You can create your own debugging commands by writing an extension DLL. You might want to write a command, for example, to dump a complex data structure.
To run a command called foo, which is an exported function from mydll.dll, enter the following at the WinDbg command prompt:
!mydll.foo [args]
WinDbg will load mydll.dll, call the entry point foo, and pass args to foo. Once WinDbg has loaded mydll.dll, you can run an extension command contained in it by using just the command's name:
!foo [args]
You can explicitly load an extension DLL with either of the following commands:
!mydll.foo !load mydll.dll
There can be as many as 32 extension DLLs loaded, including the default extension DLL.
When you run !foo, WinDbg looks for foo in the current extension DLL, which is the last one loaded or the one that you specify with
!default mydll
If it does not find foo in the current extension DLL, WinDbg searches through the loaded extension DLLs, in the order that they were loaded, and runs the first instance of foo that it finds.
You can unload the current extension DLL with the following command:
!unload
The DDK provides source code for a few simple debugger extension samples in the src\krnldbg\kdexts directory of the DDK tree.
The following are requirements for a user-defined DLL:
Pointer to an extension API structure |
This structure contains the callbacks to functions that you can use to do standard operations. For example, to print a string you can use dprintf(“string”). Include the header file wdbgexts.h in your extension source and use the #define function definitions from that file. The file wdbgexts.h also defines the parameters to the functions. Save the pointer in a global variable named ExtensionApis. |
Major version |
This indicates whether the target system is running a checked build of Windows NT (0x0c) or a free build (0x0f). |
Minor version |
This is the Windows NT build number of the target system (for example, 1381). |
DECLARE_API(foo) { code for foo }
WinDbg does a try/except around a call to an extension DLL. Even though they won't crash WinDbg, bugs in your code can still cause it not to work properly, and you will have to quit and restart WinDbg.