I knew it was my destiny! 
kd> !analyze -vostokov
[...]
MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
[...]
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Have you heard about the new method of visual notepad debugging? You don’t even need a debugger, just a notepad. If not, here’s a recipe:
1. Open a buggy application executable file or a DLL file you suspect in notepad.exe
2. Change the font to Webdings
3. Search for a bang: ‘!’ (a bug in Webdings font)
4. Remove the bug and repeat the search
5. Remove that bug too
6. Find another bug and remove it too
7. You might consider “Replace All” if there are too many bugs in your application
8. Save the debugged file
9. Run it - if it crashes do a postmortem analysis - may be you overfixed your bugs. Or you might see a transmutation, in my case the 32-bit Win32 Application2Debug.exe became an MS-DOS application silently terminating after the launch:
0:000> kL
ChildEBP RetAddr
011ef874 76e45500 ntdll!KiFastSystemCallRet
011ef878 76e1b518 ntdll!ZwTerminateProcess+0xc
011ef888 76be41ec ntdll!RtlExitUserProcess+0x7a
011ef89c 0e75c85f kernel32!ExitProcess+0x12
011ef8a4 0e79b07f ntvdm!host_terminate+0x23
011ef8b0 0e781db6 ntvdm!terminate+0x78
011efbfc 0e78094b ntvdm!cmdGetNextCmd+0x294
011efc04 0e769d94 ntvdm!CmdDispatch+0xf
011efc10 0e771882 ntvdm!MS_bop_4+0x2f
011efc14 0e77278a ntvdm!EventVdmBop+0x29
011efc2c 0e73510b ntvdm!cpu_simulate+0x17a
011efc38 0e735086 ntvdm!host_main+0x5f
011efc74 0e7352bd ntvdm!main+0x3a
011efd54 76bed0e9 ntvdm!host_main+0x211
011efd60 76e219bb kernel32!BaseThreadInitThunk+0xe
011efda0 76e2198e ntdll!__RtlUserThreadStart+0x23
011efdb8 00000000 ntdll!_RtlUserThreadStart+0x1b
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
I’m very delighted to be a Dr. DebugLove! There are many Dr. Debug out there (Google shows 1,840,000 hits) but do they really love debugging like I do? Of course, they do, but I’m the first to acknowledge my strange love publicly by accepting a pseudonym.
- Dmitry Vostokov @ DumpAnalysis.org -
Sometimes we have data in binary and we want to convert it to decimal to lookup some constant in a header file, for example. I used to do it previously via calc.exe. Now I use .formats WinDbg command and 0y binary prefix:
0:000> .formats 0y111010
Evaluate expression:
Hex: 0000003a
Decimal: 58
Octal: 00000000072
Binary: 00000000 00000000 00000000 00111010
Chars: ...:
Time: Thu Jan 01 00:00:58 1970
Float: low 8.12753e-044 high 0
Double: 2.86558e-322
Some months ago I was flying SWISS and found this binary watch in their duty-free catalog which I use now to guess time
It has 6 binary digits for minutes. There are desktop binary clocks and other binary watches available if you google them but they don’t have 6 binary digits for minutes. They approximate them by using 2 rows or columns: tenths of minutes and minutes (2 + 4 binary digits) and we are all good in handling 4 binary digits because of our work with hexadecimal nibbles but not good in handling more binary digits like 5 or 6 when we see them in one row.
- Dmitry Vostokov @ DumpAnalysis.org -
