With the SDK preview 14951, we have a few changes in our debugging tools that we want to call out. Feel free to leave any questions in the comments below!
- Defrag Tools #169 – https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-169-Debugging-Tools-for-Windows-Team
Debugger object model additions
The functionality of the kernel mode !handle extension has been moved to the debugger data model and is now accessible, scriptable, and LINQ queryable via “Io.Handles” off any process object (e.g.: @$curprocess).
- Show handles in the current process: dx @$curprocess.Io.Handles
- Group handles in the current process by type: dx @$curprocess.Io.Handles.GroupBy( h=> h.Type)
- Map handle table to underlying objects: dx @$curprocess.Io.Handles.Select(h => h.Object.UnderlyingObject)
- See every open file in the process: dx @$curprocess.Io.Handles.Where(h => h.Type == “File”).Select(h => h.Object.UnderlyingObject.FileName)
PEB and TEB
Basic information about the PEB and TEB has been added to the debugger data model off of and process or thread objects.
- Show TEB information: dx -r2 @$curthread.Environment
- Show PEB information: dx -r2 @$curprocess.Environment
- dtx – The C++ expression syntax of ‘dx’ is sometimes difficult to parse. We added ‘dtx’ to take a data type and address similar to the ‘dt’ command. This command doesn’t have all the flags available to ‘dt’.
- .excr – A lot of people mistype ‘.ecxr’, so we added ‘.excr’ to prevent people from having to re-type the command.
- .sympath – Changing your symbol path will now trigger a deferred (lazy) reload of the modules that are using exported symbols.
- bl – Now has DML links to disable, enable, or delete breakpoints.
We now have our own sub-category called “Debugging Tools for Windows” in the feedback hub under “Developer Tools” the developer tools category because we want to provide you an easy way to send feedback. With this in mind we want to encourage you all to let us know how we’re doing and what we can do to improve things for you!
The DLL for KD1394 is included in the kits now in the “1394” folder. This can be used to enable kernel debugging over 1394 as described in our previous blog post here.
Let us know what you think of everything in the comments!