Category Archives: WinDbg

Time Travel Debugging in WinDbg Preview

The functionality similar to Microsoft’s internal Time Travel Tracing Diagnostic Tool has now added into WinDbg Preview, available only from Windows Store here This version of WinDbg requires Windows 10 Anniversary update or later, and Windows Store access. Time Travel … Continue reading

Posted in WinDbg | Leave a comment

Case of The ICACLS /RESET Destruction

Someone advised me their Windows 10 had become extremely unstable. Issues included Edge would open for a second then immediately close. In addition frequently they received the message “The Recycle Bin on C:\ is corrupted. Do you want to empty … Continue reading

Posted in Microsoft Edge, WinDbg, Windows 10 | Tagged | Leave a comment

Case of the Missing Printer Ports

A Citrix environment had both Windows Server 2008 R2 published desktops and Windows 7 SP1  VDIs On the Windows 7 VDIs the ports tab on printers added via a print server was always empty. We did a quick comparison between … Continue reading

Posted in API Monitor, Citrix, PowerShell, WinDbg | Tagged | Leave a comment

Decompile Compiled VBS EXE with WinDbg

In this case we are looking  at a 32-bit EXE with WinDbg (x86) from the Windows SDK. This exact process may or may not work depending on how the script was compiled, but the technique will be similar for many … Continue reading

Posted in Reverse Engineering, WinDbg | Tagged | Leave a comment

Debugging / Viewing Windows Update Log on Windows 10 Insider Builds

Having confirmed with WinDbg team currently insider builds don’t get public symbols unless it is a major release (They are looking into a solution….) How are we going to debug anything on bleeding edge systems “Fast Track Updates” in the … Continue reading

Posted in Fiddler, ProcMon, WinDbg, Windows 10 | Tagged | 5 Comments

Extract Module Info From a DMP File with PowerShell

Modify $cdb to point to CDB.exe from Windows SDK Debugging Tools. At end of script contains usage example… Script can be downloaded here Set-StrictMode -Version 2.0 # path to CDB from Windows SDK Debugging Tools $cdb = "C:\Program Files … Continue reading

Posted in PowerShell, WinDbg | Tagged | Leave a comment

Case of the Invoked Hang (.NET)

A .NET application was hanging completely when certain background tasks were occurring. Using ProcDump ( ) with option Procdump –ma <process name> i captured a 3 dump files about 10 seconds apart, to identify where hang was occurring. Opening dmp … Continue reading

Posted in .NET, Debugging, IL, WinDbg | Tagged | 2 Comments