-
Notifications
You must be signed in to change notification settings - Fork 73
Tools
| Tool | Purpose |
|---|---|
| list_windbg_dumps | List crash dump files |
| open_windbg_dump | Analyze crash dumps |
| close_windbg_dump | Close dump sessions |
| open_windbg_remote | Connect to remote debugging |
| close_windbg_remote | Close remote sessions |
| run_windbg_cmd | Execute WinDbg commands |
Purpose: List crash dump files
Parameters: directory_path (optional), recursive (optional)
Examples:
- "List all crash dumps in C:\Dumps"
- "Find all crash dumps in C:\Projects\ including subdirectories"
Purpose: Analyze crash dumps
Parameters: dump_path, include_stack_trace, include_modules, include_threads
Examples:
- "Analyze C:\dumps\app.dmp with full details"
- "Quick analysis of C:\dumps\app.dmp without modules/threads"
Output: Exception info, faulting instruction, stack trace, modules, threads
Purpose: Close dump sessions
Parameters: dump_path
Example: "Close the crash dump session for C:\dumps\app.dmp"
Purpose: Connect to remote debugging
Parameters: connection_string, optional: include_stack_trace, include_modules, include_threads
Connection formats:
- TCP:
tcp:Port=5005,Server=192.168.0.100 - Named Pipe:
npipe:Pipe=MyPipe,Server=MyServer - COM:
com:Port=COM1,Baud=115200
Example: "Connect to tcp:Port=5005,Server=192.168.0.100"
Purpose: Close remote sessions
Parameters: connection_string
Example: "Close connection to tcp:Port=5005,Server=192.168.0.100"
Purpose: Execute WinDbg commands
Parameters: command, either dump_path or connection_string
Examples:
- "Execute 'k' on crash dump C:\dumps\app.dmp"
- "Run 'db 0x12345678 L100' on tcp:Port=5005,Server=192.168.0.100"
Stack: k, kv, kb, ~*k, .ecxr
Memory: db/dw/dd/dp <address>, !address <address>
Heap: !heap -p -a <address>, !heap -stat
Threads: ~, ~*k, !runaway, !locks
Modules: lm, lmv, !lmi <module>
"Analyze C:\dumps\app.dmp and tell me the crash type"
"Execute 'k' and explain the call sequence"
"Run '.ecxr' followed by 'u' to see disassembly"
"Execute '!heap -p -a 0x12345678' and check for corruption"
"Execute '!runaway' to see thread CPU usage"
"Run '~*k' to see all thread states"
"Execute 'bp MyFunction' followed by 'g'"
"Run '!locks' to check synchronization objects"
| Error | Solution |
|---|---|
| "CDB executable not found" | Set --cdb-path or install Debugging Tools |
| "Dump file not found" | Verify file path and permissions |
| "Symbol loading failed" | Configure _NT_SYMBOL_PATH
|
| "Connection failed" | Check connection string and target |
| "Command timeout" | Increase --timeout value |
- Always close sessions when finished
- Configure symbols for meaningful analysis
- Use appropriate timeouts for complex operations
Next: Usage Guide | Troubleshooting | Getting Started