2 minute read

Yes, you read it right… it’s not only a debugger, for only $19.95 extra, we’ll throw in a free calculator and chat client:) and you can even run applications from windbg’s command prompt.


Jokes aside, not even I would open up windbg only for the purposes of doing calculations, but when you are debugging and need to do some simple conversions from hex to decimal, and some integer calculations you don’t have to switch to calc.exe, you can just use windbg’s expression evaluator.

Let’s say you’re given a size in hex like so 2e903000 (from !address for example), you can convert and do calculations like this

0:000> ?2e903000
Evaluate expression: 781201408 = 2e903000
So 0x2e903000 bytes is 781201408 bytes

To get the number of MB’s you just run

0:000> ?2e903000/0n1024/0n1024
Evaluate expression: 745 = 000002e9

I.e. divide by 0n1024 twice (decimal numbers are prefixed with 0n) and find out that it’s 745 MB.

Chat client

Ok, it’s not really a chat client, but, when you are in a remote session, i.e. when someone has remoted out a debug session with .server and you want to point something out to them you can start a comment with * and it wont get parsed by the debugger, but the other parties connected to the remote will see it.

0:000> *** Hey, check this weird thing out...

Spawn other applications

If you need to do some processing on the output of a command, and don’t want to go through the process of copying the results out to notepad, running the external app etc. the .shell command is a must try. It’s especially helpful if you need to do some processing in the debugger with the returned results.

On my blog TODO list I have a post about how to use this in more specific cases but for now I stole this particular example from my colleague Doug.

0:000> .shell -i - -ci "~* kb 2000" FIND /c "mscorwks!ThreadpoolMgr::WorkerThreadStart"
.shell: Process exited

The example runs ~* kb 2000, sends the output to the DOS command FIND, and returns the number of occurrences of the string, so it tells us how many threads are executing the function WorkerThreadStart.

You can pass commands to your own applications as well using standard in and standard out to read the command results and print the results back to the debugger.

Save debugging sessions

.logopen opens a log file where all your commands, and their output are stored, until you call .logclose. With the /t switch it appends current date and time along with the PID for the process you are debugging.

0:000> .logopen /t g:\debugginglog.txt
Opened log file 'g:\debugginglog_1498_2006-01-18_17-12-13-766.txt'

Very useful if you’re like me and get sidetracked a lot.

I’m still waiting for the .bring_me_a_cup_of_coffee_and_a_huge_pizza command:), but I heard it’s in progress for the next version, until then, enjoy these.