MANAGED DEBUGGING USING WINDBG

BY

Rupreet Singh Gujral (rupreetg@outlook.com)

Entrepreneur. Product strategist. Architect.

AGENDA

• Debugging and Debugger Basics

• Refreshing .NET / CLR Fundamentals

• Various Debugging Tools

• WinDBG: Basic commands

• Demo: Live Process Debugging

• Demo: Live Process Crash Debugging

DEBUGGING AND DEBUGGER BASICS

• Debugging is a black art! It’s a skill not a technology.

• Debugging is a technique to find root/unknown causes of bugs which surface normally or randomly.

• Putting breakpoint in your source code and stepping through isn’t real debugging. Debugging is when you don’t have source code at hand and you want to find root cause of the issue.

• Debuggers typically can do disassembly, stack traces, expression watches, and more

DEBUGGING AND DEBUGGER BASICS (CONT…)

• 3 Types of Debugging

• Launching an application under debugger

• Attaching a debugger to a running process (Non-Invasive Debugging)

• Invasively attaching a debugger to a running process (Invasive Debugging)

• Symbol Files: They annotates the application binary with additional information like

function names, data structure, etc which helps in debugging

• Public Symbol Files

• Private Symbol Files

• “A software tool that is used to detect the source of program or script errors, by performing step-by-step execution of application code and viewing the content of code variables.” – MSDN

REFRESHING .NET / CLR FUNDAMENTALS

• Application Domains: Logical boundary in a process to isolate

user code execution.

• Modules: Modules contains the actual code and resources.

• Method Table: Describes a particular type. It includes VT with

pointers to actual code.

• Method Descriptors: Contain detailed information such as textual

representation of method, the module it contain, etc

• Managed Heap: Data structure in memory where all objects –

reference types are stored.

REFRESHING .NET / CLR FUNDAMENTALS

REFRESHING .NET / CLR FUNDAMENTALS

Image concept from Mario Hewardt’s book

HOW DEBUGGER IS INVOKED WHEN EXCEPTION OCCURS?

• When code is executed in memory and exception occurs like DivideByZero exception, then –

• First chance exception is raised by .NET Runtime. This happens as soon as DivideByZeroException object is defined in memory.

• If debugger is attached to the process, then debugger will break and memory dump can be taken.

• If an appropriate try-catch block is defined, the exception will be handled and application continues

• If no try-catch block is defined, then second chance exception is raised

• If debugger is attached to the process, then debugger will break and memory dump can be taken

• If no debugger is attached, then process will crash.

VARIOUS DEBUGGING TOOLS

• Visual Studio: Famous development environment mainly used for

source level debugging. Can be used as user mode debugger for any app.

• CLR Profiler: Profiles the CLR process and spits out report about

memory and other parameters.

• Performance Monitor: Counter based tool, gives real time data about

different parameter like memory, exceptions, handles, etc

• WinDBG: GUI based user mode debugger to debug any kind of

application. Can be used as kernel mode debugger too.

• NTSD: Similar to WinDBG but command line based.

WINDBG: BASIC COMMANDS• 0:00> - What this denotes in WinDBG?

• .sympath, .sympath+ <newPath>, .reload – symbols related commands

• !dumpdomain – app domain related command

• !dumpassembly – assembly related command

• !clrstack/kv – Stack walking

• !runaway – Summary for all threads and time spent on CPU

• ~<n>s – Thread switching

• !dumpheap – heap related command

• !do – objects dumping

• !dumpmt – dumping Method Tables

• !threads – Listing all the managed threads

• !dae – exception related commands

DEMO - LIVE PROCESS DEBUGGING

• Attaching debugger to the live process

• Identifying the starting point for debugging

• Internal data structure of the class

• Display content of arrays

• Breakpoint setting

DEMO - LIVE PROCESS CRASH DEBUGGING

• Attach debugger to the live process

• Handle first chance exception

• Track exception

Q&A

Aim and shoot your questions!

Image source: http://egamer.co.za/2011/07/review-shadows-of-the-damned/

THANK YOU!

Image Source: http://www.comicvine.com/forums/battles-7/spiderman-vs-wesker-670859/