EDN Admin
Well-known member
In this episode of Defrag Tools , Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg ). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the commands used to show the memory used in a user mode debug session. We cover these commands: !address -summary !address <addr> !vprot <addr> !mapped_file <addr> Make sure you watch http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-Building-your-USB-thumbdrive Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution. Resources:
http://www.microsoft.com/en-us/download/details.aspx?id=8279 Microsoft Windows SDK for Windows 7 and .NET Framework 4
http://technet.microsoft.com/en-us/sysinternals/dd535533 Sysinternals VMMap
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384219.aspx Performance and Memory Consumption Under WOW64
http://msdn.microsoft.com/en-us/library/windows/desktop/aa366775.aspx MEMORY_BASIC_INFORMATION structure
http://msdn.microsoft.com/en-us/library/windows/desktop/aa366786.aspx Memory Protection Constants <span><span> Timeline:
<span><span> http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=00m50s [00:50] - Live Debug of Notepad
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=01m10s [01:10] - VMMap of Notepad
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=02m08s [02:08] - <span><span>Virtual Address Space summary (!address -summary)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=04m30s [04:30] - Large Address Space Aware increases the VA space from 2GB to 4GB<span><span>
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=08m11s [08:11] - Memory Mapped Files
<span><span> http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=10m11s [10:11] - Memory Type, State and Protection (inc. Guard Pages)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=21m22s [21:22] - Allocation Base vs. Base Address (!address <addr>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=26m52s [26:52] - Virtual Protection shows the Alloc. Base Protection (!vprot <addr>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=29m14s [29:14] - Mapped Files (!mapped_file <addr>) <img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:53e8a2e145724d3b8a59a11801518606
View the full article
http://www.microsoft.com/en-us/download/details.aspx?id=8279 Microsoft Windows SDK for Windows 7 and .NET Framework 4
http://technet.microsoft.com/en-us/sysinternals/dd535533 Sysinternals VMMap
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384219.aspx Performance and Memory Consumption Under WOW64
http://msdn.microsoft.com/en-us/library/windows/desktop/aa366775.aspx MEMORY_BASIC_INFORMATION structure
http://msdn.microsoft.com/en-us/library/windows/desktop/aa366786.aspx Memory Protection Constants <span><span> Timeline:
<span><span> http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=00m50s [00:50] - Live Debug of Notepad
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=01m10s [01:10] - VMMap of Notepad
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=02m08s [02:08] - <span><span>Virtual Address Space summary (!address -summary)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=04m30s [04:30] - Large Address Space Aware increases the VA space from 2GB to 4GB<span><span>
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=08m11s [08:11] - Memory Mapped Files
<span><span> http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=10m11s [10:11] - Memory Type, State and Protection (inc. Guard Pages)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=21m22s [21:22] - Allocation Base vs. Base Address (!address <addr>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=26m52s [26:52] - Virtual Protection shows the Alloc. Base Protection (!vprot <addr>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-21-WinDbg-Memory-User-Mode#time=29m14s [29:14] - Mapped Files (!mapped_file <addr>) <img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:53e8a2e145724d3b8a59a11801518606
View the full article