Debugging and Troubleshooting Techniques with WinDbg

This page has been machine-translated from the original page.

I started writing this article because I wanted to organize resources for learning Windows debugging and dump analysis with WinDbg from the ground up.

In my day job, I often have to analyze memory dumps and process dumps for troubleshooting, but I feel there is still very little clear information on effective investigation techniques for identifying the root cause of each problem.

Because of that, I often end up analyzing things by trial and error, and I kept wishing there were a richer body of knowledge on analysis techniques using WinDbg.

However, since I couldn’t find many useful resources, I decided to start sharing the information myself and publish organized notes on analysis techniques with WinDbg.

As of 2021/10/02, there are still only a few articles, but my goal is to eventually organize posts by purpose and cover various WinDbg analysis methods and troubleshooting techniques.

All published articles are organized below.

Article Categories

Getting Started with WinDbg

1. Trying the WinDbg User-Mode Debugging Tutorial
2. First Steps in Kernel Debugging with WinDbg on Windows 10
3. Overview of Each WinDbg Window
4. How to Manually Capture a Kernel Memory Dump on Windows and Analyze It with WinDbg
5. A New Debugging Approach with Time Travel Debugging

User-Mode Debugging with WinDbg

1. Trying the WinDbg User-Mode Debugging Tutorial
2. Overwriting the Memory Pointed to by the Stack Pointer in WinDbg to Execute an Arbitrary Function
3. Analyzing a Base64 Program Implemented in C with WinDbg Time Travel Debugging
4. Reversing a Program that Implements TCP and UDP Communication with Windows Sockets

Kernel-Mode Debugging with WinDbg

1. First Steps in Kernel Debugging with WinDbg on Windows 10
2. Writing Your Own Windows Kernel Driver and Analyzing It with WinDbg
3. Writing Your Own Windows Kernel Driver and Inspecting IRP Requests with WinDbg

Process Dump Analysis with WinDbg

There are no articles in this category yet.

Memory Dump Analysis with WinDbg

1. How to Manually Capture a Kernel Memory Dump on Windows and Analyze It with WinDbg

Time Travel Debugging with WinDbg Preview

1. A New Debugging Approach with Time Travel Debugging
2. Analyzing a Base64 Program Implemented in C with WinDbg Time Travel Debugging
3. Reversing a Program that Implements TCP and UDP Communication with Windows Sockets

Use-Case-Oriented Articles

Viewing and Editing Memory with WinDbg

1. Overwriting the Memory Pointed to by the Stack Pointer in WinDbg to Execute an Arbitrary Function

Investigating the Cause of Application Errors

1. A New Debugging Approach with Time Travel Debugging

Notes

The sample programs used for analysis in each article are all stored in the following repository.

Sample programs: kash1064/Try2WinDbg

I also summarized how to compile the sample programs in the repository with symbol files (.pdb files) in the following article.

Reference: How to Generate Symbol Files (.pdb) in a Linux Environment Using llvm-mingw

External References

• Debugging Tools for Windows (WinDbg, KD, CDB, NTSD) - Windows drivers | Microsoft Docs
• WinDbg - Microsoft Technology Wiki
• WinDbg. From A to Z!
• Welcome to WinDbg.info
• Windows Kernel Driver Programming