Read Me


The purpose of this blog is to provide you with information that will help you during debugging sessions. The debugging toolbox I provide is a collection of Windbg scripts I created to help me on a daily basis. The collection expands whenever I develop a script to replace manual debugging.


 


The Windbg programming language looks like Perl.


To use the scripts you need to download Windbg and setup the public symbols. Actually not all scripts demand symbols, but it’s good to have them for your debugging session.


 


Most of the scripts should be executed using the following command from Windbg:


 


$$><path\scriptname.txt


 


The default directory I use is MyScripts, located inside the Windbg folder. If you want to use another location or another script file name, just change the source code to reflect the new location and/or file name.


 


In my machine the scripts are located at:


C:\Debuggers\MyScripts


 


You can think about the scripts like commands or extensions. 


 


Before running a script you should read the header information in the source code.


Also remove any extra spaces between lines after copying the source code.


If you have problems or find a bug let me know.


If you have ideas you think might be cool for scripting let me know, too. J I’m interested! I just cannot promise I’ll implement all suggestions.


 


I hope you enjoy my little toys as much as I enjoy creating them! J

Comments (19)

  1. Mike Hoover says:

    Really a quality work! This is awsome, I have heard about it but actually never read about it, this is the first blog I see related to the topic.

  2. nickx says:

    your work is appreciated.

  3. Have you ever had this situation: You need to get ASP information from an IIS process? If yes, you can

  4. First, this script is not really about cheating. It does that with Minesweeper, but there are several

  5. This is one of my “just for fun” scripts. It’s very simple and has some limitations, but it’s fun! What

  6. This is a very simple script, yet powerful script. You can use it to see the APIs an application is using

  7. Have you ever had a situation where you find yourself debugging a dump from ASP.NET when suddenly you

  8. In the past I worked on a support case where I needed to find out if some MessageBox from a C++ application

  9. After creating this script, I have used it in almost every case that requires decompilation, and I guess

  10. Sometimes you cannot avoid reading the disassembled code to look for a specific assembly instruction.

  11. sandeep says:

    Thanks!! it is a great help.

  12. Toyota says:

    Hi,

    Thank you for the nice info!

    By the way, you said;

    "It will be fixed in the future, anyway,…"

    Does this mean that the current script engine has some problems?

  13. Hi Toyota,

    The scripts are ok, no problems found and when someone finds a bug I try to fix it as soon as possible, however, WinDbg had (and has) some issues when running scripts, for example, when you run a script that has alias and call it again you get an error. If you want to verify it by yourself, use, for example, dig_stack.txt, then call it again. Most of the problems I’m aware of were already fixed.

    Lately I’m creating scripts using PowerShell that offer much more resources, stability and power. In a few weeks I’ll post the newest PowerDbg library and a new script. Keep one eye in my blog. :)

    Thanks

  14. Toyota says:

    To Mr.Farah,

    > Lately I’m creating scripts using PowerShell that

    > offer much more resources, stability and power. In a

    > few weeks I’ll post the newest PowerDbg library and a

    > new script. Keep one eye in my blog. :)

    This is great!

    I cannot wait any longer!!!

    Thank you for your answer. I will try dig_stack.txt.

  15. Windbg has a lot of commands and command variations, so sometimes you may forget some of them, like when

  16. There are several tools you can use to read the image headers, like Dumpbin.exe and Link.exe, for instance.

  17. Ok, you are debugging a .NET application. You need to find out the queries and stored procedures being