Analyze -v

Thread specific breakpoints are a feature that I wasn’t aware of for a while but have become an important part of my debugging toolbox.

As it turns out, the bp command takes a /t switch, which allows you to specify the address of the thread object that you want to set the breakpoint for. By that I mean that the breakpoint will only fire if the address specified is executed by the thread specified. This is helpful if you have a routine in your driver called from multiple threads and you’re trying to narrow down the behavior of a particular thread. Example usage would be:

bp /t 86033858  ntfs!ntfscommoncreate

This will set a breakpoint on an incredibly hot routine in the system (the open handler for NTFS) but will only break into the debugger if the breakpoint is hit by thread 0×86033858.

As an added tip, this command can be combined with the $thread pseudo register, which always evaluates to the current thread:

bp /t @$thread ntfs!ntfscommoncreate

This entry was posted on Wednesday, October 14th, 2009 at 11:16 pm and is filed under WinDBG. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.