Good tutorial for WinDbg? -
are there tutorials showing how use windbg?
basic tutorials & usage demos
- installing , configuring windbg (windows debug tools)
- mike taulty - word windbg
- windbg tutorials
- windows debuggers: part 1: windbg tutorial
different ways "start"/attach windbg
- start debugging windbg (includes how debug .msi)
- how debug windows service
- setting windows debugging
- debugging sql server...here, here, here, here
workspaces (understanding how work)
cmdtree
allows define "menu" of debugger commands easy access used commands without having remember terse command names. don't have put command definitions same cmdtree text file....you can keep them separate , load multiple ones (they own window).
- amazing helper .cmdtree
- how make cmdtree window dock @ startup in windbg
- making easier debug .net dumps in windbg using .cmdtree
- microshaoft cmdtree
- special command—execute commands customized user interface .cmdtree
startup script
you can use -c option on command line automatically run windbg script when start windbg.
gives opportunity turn on dml (debugger markup language) mode, load particular extensions, set .net exception breakpoints, set kernel flags (e.g. when kernel debugging might need change dbgprint mask see tracing information....ed nt!kd_default_mask 0xffffffff), load cmdtrees, etc.
an example script:
$$ include directory search extensions $$ (point source controlled or unc common directory developers access) .extpath+"c:\svn\devtools\windbg\extensions" $$ when debugging driver written windows driver framework/kmdf $$ load extension comes winddk. !load c:\winddk\7600.16385.1\bin\x86\wdfkd.dll !wdftmffile c:\winddk\7600.16385.1\tools\tracing\i386\wdf01009.tmf $$ load extensions .load msec.dll .load byakugan.dll .load odbgext.dll .load sosex .load psscor4 $$ make commands support dml (debugger markup language) use .prefer_dml 1 .dml_start $$ show ntstatus codes in hex default .enable_long_status 1 $$ set default extension .setdll psscor4 $$ show loaded extensions .chain /d $$ load command trees .cmdtree c:\svn\devtools\windbg\cmdtree\cmdtree1.txt .cmdtree c:\svn\devtools\windbg\cmdtree\cmdtree2.txt $$ show extensions !wdfkd.help !psscor4.help .help /d command cheat sheets
- crash dump analysis poster v3.0
- sos cheat sheet (.net 2.0/3.0/3.5)
- windbg cheat sheet (art of dev)
- windbg kernel-mode extension commands flashcards
extensions (extend range of commands/features supported)
- addsym
- allows transfer of symbol names between ida , windbg - biglasagne (bldbgexts & blwdbgue)
- assembly syntax highlighting , driver mapping tool) - biglib number reader
- byakugan
- detect antidebugging methods, vista heap visualization/emulation, track buffers in memory - cmdhist
- records every command executed in debug session can re-execute easily - core analyzer
- check heap structures corruption, detect objects shared threads, etc. - dom windbg extension
- (!stlpvector, !idt, !unhex, !grep, etc.) - dumppe
- dumps pe file memory - image viewer extension (vladimir vukicevic)
- intel uefi development kit debugger tool
- debug uefi firmware - leaktrap
- gdi/user handle tracker aid in leak detection - mona (requires pykd)
- set of commands aid in advanced analysis/find exploits - msec
- provides automated crash analysis , security risk assessment - narly
- lists info loaded modules such if using safeseh, aslr, dep, /gs (buffer security checks) - netext (rodney viana)
- (!wservice - list wcf service objects, !wconfig - show .config lines, !whttp - list httpcontexts, !wselect/!wfrom - support sql queries on arrays) - odbgext
- open debugger extensions - ollymigrate
- pass debuggee debugger without restarting - psscor2
- superset of sos assisting in debugging .net 2.0 managed code - psscor4
- superset of sos assisting in debugging .net 4 managed code - pydbgext
- allows python scripting used - pykd
- allows python used script windbg - sdbgext (nynaeve)
