Ignoring First Chance Exception in Windows Debuggers

  A Debugger attached to a process may break frequently on first chance exceptions and if frequent, is very annoying. You can easily disable reporting of ay specific first chance exception using “sx” debugger command as below. SX stands for Set Exception. Exceptions: (27b4.fd8): Integer divide-by-zero – code c0000094 (first chance)First chance exceptions are reported […]

Accessing Command line from WinDbg

  While debugging a crash dump, sometimes it is required to access windows command shell, start an application or do a command line calculation. Lately I was doing a debug and required to do some scientific calculations. ?? was not much help as the complexity of calculations was high. I kept accessing new applications from […]

Fixing Symbols in WinDbg

  I had instrumented a driver to capture certain file system related data in Windows kernel and it happened that there were some problems using the binary. I rebuilt it without any code changes and deleted the old data. At the problem site, the original binary was used for which I deleted symbols. The problem […]

Windows 7 and Debugging!

  Windows 7 Virtualization support – XP Mode Installing and configuring XP Mode Installing a virtual machine Setting up debug environment   Windows 7 Windows 7 is one of the most amazing product I have ever used. As a debugger and reverse engineer in this new phase of my career, I tried to understand this […]

Command Line Automation Of Memory Dump Analysis

A while back someone asked this interesting question to automate analysis of memory dumps and upload that data to a server through a web service. Here is one of the possible approaches – The following command will collect log after executing !analyze –v kd.exe -z “Dump_File_LocationMEMORY.DMP” -logo "user_writable_pathMyKD.log" -c "!analyze –v; q" The above command […]