Debugger Engine (DbgEng) updates in the Windows 8 Developer Preview

Today I wanted to find out what the Debugger Engine (DbgEng) changes are between Windows 7 and the Windows 8 Developer Preview.  To get the differences, I did a WinDiff between the SDK 7.1 ‘DbgEng.h’ header file and the new version (C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\sdk\inc) shipped with the Windows 8 Developer Preview’s WDK (en_windows_developer_preview_wdk_x86_x64_741966.zip). By…

1

Writing a ‘Debugging Tools for Windows’ Extension

I’ve written a three part series in MSDN Magazine that covers the Debugging API (specifically, DbgEng).   Writing a Debugging Tools for Windows Extension – Part 1 – March 2011 Covers the build environment and the basics of Output, reading Memory and reading Registers Web: http://msdn.microsoft.com/en-us/magazine/gg650659.aspxPDF: http://download.microsoft.com/download/4/D/4/4D40CAFF-528D-4AAF-80AA-2DD524A22BD2/MSDN_0311DG.pdf   Writing a Debugging Tools for Windows Extension…

1

IDebugDataSpaces2::QueryVirtual doesn’t act the same as VirtualQuery

One of my debugger extensions commands uses IDebugDataSpaces2::QueryVirtual to iterate through the target’s address space to find particular size allocations (regions that are used for the TEB if you must know).  The code was working fine but on x64 dumps, I found that it was running quite slow. Looking in to it, I found out…

0

StackBase and StackLimit offsets

To save a symbol lookup in a debugger extension, here are the hardcodes to use for StackBase and StackLimit. User Mode 32bit 0:000> dt nt!_TEB.Stack* ntdll!_TEB +0x000 NtTib :   +0x004 StackBase : Ptr Void   +0x008 StackLimit : Ptr Void User Mode 64bit 0:000> dt nt!_TEB NtTib.Stack* ntdll!_TEB +0x000 NtTib :   +0x008 StackBase…

0