While investigating an intermitent UI freeze in an application, I captured a memory dump and loaded it into WinDbg for analysis. The stack trace immediately revealed a critical section deadlock. 0:000:x86> kb ChildEBP RetAddr Args to Child 0032dd0c 779ed993 00000710 00000000 00000000 ntdll_779b00...
For this demonstration, we'll use a 64-bit environment with a .NET 4.0 application built with Visual Studio 2019. Ensure you have the correct version of Windbg (64-bit) installed. Creating a Test Scenario We'll simulate high CPU usage with a sample application containing an ententional infinite loo...
To debug a use-after-free crash that reproduces consistently on Windows XP SP3 (but not on Windows 7), we planned to enable page heap debugging (DHP) to capture the location where the target object was prematurely freed. Since we had not used GFlags-enabled page heap debugging before, we created a s...
Exception code c0020001 typically indicates RPC_E_SYS_CALL_FAILED, though this description rarely clarifies the actual failure mechanism. When examining a memory dump where an application terminates unexpected during shutdown, the initial investigation focuses on the exception context. 0:040> !an...
Two primary methods exist for analyzing thread blocks based on WaitHandles: a non-deterministic approach compatible with crash dumps (limited to named synchronization objects), and a deterministic approach requiring a live system with a kernel debugger. User-Mode Crash Dump Analysis This method reli...
WinDbg, the Windows Application Debugger, is a powerful tool for debugging software on the Windows operating system. Its lineage traces back to the Debug.exe utility from the DOS era. While modern WinDbg has evolved far beyond its predecessor, its fundamental operations remain rooted in core debuggi...