I was excited to receive my fresh copy of the Windows Debugging Notebook today. As someone who spends most of my debugging time in user mode code without source code…any additional ideas for user mode debugging can’t hurt, it’s a hard place to be sometimes 
Especially if you, like me, are not spending all your waking moments in WinDbg, the advice from guys who are really helps.
My use of user mode debugging is mostly to find causes of application hangs/crashes that we can fix without getting code re-written, or at least collecting enough specific information to provide to developer so they can rapidly provide a fix.
The two authors of this book are very qualified to write on this subject:
- Roberto Alexis Farah, Senior Premier Field Engineer at Microsoft, professionally debugging & troubleshooting applications for 10 years. Roberto is author of the popular Debugging Toolbox at http://blogs.msdn.com/b/debuggingtoolbox/
- Dmitry Vostokov is the Director of Research/Founder of Memory Dump Analysis Services http://www.DumpAnalysis.com He also has authored a number of great books previously published on debugging such as Windows Debugging: Practical Foundations, Memory Dump Analysis Anthology: Volumes 1-5, Reference Stack Traces series, etc. He also publishes much useful information on the website http://www.dumpanalysis.org/
First thing we find out is the plan to separate the book into 4 volumes to keep it thin & light: User Space, Kernel Space, Managed space (.NET), and Concepts and Tools. I think this is a good idea, most books on this topic are quite big and seem intimidating, this small paperback seems quite friendly in comparison. (I love big & intimidating books, but it is kind of refreshing to have something light & small for a change)
One thing I like as we see in Dmitry’s Memory Dump Analysis anthology is the commands plus examples of their use. The WinDbg help files while covering all the commands are really poorly laid out for the beginner and hard to use. Adding the examples makes everything much clearer. For cases where you might be debugging with C++ code we also see sample Visual C++ code and how you work through it in WinDbg.
The book covers the following topics
- High level diagram of heap in XP/2003 & changes in Vista/Server 2008
- Creating dump & cab file output
- Writing in memory modules from a dump to disk
- Identifying thread with low or high CPU consumption
- Retrieve PE header information from a module
- Retrieve table entries loaded modules
- Watch & Trace a Function (live debugging)
- Editing Memory (live debugging) – This has particularly good samples of different scenarios when you might use this.,
- Various Stack Trace options – including tips like how to handle those that use Frame Pointer Omission (FPO)
- Displaying a call stack with hyper links to local variables for the particular frame
- The many different options for displaying memory and when to use them
- How to identify if address is a heap, stack, or something else
- How to identify unique stacks and why you would want to do this
- Various breakpoint setting options
- Some examples of WinDbg scripting (i.e. repeating commands until condition is false, foreach etc) Again what I really like here is the examples. I think a new person to WinDbg may struggle to implement these just using WinDbg help file alone. Also tips like how to ensure your script has 32/64-bit compatibility is really useful.
- and a few other things…
All in all this is a really great little reference book. If you feel you are under utilizing the WinDbg command set or even new to user mode debugging then this is definitely a must-have book.
chentiangemalc 