Thursday, May 11, 2017

Most Commonly used Windbg commands

What commands do I use to debug?

So in the last post we discussed how to setup Windbg. Now the next point is how do I use it to debug .NET issues. Although I love to use Windbg for debugging application problems, I must admit it's pretty intimidating to begin with. It's a command line tool with not much user friendliness. I'm not complaining about it now, but for a beginner it seems too daunting a task to get used to it. 

Another pain with it is to remember all the commands to use (with their parameters). It just becomes to be mindful of. So that is why I've created a nice little cheat sheet that I'm sharing here. 

Command

Help

Example

DumpHeap [-stat] [-strings] [-short] [-min <size>] [-max <size>] [-thinlock] [-startAtLowerBound] [-mt <MethodTable address>] [-type <partial type name>][start[end]]

Displays information about the garbage-collected heap and collection statistics about objects.

The DumpHeap command displays a warning if it detects excessive fragmentation in the garbage collector heap.

 

1.       The -stat option restricts the output to the statistical type summary.

2.       The -strings option restricts the output to a statistical string value summary.

3.       The -short option limits output to just the address of each object. This lets you easily pipe output from the command to another debugger command for automation.

4.       The -min option ignores objects that are less than the size parameter, specified in bytes.

5.       The -max option ignores objects that are larger than the size parameter, specified in bytes.

6.       The -startAtLowerBound option forces the heap walk to begin at the lower bound of a supplied address range. During the planning phase, the heap is often not walkable because objects are being moved. This option forces DumpHeap to begin its walk at the specified lower bound. You must supply the address of a valid object as the lower bound for this option to work. You can display memory at the address of a bad object to manually find the next method table. If the garbage collection is currently in a call to memcopy, you may also be able to find the address of the next object by adding the size to the start address, which is supplied as a parameter.

7.       The -mt option lists only those objects that correspond to the specified MethodTable structure.

8.       The -type option lists only those objects whose type name is a substring match of the specified string.

9.       The start parameter begins listing from the specified address.

10.   The end parameter stops listing at the specified address.

!dumpheap -min 85000

 

GCRoot [-nostacks] <Object address>

Displays information about references (or roots) to an object at the specified address.

The GCRoot command examines the entire managed heap and the handle table for handles within other objects and handles on the stack. Each stack is then searched for pointers to objects, and the finalizer queue is also searched.

This command does not determine whether a stack root is valid or is discarded. Use the CLRStack and U commands to disassemble the frame that the local or argument value belongs to in order to determine if the stack root is still in use.

The -nostacks option restricts the search to garbage collector handles and freachable objects.

 

!gcroot adress

!do address

Displays information about an object at the specified address. The DumpObj command displays the fields, the EEClass structure information, the method table, and the size of the object.

You can use the DumpStackObjects command to retrieve an object's address.

Note that you can run the DumpObj command on fields of type CLASS because they are also objects.

The -nofields option prevents fields of the object being displayed, it is useful for objects like String.

 

 

runaway


Lists the threads and how long they have been waiting

 

!runaway

 ~{ThreadID}s


Sets the current Thread for stack calls

 


~12s

 

CLRStack [-a] [-l] [-p] [-n]

Provides a stack trace of managed code only.

·         The -p option shows arguments to the managed function.

·         The -l option shows information on local variables in a frame. The SOS Debugging Extension cannot retrieve local names, so the output for local names is in the format <local address> = <value>.

·         The -a (all) option is a shortcut for -l and -p combined.

·         The -n option disables the display of source file names and line numbers. If the debugger has the option SYMOPT_LOAD_LINES specified, SOS will look up the symbols for every managed frame and if successful will display the corresponding source file name and line number. The -n (No line numbers) parameter can be specified to disable this behavior.

The SOS Debugging Extension does not display transition frames on x64 and IA-64-based platforms.

 

 

DumpDomain [<domain address>]

Enumerates each Assembly object that is loaded within the specified AppDomain object address. When called with no parameters, the DumpDomain command lists allAppDomain objects in a process.

 

DumpStack [-EE] [-n] 

Displays a stack trace.

·         The -EE option causes the DumpStack command to display only managed functions. Use the top and bottom parameters to limit the stack frames displayed on x86 platforms.

·         The -n option disables the display of source file names and line numbers. If the debugger has the option SYMOPT_LOAD_LINES specified, SOS will look up the symbols for every managed frame and if successful will display the corresponding source file name and line number. The -n (No line numbers) parameter can be specified to disable this behavior.

On x86 and x64 platforms, the DumpStack command creates a verbose stack trace.

On IA-64-based platforms, the DumpStack command mimics the debugger's K command. The top and bottom parameters are ignored on IA-64-based platforms.

 

 

 



Most Commonly used Windbg commands

What commands do I use to debug? So in the last post we discussed how to setup Windbg . Now the next point is how do I use it to debug ....