure out what is
going on, try adding .symopt+0x80000000. It’s like !sym, but with more
information. You’ll probably not need it anyway.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Tuesday, July 03, 2007 11:59
To: Kernel Debugging Interest List
Subject: Re: [windbg] WinDbg newbie

So, if I want to cache the symbols to c:\mydir, I would enter this?

.sympath srv*c:\mydir*http://msdl.microsoft.com/download/symbols

Thanks.

----- Original Message -----
From: “Martin O’Brien”
To: “Kernel Debugging Interest List”
Sent: Monday, July 02, 2007 1:54 PM
Subject: RE: [windbg] WinDbg newbie

You need to set a symbol path. It’s the cardinal when it comes to
WinDbg. Generally speaking, WinDbg will be able to find your own code’s
symbols if you leave them right where they are. For the system modules,
enter the following at the WinDbg prompt, substituting a valid directory
on a local drive (that you don’t mind writing to) for :

.sympath srvSYMBOLCACHEhttp://msdl.microsoft.com/download/symbols

This will pull the system symbols from the Microsoft symbol server and
store them in SYMBOLCACHE.

After your done this type the following:

!sym noisy
.reload -f
lml

This may take a few minutes, but you should eventually see a list of
modules with names of pdb’s after them. If you don’t, check your symbol
path, and don’t waste your time doing anything else until this is fixed.

The “error” (ntdll!DbgBreakPoint) is normal.

I don’t know of a good tutorial. WinDbg is great once you get used to
it, but it sucks to learn, mostly due to shitty documentation.

THAT BEING SAID:

Unless this is an exercise purely to learn WinDbg, don’t do this to
yourself. For user mode, use Visual Studio, unless you need otherwise.

Good luck,

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 13:17
To: Kernel Debugging Interest List
Subject: [windbg] WinDbg newbie

I am trying my hand at using WinDbg for the first time.

I am trying to debug a simple “Hello World” x64 console program. It was
built in VS 2005 using the x64 Debug configuration. It runs fine on
Windows
2003 x64, but when I load it in WinDbg, I get the error listed below.

I copied Hello.exe, Hello.ilk, and Hello.pdb to the directory, but still
no
luck.

Thanks for any tips. Is there any kind of step by step tutorial for
WinDbg
basics?

Neil

---- error ----

Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: hello
Symbol search path is: Invalid
***************************************************************
Symbol loading may be unreliable without a symbol search path.

 Use .symfix to have the debugger choose a symbol path.

 After setting your symbol path, use .reload to refresh symbol
locations. *
*****************************************************************
Executable search path is:
ModLoad: 0000000140000000 000000014008c000 Hello.exe
ModLoad: 0000000078ec0000 0000000078ff9000 ntdll.dll
ModLoad: 0000000077d40000 0000000077eb3000
C:\WINDOWS\system32\kernel32.dll
ModLoad: 0000000078c30000 0000000078d3c000
C:\WINDOWS\system32\USER32.dll
ModLoad: 000007ff7fc90000 000007ff7fd29000
C:\WINDOWS\system32\GDI32.dll
(3ac.624): Break instruction exception - code 80000003 (first chance)
 ERROR: Symbol file could not be found. Defaulted to export symbols
for
ntdll.dll -
ntdll!DbgBreakPoint:
00000000`78ef3320 cc int 3


You are currently subscribed to windbg as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

12

Copying the PDB should not be necessary if you built the code on the same machine. Also, setting .sympath is not necessary, if you are debugging on the same machine you built on. This is because (by default) the executable has an absolute filename reference to the PDB baked into it.

Make sure you are building your project with source-level debugging enabled. PDB files do not necessarily contain this information; you have to enable it.

What are you using to build your app? Hand-rolled makefiles? DDK? VS? Depending on what you used to build your app, source-line information may, or may not, be enabled by default.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 6:47 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] WinDbg newbie

Thanks to all of you for your help. You were all correct and it was
positioning me at the start of the module.

