Topic: WinDbg - how to debug in DLL
All greetings. It was necessary to search for the reason of falling DLL. From the known information - the address on which my unit, and call stack with instructions of the specific address on which happened booted. From accessible materials - a PE-file (.dll), corresponding to it.pdb and . I pay your attention that no damp-file I have. On the Internet came across council to use here such command: WinDbg-z somebin.dll Glanced in online help and with couples did not catch up:-z DumpFile Specifies the name of a crash dump file to debug. If the path and file name contain spaces, this must be surrounded by quotation marks. It is possible to open several dump files at once by including multiple-z options, each followed by a different DumpFile value why it they-z use It, if in the documentation is explicitly told, what the given option is intended for instructions of a name of a damp-file, instead of ? Well it is fine, tried - it turned out (that it is remarkable, in GUI for debugging DLL I did not find point). WinDbg there and then reported: ModLoad: 10000000 100f0000 somebin.dll I so understand, 10000000 is an address on which itself WinDbg loaded the unit transferred to it, truly? If so that then designates second address? Further I looked at the address on which I DLL has been loaded by host-process at the moment of falling. It appeared it 0x6F760000. Further I looked at the address on which there was a falling, and saw 0x6F7E9521. 0x6F7E9521 - 0x6F760000 = 0x89521 Thus, I received the address in mine , on which there was a falling, and which is not anchored to the address, on which it booted (I after all the rights?) . For obtaining of function name which is to this address, I used the following command: ln 10000000 + 89521, i.e. to 10000000 (on which as I assume, my WinDbg' unit has been loaded) added just calculated 0x89521. Received an exhaust in the form of two functions: main.cpp (379) +0x1c SomeProject! Foo:: Bar+0x19 | (10089540) SomeProject! Foo:: Baz How much I understood, the second of them is following for found the character. In the official documentation of it it has not been told, but here found the following: ' ln ' will find the symbol, report its address, and in addition report the address and the name of the symbol that follows the specified one Here now I sit, I analyze. A question - whether correctly I do all? Confuses much that in the absence of the normal documentation (at least, at me debugger.chm about which it is told in manuals, it did not appear anywhere, and in online docks as you see, much that simply falls).