matijagrcic · May 21, 2026 20:46
diff --git a/WinDbg.txt b/WinDbg.txt
 http://debugging.io/weblog/post/SOSEX-5-useful-tricks-of-debugging-managed-programs
 https://netmatze.wordpress.com/2012/08/24/using-windbg-exe-and-sos-dll-to-debug-a-net-4-0-application/
 http://theartofdev.com/windbg-cheat-sheet/
 http://blogs.msdn.com/b/tess/archive/2008/02/27/net-debugging-demos-lab-4-high-cpu-hang-review.aspx
 https://msdn.microsoft.com/en-us/library/windows/hardware/ff558913(v=vs.85).aspx
 https://msdn.microsoft.com/en-us/library/windows/hardware/dn745911(v=vs.85).aspx
 http://www.stevestechspot.com/SOSEXV2NowAvailable.aspx
 https://blogs.msdn.microsoft.com/jankrivanek/2012/11/15/setting-up-managed-code-debugging-with-sos-and-sosex/
 https://blogs.msdn.microsoft.com/vijaysk/2009/04/02/getting-better-stack-traces-in-process-monitor-process-explorer/
 http://blogs.microsoft.co.il/sasha/2013/08/12/obscure-windbg-commands-part-1/
 http://www.wintellect.com/devcenter/jrobbins/automatically-load-the-right-sos-for-the-minidump
 https://ohadsc.wordpress.com/2014/10/30/some-windbg-tips/
 https://github.com/lowleveldesign/debug-recipes/blob/master/debugging-using-windbg/windbg-clr-debugging.md
 http://gelexgaray.github.io/blog/2016/05/26/windbg-cheatburger-aka-my-windbg-cheat-sheet/
 https://bsodtutorials.wordpress.com/2014/09/12/windbg-commands-and-extensions-swishdbgext-library/

 //https://msdn.microsoft.com/en-us/library/windows/hardware/hh439561(v=vs.85).aspx
 .prefer_dml 1

 .exepath c:\Path_To_Binaries

 !sym noisy #see where the symbols are loaded from
 .sympath C:\Users\mgrcic\Desktop\MiniDump\bin;SRV*c:\symcache*http://msdl.microsoft.com/download/symbols
 .sympath SRV*c:\localsymbols*http://msdl.microsoft.com/download/symbols
 .reload
 #//http://www.stevestechspot.com/SOSEXV2NowAvailable.aspx
 .load C:\Users\mgrcic\Desktop\Analysis\sosex\sosex.dll 
 !sosex.mk
 !dlk //deadlocks
 ~*e!clrstack  //iterate over all of the threads, and execute the command '!clrstack' on every one of them
 ~*e!mk //(~ - thread, * - all, e - execute this command, !mk - display managed stack.
 !analyze -v


 #C:\Windows\Microsoft.NET\Framework64\v4.0.30319 [clr.dll, mscordacwks.dll, sos.dll]
 .load C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
 .load C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
 .load C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sos.dll

 #.loadby sos mscorwks //on older than .NET 4
 .loadby sos clr
 !clrstack
 !clrstack -p 
 !do
 !analyze -v


 !dumpheap -type Exception 
 !pe 02ea6b0c (Address)
 .foreach (ex {!dumpheap -type Exception -short}){.echo "********************************";!pe ${ex} }
 .foreach (ex {!dumpheap -type Exception -short}){.echo "********************************";!pe –nested ${ex} }

 lmvm mscorlib_ni


 .loadby sos mscorwks

 !eeheap -gc (memory heaps that GC uses)

 !dumpheap -stat (what objects we have on each heap)

 first column is called METHOD TABLE, how a class is layed out so we can call

 !dumpheap -mt FIRSTCOLUMNVALUE

 now we have all the objects of this class, pick one and dump them out using

 !do FIRSTCOLUMNVALUE

 !runaway
 ~Xs
 kb
 !dumpallexceptions (!dae)
 !dumpstack

 !dumpheap -type System.Data.SqlClient.SqlException
 !mx *SomeString
  !do 0b62cf38 
  
  http://blogs.msdn.com/b/johan/archive/2008/01/23/using-windbg-advanced-commands.aspx