Now onto the next problem. I am only seeing Assembler code in the Command
window, no C code at all.

I copied the hello.c and hello.pdb to the directory where hello.exe. I then
run:

windbg hello.exe
g main

As expected it breaks at main. However all I see is Assembler code.

When building, I tried using Auto and Native Only under Debugging
configuration, but got the same results with both.

Thanks again for any tips.

You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

13

Thanks for the reply, but the build machine is different than the run/debug
machine.

How do I enable Source Level Debugging? At the moment it is just a simple
“Hello World” program built in Visual Studio 2005 for x64 mode.

In Debugging Properties I have selected “Local Windows Debugger” since I am
running and debugging on the same machine.

For Debugger Type, I have tried Auto and “Native Only” with no difference.

Thanks again for any guidance.

----- Original Message -----
From: “Arlie Davis”
To: “Kernel Debugging Interest List”
Sent: Tuesday, July 03, 2007 2:45 PM
Subject: RE: [windbg] WinDbg newbie

Copying the PDB should not be necessary if you built the code on the same
machine. Also, setting .sympath is not necessary, if you are debugging on
the same machine you built on. This is because (by default) the executable
has an absolute filename reference to the PDB baked into it.

Make sure you are building your project with source-level debugging enabled.
PDB files do not necessarily contain this information; you have to enable
it.

What are you using to build your app? Hand-rolled makefiles? DDK? VS?
Depending on what you used to build your app, source-line information may,
or may not, be enabled by default.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 6:47 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] WinDbg newbie

Thanks to all of you for your help. You were all correct and it was
positioning me at the start of the module.

Now onto the next problem. I am only seeing Assembler code in the Command
window, no C code at all.

I copied the hello.c and hello.pdb to the directory where hello.exe. I then
run:

windbg hello.exe
g main

As expected it breaks at main. However all I see is Assembler code.

When building, I tried using Auto and Native Only under Debugging
configuration, but got the same results with both.

Thanks again for any tips.


You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

14

Arlie:

Wouldn’t he need (or perhaps might wish) to set .sympath for the system
symbol files (kernel32, et. c.)?

mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Arlie Davis
Sent: Tuesday, July 03, 2007 14:46
To: Kernel Debugging Interest List
Subject: RE: [windbg] WinDbg newbie

Copying the PDB should not be necessary if you built the code on the
same machine. Also, setting .sympath is not necessary, if you are
debugging on the same machine you built on. This is because (by
default) the executable has an absolute filename reference to the PDB
baked into it.

Make sure you are building your project with source-level debugging
enabled. PDB files do not necessarily contain this information; you
have to enable it.

What are you using to build your app? Hand-rolled makefiles? DDK? VS?
Depending on what you used to build your app, source-line information
may, or may not, be enabled by default.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 6:47 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] WinDbg newbie

Thanks to all of you for your help. You were all correct and it was
positioning me at the start of the module.

Now onto the next problem. I am only seeing Assembler code in the
Command
window, no C code at all.

I copied the hello.c and hello.pdb to the directory where hello.exe. I
then
run:

windbg hello.exe
g main

As expected it breaks at main. However all I see is Assembler code.

When building, I tried using Auto and Native Only under Debugging
configuration, but got the same results with both.

Thanks again for any tips.

You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

You are currently subscribed to windbg as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

15

Yes, certainly. I was just referring to finding symbols for his own components.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Tuesday, July 03, 2007 12:09 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] WinDbg newbie

Arlie:

Wouldn’t he need (or perhaps might wish) to set .sympath for the system
symbol files (kernel32, et. c.)?

mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Arlie Davis
Sent: Tuesday, July 03, 2007 14:46
To: Kernel Debugging Interest List
Subject: RE: [windbg] WinDbg newbie

Copying the PDB should not be necessary if you built the code on the
same machine. Also, setting .sympath is not necessary, if you are
debugging on the same machine you built on. This is because (by
default) the executable has an absolute filename reference to the PDB
baked into it.