-(!valloc, !vallocrwx, !heapalloc, !heapfree, !remotecall, !remotecall64, !loaddll, !unloaddll, !close, !killthread, !adjpriv, !ret) - sieextpub
-legacy extension...now built windbg in ext.dll - sosex
- more commands helping debug managed net 2.0 or 4.0 code - spt/sdbgext2 (steve niemitz)
- (!dumphttpcontext, !dumpaspnetrequests, !dumpsqlconnectionpools, !dumpthreadpool, etc.) - uniqstack
- source debugger extension (need osr online account access it) - viscope
- code coverage graph - wait chain traversal/wct.dll (codeplex debugging extensions
- display wait chains of application threads (helps find deadlocks) - windbgshark
- integrates wireshark protocol analyser enable vm traffic manipulation , analysis - windbg extensions (sasha goldstein)
- tracer, wct, heap_stat, bkb, traverse_map, traverse_vector) - windbg highlight (colorwindbg.dll) (use google translate translate link)
- assembly language syntax highlighting
write own extension
- developing windbg extengcpp extension in c++
- tools of trade: part iv - developing windbg extension dlls
- the basics of debugger extensions: short term effort, long term gain
debugging managed code
- breaking on exception
- breaking on specific clr exception
- debugging .net framework source code within windbg
- debugging exceptions in managed code using windbg
- debugging managed code using windbg , sos.dll
- debugging windbg. deadlocks in applications.
- managed debugging windbg. introduction , index
- setting .net breakpoints in windbg applications crash on startup
scripting (c#, ps, python, , windbg)
- kdar (kernel debugger anti rootkit)
- collection of windbg scripts - sysnative bsod scripts/processing apps
- windbg script library
- collection of windbg scripts - scripting mdbg , dbghostlib
- allows managed code script managed debugger (mdbg) , dbgeng - extcs
- allows control of windbg via c# scripts - powerdbg
- allows control of windbg via powershell scripts - pykd
- allows control of windbg via python scripts - windbglib
- python wrapper library around pykd extension windbg, mimicking immlib (so can use scripts written immunity debugger)
debuggers/tools use dbgeng.dll api/windbg tools
- a simple dbgeng based user mode debugger
- acorns.debugging net deadlock detector (uses cdb.exe) (download)
- clr managed debugger (mdbg)
- dbghost - how control debugging engine
- debug diagnostic tool v1.2 (debugdiag), ver 2.0 + debugdiag blog
- dynamorio - dynamic binary instrumentation tool can interact windbg
- ida + windbg plugin
- gui windbg
- leakshell (find managed leaks)
- mdbglib - managed debug api
- pydbgeng
- python wrapper windows debugging engine - sosnet - windbg fork/alternative shell concentrates on using sos extension , supports c# scripting
- sosnet o2 fork - fork of sosnet uses roslyn c# repl (read-eval-print-loop) scripting engine
- vdb/vivisect (kenshoto) - provides cross-platform debugging api layered on windbg
- winappdbg + heappie-winappdbg
- writing basic windows debugger
different ways generate crash dump files post-mortem analysis
- debugdiag 2.0
- dump cheat sheet
- includes how generate dump hyper-v, vmware esx, , xenserver vms. - citrix systemdump
- keyboard keypress combination
- minidumpwritedump
- (via win32 api call inside application). (example c# applications) - nmi switch
(hardware based feature generate nmi...usually found on high-end servers e.g. hp or can obtain add-in pci card "universal pci dump switch"). microsoft nmi technology background. - procdump
- menu system ? advanced system settings ? startup , recovery
(registry info),
(how configure complete (full) memory dump),
(how enable complete memory dump),
(how enable complete memory dump on windows 7 when pc has lots of memory...normally not available when more 2 gb of memory) - task manager "create dump file"
- userdump, instructions (very old tool)
- usermodeprocessdumper, instructions
- visual studio "save dump as…"
- wer (windows error reporting....local dumps)
- windbg