 !EEStack

 !eestack -ee 

 search for the thread that triggered the GC (mscorwks!SVR::GCHeap::GarbageCollectGeneration)
 ~* kb 2000


 x MyDll!*class* // reloads dll
 lmv m myDll  //Windbg can match the checksum of the DLL against the checksum of the PDB

 sxe -c “!pe;!clrstack;gc” clr
	http://debugging.io/weblog/post/SOSEX-5-useful-tricks-of-debugging-managed-programs
	https://netmatze.wordpress.com/2012/08/24/using-windbg-exe-and-sos-dll-to-debug-a-net-4-0-application/
	http://theartofdev.com/windbg-cheat-sheet/
	http://blogs.msdn.com/b/tess/archive/2008/02/27/net-debugging-demos-lab-4-high-cpu-hang-review.aspx
	https://msdn.microsoft.com/en-us/library/windows/hardware/ff558913(v=vs.85).aspx
	https://msdn.microsoft.com/en-us/library/windows/hardware/dn745911(v=vs.85).aspx
	http://www.stevestechspot.com/SOSEXV2NowAvailable.aspx
	https://blogs.msdn.microsoft.com/jankrivanek/2012/11/15/setting-up-managed-code-debugging-with-sos-and-sosex/
	https://blogs.msdn.microsoft.com/vijaysk/2009/04/02/getting-better-stack-traces-in-process-monitor-process-explorer/
	http://blogs.microsoft.co.il/sasha/2013/08/12/obscure-windbg-commands-part-1/
	http://www.wintellect.com/devcenter/jrobbins/automatically-load-the-right-sos-for-the-minidump
	https://ohadsc.wordpress.com/2014/10/30/some-windbg-tips/
	https://github.com/lowleveldesign/debug-recipes/blob/master/debugging-using-windbg/windbg-clr-debugging.md
	http://gelexgaray.github.io/blog/2016/05/26/windbg-cheatburger-aka-my-windbg-cheat-sheet/
	https://bsodtutorials.wordpress.com/2014/09/12/windbg-commands-and-extensions-swishdbgext-library/

	//https://msdn.microsoft.com/en-us/library/windows/hardware/hh439561(v=vs.85).aspx
	.prefer_dml 1

	.exepath c:\Path_To_Binaries

	!sym noisy #see where the symbols are loaded from
	.sympath C:\Users\mgrcic\Desktop\MiniDump\bin;SRVc:\symcachehttp://msdl.microsoft.com/download/symbols
	.sympath SRVc:\localsymbolshttp://msdl.microsoft.com/download/symbols
	.reload
	#//http://www.stevestechspot.com/SOSEXV2NowAvailable.aspx
	.load C:\Users\mgrcic\Desktop\Analysis\sosex\sosex.dll
	!sosex.mk
	!dlk //deadlocks
	~*e!clrstack //iterate over all of the threads, and execute the command '!clrstack' on every one of them
	~e!mk //(~ - thread, - all, e - execute this command, !mk - display managed stack.
	!analyze -v


	#C:\Windows\Microsoft.NET\Framework64\v4.0.30319 [clr.dll, mscordacwks.dll, sos.dll]
	.load C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
	.load C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
	.load C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sos.dll

	#.loadby sos mscorwks //on older than .NET 4
	.loadby sos clr
	!clrstack
	!clrstack -p
	!do
	!analyze -v


	!dumpheap -type Exception
	!pe 02ea6b0c (Address)
	.foreach (ex {!dumpheap -type Exception -short}){.echo "********************************";!pe ${ex} }
	.foreach (ex {!dumpheap -type Exception -short}){.echo "********************************";!pe –nested ${ex} }

	lmvm mscorlib_ni


	.loadby sos mscorwks

	!eeheap -gc (memory heaps that GC uses)

	!dumpheap -stat (what objects we have on each heap)

	first column is called METHOD TABLE, how a class is layed out so we can call

	!dumpheap -mt FIRSTCOLUMNVALUE

	now we have all the objects of this class, pick one and dump them out using

	!do FIRSTCOLUMNVALUE

	!runaway
	~Xs
	kb
	!dumpallexceptions (!dae)
	!dumpstack

	!dumpheap -type System.Data.SqlClient.SqlException
	!mx *SomeString
	!do 0b62cf38

	http://blogs.msdn.com/b/johan/archive/2008/01/23/using-windbg-advanced-commands.aspx


	!EEStack

	!eestack -ee

	search for the thread that triggered the GC (mscorwks!SVR::GCHeap::GarbageCollectGeneration)
	~* kb 2000


	x MyDll!class // reloads dll
	lmv m myDll //Windbg can match the checksum of the DLL against the checksum of the PDB

	sxe -c “!pe;!clrstack;gc” clr
No results found