A Debugger attached to a process may break frequently on first chance exceptions and if frequent, is very annoying. You can easily disable reporting of ay specific first chance exception using “sx” debugger command as below. SX stands for Set Exception. Exceptions: (27b4.fd8): Integer divide-by-zero - code c0000094 (first chance)First chance exceptions are reported … Continue reading Ignoring First Chance Exception in Windows Debuggers
While debugging a crash dump, sometimes it is required to access windows command shell, start an application or do a command line calculation. Lately I was doing a debug and required to do some scientific calculations. ?? was not much help as the complexity of calculations was high. I kept accessing new applications from … Continue reading Accessing Command line from WinDbg
I had instrumented a driver to capture certain file system related data in Windows kernel and it happened that there were some problems using the binary. I rebuilt it without any code changes and deleted the old data. At the problem site, the original binary was used for which I deleted symbols. The problem … Continue reading Fixing Symbols in WinDbg
Windows 7 Virtualization support – XP Mode Installing and configuring XP Mode Installing a virtual machine Setting up debug environment Windows 7 Windows 7 is one of the most amazing product I have ever used. As a debugger and reverse engineer in this new phase of my career, I tried to understand this … Continue reading Windows 7 and Debugging!
A while back someone asked this interesting question to automate analysis of memory dumps and upload that data to a server through a web service. Here is one of the possible approaches - The following command will collect log after executing !analyze –v kd.exe -z “Dump_File_LocationMEMORY.DMP” -logo "user_writable_pathMyKD.log" -c "!analyze –v; q" The above command … Continue reading Command Line Automation Of Memory Dump Analysis