Jaa


Read Me

The purpose of this blog is to provide you with information that will help you during debugging sessions. The debugging toolbox I provide is a collection of Windbg scripts I created to help me on a daily basis. The collection expands whenever I develop a script to replace manual debugging.

The Windbg programming language looks like Perl.

To use the scripts you need to download Windbg and setup the public symbols. Actually not all scripts demand symbols, but it’s good to have them for your debugging session.

Most of the scripts should be executed using the following command from Windbg:

$$>< path\scriptname.txt

The default directory I use is MyScripts, located inside the Windbg folder. If you want to use another location or another script file name, just change the source code to reflect the new location and/or file name.

In my machine the scripts are located at:

C:\Debuggers\MyScripts

You can think about the scripts like commands or extensions.

 

Before running a script you should read the header information in the source code.

Also remove any extra spaces between lines after copying the source code.

If you have problems or find a bug let me know.

If you have ideas you think might be cool for scripting let me know, too. J I’m interested! I just cannot promise I’ll implement all suggestions.

I hope you enjoy my little toys as much as I enjoy creating them! J

Comments

  • Anonymous
    March 18, 2007
    Really a quality work! This is awsome, I have heard about it but actually never read about it, this is the first blog I see related to the topic.

  • Anonymous
    March 19, 2007
    Thanks Mike!

  • Anonymous
    October 16, 2007
    your work is appreciated.

  • Anonymous
    December 24, 2007
    Have you ever had this situation: You need to get ASP information from an IIS process? If yes, you can

  • Anonymous
    December 24, 2007
    The comment has been removed

  • Anonymous
    December 24, 2007
    This is one of my “just for fun” scripts. It’s very simple and has some limitations, but it’s fun! What

  • Anonymous
    December 24, 2007
    This is a very simple script, yet powerful script. You can use it to see the APIs an application is using

  • Anonymous
    December 24, 2007
    Have you ever had a situation where you find yourself debugging a dump from ASP.NET when suddenly you

  • Anonymous
    December 24, 2007
    In the past I worked on a support case where I needed to find out if some MessageBox from a C++ application

  • Anonymous
    December 24, 2007
    After creating this script, I have used it in almost every case that requires decompilation, and I guess

  • Anonymous
    December 24, 2007
    Sometimes you cannot avoid reading the disassembled code to look for a specific assembly instruction.

  • Anonymous
    June 06, 2008
    Thanks!! it is a great help.

  • Anonymous
    July 09, 2008
    Hi, Thank you for the nice info! By the way, you said; "It will be fixed in the future, anyway,..." Does this mean that the current script engine has some problems?

  • Anonymous
    July 09, 2008
    Hi Toyota, The scripts are ok, no problems found and when someone finds a bug I try to fix it as soon as possible, however, WinDbg had (and has) some issues when running scripts, for example, when you run a script that has alias and call it again you get an error. If you want to verify it by yourself, use, for example, dig_stack.txt, then call it again. Most of the problems I'm aware of were already fixed. Lately I'm creating scripts using PowerShell that offer much more resources, stability and power. In a few weeks I'll post the newest PowerDbg library and a new script. Keep one eye in my blog. :) Thanks

  • Anonymous
    July 09, 2008
    To Mr.Farah, > Lately I'm creating scripts using PowerShell that > offer much more resources, stability and power. In a > few weeks I'll post the newest PowerDbg library and a > new script. Keep one eye in my blog. :) This is great! I cannot wait any longer!!! Thank you for your answer. I will try dig_stack.txt.

  • Anonymous
    September 03, 2008
    http://blogs.msdn.com/debuggingtoolbox/archive/2007/03/18/read-me.aspx 글 : Roberto Alexis Farah 번역 :

  • Anonymous
    January 14, 2009
    Windbg has a lot of commands and command variations, so sometimes you may forget some of them, like when

  • Anonymous
    January 14, 2009
    There are several tools you can use to read the image headers, like Dumpbin.exe and Link.exe, for instance.

  • Anonymous
    January 14, 2009
    Ok, you are debugging a .NET application. You need to find out the queries and stored procedures being