Emad Alashi

EmadAshi.com

DotNetArabi.com

@emadashi

WinDbg

PDBProcess/

Dump

WinDbg

extensions

Windows Software Development Kit (SDK) for Windows 8.1

Basics

Input (a)

Return addr

Low Address

High Address

Function Foo(int x, int y){ FooNext(10);}

Function FooNext(int a){

}Local (z)

Input (y)

Input (x)

Return addr

Call Stack

Type

Han

dle

Sync

Blo

c

Object in memory

T1 T81 T9 T235

Dump File

Capture Dumps

• DebugDiag• Task Manager• ADPlus• ProcDump• …

SOS & SOSEX

Symbol Source

DemoExceptions