Make sure you are building your project with source-level debugging
enabled. PDB files do not necessarily contain this information; you
have to enable it.

What are you using to build your app? Hand-rolled makefiles? DDK? VS?
Depending on what you used to build your app, source-line information
may, or may not, be enabled by default.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 6:47 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] WinDbg newbie

Thanks to all of you for your help. You were all correct and it was
positioning me at the start of the module.

Now onto the next problem. I am only seeing Assembler code in the
Command
window, no C code at all.

I copied the hello.c and hello.pdb to the directory where hello.exe. I
then
run:

windbg hello.exe
g main

As expected it breaks at main. However all I see is Assembler code.

When building, I tried using Auto and Native Only under Debugging
configuration, but got the same results with both.

Thanks again for any tips.

You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

You are currently subscribed to windbg as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

16

The “Debugging” property page of VC2005 projects refers to how the debugger is invoked. It doesn’t have anything to do with what kind of debugging information is produced by the compiler when you build the project.

Go to the “General” page, under “C/C++”. Make sure “Debug Information Format” is set to “Program Database (/Zi)”. (The “edit and continue” stuff works just fine, as well.) This controls what the C/C++ compiler does when it compiles your source files. /Zi causes the compiler to emit full symbolic information.

Then go to the “Debugger” page, under the “Linker” node. Make sure “Generic Debug Info” is set to “Yes”. This controls how the linker scrapes together all of the info produced by the compiler.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Tuesday, July 03, 2007 12:07 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] WinDbg newbie

Thanks for the reply, but the build machine is different than the run/debug
machine.

How do I enable Source Level Debugging? At the moment it is just a simple
“Hello World” program built in Visual Studio 2005 for x64 mode.

In Debugging Properties I have selected “Local Windows Debugger” since I am
running and debugging on the same machine.

For Debugger Type, I have tried Auto and “Native Only” with no difference.

Thanks again for any guidance.

----- Original Message -----
From: “Arlie Davis”
To: “Kernel Debugging Interest List”
Sent: Tuesday, July 03, 2007 2:45 PM
Subject: RE: [windbg] WinDbg newbie

Copying the PDB should not be necessary if you built the code on the same
machine. Also, setting .sympath is not necessary, if you are debugging on
the same machine you built on. This is because (by default) the executable
has an absolute filename reference to the PDB baked into it.

Make sure you are building your project with source-level debugging enabled.
PDB files do not necessarily contain this information; you have to enable
it.

What are you using to build your app? Hand-rolled makefiles? DDK? VS?
Depending on what you used to build your app, source-line information may,
or may not, be enabled by default.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 6:47 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] WinDbg newbie

Thanks to all of you for your help. You were all correct and it was
positioning me at the start of the module.

Now onto the next problem. I am only seeing Assembler code in the Command
window, no C code at all.

I copied the hello.c and hello.pdb to the directory where hello.exe. I then
run:

windbg hello.exe
g main

As expected it breaks at main. However all I see is Assembler code.

When building, I tried using Auto and Native Only under Debugging
configuration, but got the same results with both.

Thanks again for any tips.


You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

17

Ok, getting a little closer each time. Thanks very much for your help.

In addition to all these commands, apparently I have to also load each
source file manually. I assume I use aliases for all that stuff?

----- Original Message -----
From: “Martin O’Brien”
To: “Kernel Debugging Interest List”
Sent: Tuesday, July 03, 2007 1:26 PM
Subject: RE: [windbg] WinDbg newbie

Indeed.

Also, if the lml doesn’t look good and you can’t figure out what is
going on, try adding .symopt+0x80000000. It’s like !sym, but with more
information. You’ll probably not need it anyway.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Tuesday, July 03, 2007 11:59
To: Kernel Debugging Interest List
Subject: Re: [windbg] WinDbg newbie

So, if I want to cache the symbols to c:\mydir, I would enter this?

