WinDbg Preview breaks just after starting debugging of an executable:

(3bf4.2318): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak 0x30:
00007ffe`d84e06b0 cc              int     3

I will continue:

0:000> g

It will output a series of ModLoad: lines for .NET and OS files, and then similar output about a first chance exception:

(3bf4.2318): Unknown exception - code 04242420 (first chance)

In the previous output, I understand that code represents the type of exception. But what represents 3bf4.2318? And why the value is identical to that in the first output that relates to break instruction exception, even though now it states unknown exception?

CodePudding user response：

That's the process ID and thread ID where the exception happened. I don't know if that output is described somewhere in the depths of the WinDbg documentation. But you can verify that easily on the initial breakpoint

(5130.710): Break instruction exception - code 80000003 (first chance)

and compare that against the process status (MSDN) (|)

0:000> |
.  0    id: 5130    create  name: Test.exe

and the thread status (MSDN) (~) which has the same format but without the parens:

0:000> ~
.  0  Id: 5130.710 Suspend: 1 Teb: 00c7c000 Unfrozen

Process and thread information can be useful, because

a) WinDbg is able to debug many processes simultaneously (e.g. .childdbg and .attach) and

b) you can use it in the ~~[<Thread ID>]s command to switch to the thread

0:007> ~~[710]s
[...]
0:000>