Debugging LoadLibrary Failures

It looks like the topic of Debugging LoadLibrary Failures has been covered pretty well, but it is worth repeating: If you are seeing a ERROR_MOD_NOT_FOUND (0n126, 0x7E, 0x8007007E) failure during a LoadLibrary, make sure the DLL in question is in the DLL search path.  If it is in the DLL search path, then the next…


SOS Versioning with Windbg

I’m not a .NET developer, but I have to debug dumps from .NET processes from time to time.  I picked up some nuggets of information that may be known to .NET developers, but was not known to me. It turns out, the SOS.dll version that you use in your debugger needs to match the version…


Driver debug breakpoint

The DebugBreak() API is the primary way to implement a breakpoint through code.  It’s great to use when developing a prototype and exploring your environment. User mode developers (such as myself) may not be aware that this can also be used from a kernel mode driver.  This enables us to explore some aspects of kernel…


Sample debugging session without symbols

I was asked to debug some code where we roughly knew what was going on in the source code, but we didn’t have access to the symbols. This gave me a good chance to dust off some old ASM knowledge, and work on the art of debugging without symbols.  It’s not an ideal situation, but…


Intro to kernel debugging 3

Topic: Probing, Altering User Mode Memory This is part 3 of the intro to kernel debugging series.  Other posts: Intro to kernel debugging 1 KD setup Intro to kernel debugging 2 Debugger context In this post, we will explore the following: Probe memory of a user mode process Alter user mode process memory Reminders about how…


Intro to kernel debugging 1

Topic: KD Setup I am a user-mode developer, but part of the job of working on the Windows team (HoloLens runs on Windows!) requires knowing how to work with a kernel debugger on that OS.  Some problems are difficult to debug through user-mode debuggers alone and can be simpler in a kernel debugger . Examples…


Intro to kernel debugging 2

Topic: Debugger Context This is part 2 of the intro to kernel debugging series.  Other posts: Intro to kernel debugging 1 KD setup Intro to kernel debugging 3 Probing, altering user mode memory In this post, we will explore the following: What the debugger is looking at when it first breaks in Get current call…