List of Debuggers Supported with Windows NT

The information in this article applies to:

• Microsoft Windows NT operating system version 3.1
• Microsoft Windows NT Advanced Server version 3.1
• Microsoft Windows NT Workstation version 3.5
• Microsoft Windows NT Server version 3.5

SUMMARY

Windows NT provides several debuggers that can be used to debug Kernel mode or user mode exceptions. There are three primary debuggers used with Windows NT: KD (i386KD, MIPSKD and AlphaKD), NTSD, and WinDbg.

MORE INFORMATION

KD

KD is the kernel debugger; it runs on a separate debug machine to find problems in the Kernel and Kernel mode drivers on a test machine.

NTSD

NTSD is a "software debugger" used to debug user mode processes on a test machine. It uses symbols in the %WINDIR%\SYMBOLS DIRECTORY. The DLL file and EXE file symbols are needed for debugging most user mode problems. One useful feature of NTSD (and WinDbg) is that it can be attached to a running process. Using TLIST or PVIEWER, you can get the process ID for an existing process and start "NTSD -p <pid>" to debug that process. The NTSD command line uses the following syntax

   NTSD [[ options]] imagefile

   Option  Description
   ---------------------------------------------------------------------
   -2      Opens a new window for debugging character mode applications.
   -d      Redirects output to the debugging terminal.
   -g      Causes execution past the first breakpoint automatically.
   -G      Causes NTSD to exit immediately when the child terminates.
   -o      Enables debugging of multiple processes. The default is for
           one process directly spawned by the debugger.
   -p      Process-ID
           Specifies debugging of the process identified by process-id.
   -v      Produces verbose output.

WinDbg

WinDbg is a Windows-based debugger that can be used to debug either Kernel or user mode. It is larger and somewhat slower than its text counterparts, but it has additional features, including source-level debugging and being able to read crash dump files. When you run WinDbg from the command line, you can use the following options:

   windbg [-a] [-g] [-h] [-i] [-k [platform port speed]] [-l[text]][-m]
          [-p id [-e event]] [-s[pipe]] [-v] [-w name] [-y path]
          [-z crashfile] [filename[.ext] [arguments]]

   Syntax     Description
   ------------------------------------------------------------------------
   -a         Ignore all bad symbols (but still print warning message).
   -g         Go now; start executing the process.
   -h         Causes child processes to inherit access to WinDbg's handles.
   -i         Ignore workspace; like running without any registry data.
   -k [platform port speed]
              Run as a kernel debugger with the specified options:
                 - platform is the target machine type (x86, MIPS, Alpha)
                 - port is the com port (com1 ... comn)
                 - speed is the com port speed (9600, 19200, 57600, etc.)
   -l [text]  Sets the window title for WinDbg.
   -m         Start WinDbg minimized.
   -p id      Attach to the process with the given id.
   -e event   Signal an event after process is attached. Used only for
              post-mortem debugging .
   -s [pipe]  Start a REMOTE.EXE server, using the named pipe.
   -v         Verbose option; WinDbg prints module load and unload
              messages.
   -w name    Load the named workspace.
   -y path    Search for symbols along the specified path. You can specify
              multiple paths by separating them with semicolons.
   -z crashfile
              Debug the specified crash dump file.
   filename[.ext]
              Program to debug or file to edit.
   arguments  Arguments to program being debugged.