dump analysis tools
- bluescreenview - finds minidump .dmp files saved windows after bsod, , extracts information caused crash
- debug.analyzer (can analyse dump files , plug-ins can written in .net)
- sad - simple after dump (postmortem analyzer)
- volatility - framework analyzing "memory" recorded in dump files (cheat sheet)
dump related tools
- citrix dumpcheck - checks consistency of dump file (looks it's been abandoned link + link)
- dumpchk (part of debugging tools) - checks consistency of dump file
- moonsols windows memory toolkit (formerly windd) - converts various raw memory dump files windbg compatible dmp files
- vm2dmp - microsoft hyper-v vm state memory dump converter
- vmss2core - converts vmware snapshot file core dump file (download), (instructions)
kernel debugging virtual machines
- vmkd - virtual machine kd extensions
- virtualkd - (kernel debugger support os's hosted in vmware/virtualbox)
videos
- .net cracking 101 #2 - windbg basics
- .net debugging production environment (channel9)
- dotnetconf - advanced debugging windbg , sos
- david truxall "debugging windbg"
- mike taulty debugging memory leaks
- oredev 2009 session: debugging .net applications windbg
- pluralsight advanced windows debugging
(plus various other ones @ pluralsight) - tess ferrandez windbg (channel9)
- tiga's video tutorial series on ida pro
blogs
- advanced .net debugging
- all base belong us (sasha goldstein)
- analyze-v
- asp.net debugging
- cyberiafreak (threading , advanced windows programming , debugging)
- debug analyzer.net
- debug , beyond
- debugging experts magazine online
- debugging toolbox (windbg scripts, debugging , troubleshooting tools , techniques isolate software problems.)
- decrypt world
- greggm's weblog
- junfeng zhang's windows programming notes
- kristoffer's tidbits
- mark russinovich's blog
- mike stalls .net debugging blog
- naveen's blog
- never doubt thy debugger (carlo)
- notes dark corner
- ntdebugging blog (microsoft global escalation services team)
- nynaeve. adventures in windows debugging , reverse engineering
- pfe developer notes field
- visual studio debugger team
- windbg volker von einem
advanced articles & tutorial resources
- advanced debugging techniques in windbg
- debugging applications ms.net , windows (powerpoint slides)
- debugging stl containers windbg
- debug tutorials 1-7 (codeproject-toby opferman)
- debugging.tv
- developmentor windbg tagged articles
- dr fu's security blog - malware analysis tutorials - reverse engineering approach
- exploit writing tutorial part 5 : how debugger modules & plugins can speed basic exploit development
- hunting rootkits
- remote microsoft windows server os kernel debugging using dell windows debugger utility (dwdu) (dell(tm) windows(r) debugger utility 1.1 readme)
alternative debuggers
- bokken - (inguma) (gui radare)
- bugdbg
- debug++ (not released yet)
- debuggy
- discoloured ring 0 debugger (download)
- edb (linux)
- fdbg
- gobug
- hades (ring 3 debugger anti debugger detection strategy)
- hopper (linux, os x , windows) (windows debugging not implemented)
- hyperdbg
- ida debugger
- immunitydebugger
- nanomite
- obsidian (non-intrusive debugger)
- ollydbg
- pebrowse
- racevb6 (vb6 p-code debugger)
- radare
- radare2ui (gui radare)
- rasta ring 0 debugger (rr0d)
- syser kernel debugger
- trw 2000 (very old debugger circa w9x) + dions plugin archive
- visualdux debugger
- wintruder (extendable debugger)
- wktvdebugger (a debugger visual basic p-code) (download)
- x64_dbg
- zeta debugger
other links
- collaborative rce tool library
- debugger , system level tools - cr4zyserb
- plugins & other debugging tools - how write windows debugger references (devon straw)
- detailed information need if wanted write own debugger e.g. pdb file format, .dmp file formats, pe file structure, how record stack traces, etc., etc. - tuts4you
- unpackers, ida, ollydbg, immunity debugger plugins, etc.
Comments
Post a Comment