Debugging Tips: Use windbg as a calculator, a chat client and more…

Yes, you read it right… it’s not only a debugger, for only $19.95 extra, we’ll throw in a free calculator and chat client:) and you can even run applications from windbg’s command prompt.


Jokes aside, not even I would open up windbg only for the purposes of doing calculations, but when you are debugging and need to do some simple conversions from hex to decimal, and some integer calculations you don’t have to switch to calc.exe, you can just use windbg’s expression evaluator.

Let’s say you’re given a size in hex like so 2e903000 (from !address for example), you can convert and do calculations like this

0:000> ?2e903000
Evaluate expression: 781201408 = 2e903000

So 0x2e903000 bytes is 781201408 bytes

To get the number of MB’s you just run

0:000> ?2e903000/0n1024/0n1024
Evaluate expression: 745 = 000002e9

I.e. divide by 0n1024 twice (decimal numbers are prefixed with 0n) and find out that it’s 745 MB.

Chat client

Ok, it’s not really a chat client, but, when you are in a remote session, i.e. when someone has remoted out a debug session with .server and you want to point something out to them you can start a comment with * and it wont get parsed by the debugger, but the other parties connected to the remote will see it.

0:000> *** Hey, check this weird thing out... 

Spawn other applications

If you need to do some processing on the output of a command, and don’t want to go through the process of copying the results out to notepad, running the external app etc. the .shell command is a must try. It’s especially helpful if you need to do some processing in the debugger with the returned results.

On my blog TODO list I have a post about how to use this in more specific cases but for now I stole this particular example from my colleague Doug.

0:000> .shell -i - -ci "~* kb 2000" FIND /c "mscorwks!ThreadpoolMgr::WorkerThreadStart"
.shell: Process exited

The example runs ~* kb 2000, sends the output to the DOS command FIND, and returns the number of occurrences of the string, so it tells us how many threads are executing the function WorkerThreadStart.

You can pass commands to your own applications as well using standard in and standard out to read the command results and print the results back to the debugger.

Save debugging sessions

.logopen opens a log file where all your commands, and their output are stored, until you call .logclose. With the /t switch it appends current date and time along with the PID for the process you are debugging.

0:000> .logopen /t g:\debugginglog.txt
Opened log file 'g:\debugginglog_1498_2006-01-18_17-12-13-766.txt'

Very useful if you’re like me and get sidetracked a lot.

I’m still waiting for the .bring_me_a_cup_of_coffee_and_a_huge_pizza command:), but I heard it’s in progress for the next version, until then, enjoy these.  


Comments (4)

  1. truthADjuster says:

    i am about to learn Windbg as i deemed realized that debugging is a vital skillset to my job as a maintenance software engineer ,debugging drivers.

  2. Nektar says:

    The only issue is for you to use the calculator or the shell command, you have to be attached to a debuggee first which is counter-productive if you only wish to perform a simple calculation or hex conversion.

    By the way, why doesn’t Windbg support binary arithmetic and conversions, ie. converting numbers from and to binary representation. GNU Debugger (GDB) supports binary calculations and also you can use it as a calculator without loading a debuggee first, which are both handy features. You don’t know how many times I simply wanted to do a simple binary calculation.

  3. Pavel Lebedinsky says:

    Not sure what you mean by binary arithmetic and conversions… You can do something like this:

    0:000> ? 0y100+0y10

    Evaluate expression: 6 = 00000000`00000006

    0:000> .formats 0y111

    Evaluate expression:

     Hex:     00000000`00000007

     Decimal: 7

  4. Computer Forum says:

    Interesting post, haven’t used it yet but after reading this will give it a try. Thanks.

Skip to main content