.sympath srvc:\mydirhttp://msdl.microsoft.com/download/symbols

Thanks.

----- Original Message -----
From: “Martin O’Brien”
To: “Kernel Debugging Interest List”
Sent: Monday, July 02, 2007 1:54 PM
Subject: RE: [windbg] WinDbg newbie

You need to set a symbol path. It’s the cardinal when it comes to
WinDbg. Generally speaking, WinDbg will be able to find your own code’s
symbols if you leave them right where they are. For the system modules,
enter the following at the WinDbg prompt, substituting a valid directory
on a local drive (that you don’t mind writing to) for :

.sympath srvSYMBOLCACHEhttp://msdl.microsoft.com/download/symbols

This will pull the system symbols from the Microsoft symbol server and
store them in SYMBOLCACHE.

After your done this type the following:

!sym noisy
.reload -f
lml

This may take a few minutes, but you should eventually see a list of
modules with names of pdb’s after them. If you don’t, check your symbol
path, and don’t waste your time doing anything else until this is fixed.

The “error” (ntdll!DbgBreakPoint) is normal.

I don’t know of a good tutorial. WinDbg is great once you get used to
it, but it sucks to learn, mostly due to shitty documentation.

THAT BEING SAID:

Unless this is an exercise purely to learn WinDbg, don’t do this to
yourself. For user mode, use Visual Studio, unless you need otherwise.

Good luck,

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Monday, July 02, 2007 13:17
To: Kernel Debugging Interest List
Subject: [windbg] WinDbg newbie

I am trying my hand at using WinDbg for the first time.

I am trying to debug a simple “Hello World” x64 console program. It was
built in VS 2005 using the x64 Debug configuration. It runs fine on
Windows
2003 x64, but when I load it in WinDbg, I get the error listed below.

I copied Hello.exe, Hello.ilk, and Hello.pdb to the directory, but still
no
luck.

Thanks for any tips. Is there any kind of step by step tutorial for
WinDbg
basics?

Neil

---- error ----

Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: hello
Symbol search path is: Invalid
***************************************************************
Symbol loading may be unreliable without a symbol search path.

 Use .symfix to have the debugger choose a symbol path.

 After setting your symbol path, use .reload to refresh symbol
locations. *
*****************************************************************
Executable search path is:
ModLoad: 0000000140000000 000000014008c000 Hello.exe
ModLoad: 0000000078ec0000 0000000078ff9000 ntdll.dll
ModLoad: 0000000077d40000 0000000077eb3000
C:\WINDOWS\system32\kernel32.dll
ModLoad: 0000000078c30000 0000000078d3c000
C:\WINDOWS\system32\USER32.dll
ModLoad: 000007ff7fc90000 000007ff7fd29000
C:\WINDOWS\system32\GDI32.dll
(3ac.624): Break instruction exception - code 80000003 (first chance)
 ERROR: Symbol file could not be found. Defaulted to export symbols
for
ntdll.dll -
ntdll!DbgBreakPoint:
00000000`78ef3320 cc int 3


You are currently subscribed to windbg as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

18

Neil Weicher wrote:

How do I enable Source Level Debugging? At the moment it is just a
simple “Hello World” program built in Visual Studio 2005 for x64 mode.

If The WinDbg option for source level debugging is turned on, then the
most likely option is that you haven’t set the source file path. This is
the most likely contender if your build and debug machines are different.

Just to check the symbols are right, when you break into main, can you
select View | Locals and see the local variables and parameters for that
routine? If you can, but there’s still no source, then the source path
is almost definitely the problem.

MH.

19

Neil Weicher wrote:

In addition to all these commands, apparently I have to also load each
source file manually. I assume I use aliases for all that stuff?

Well, not really. Normally it’s enough to simply set a path which is at
the root of your source tree … WinDbg then seems to be quite good at
working out the relative paths for itself.

MH.