[PowerShell Script] Finding Out the Managed Objects that "Leaked"

Here in PFE most of my teammates use the same approach to identify managed objects that “leak”. The idea is to run !DumpHeap –stat once, wait several minutes to allow the “leak” to make itself evident, then run the command a second time. After that you have to select those objects that appear in both…

13

[PowerShell Script] Extracting All Key/Value Pairs from a Dictionary Object

Brad Linscott, a teammate of mine since the old times of SIE, came up with a very helpful idea: find an automated way to get the key/value pairs from a Dictionary object.   Moreover, Brad has a recipe that teaches how to get the key/value pair from a Dictionary using a manual approach, either using…

5

Special Command—Execute Commands from a Customized User Interface with .cmdtree

A few weeks ago I received an e-mail from Brad Wilson, a Support Escalation Engineer from the OCS (Office Communications Server) team. Brad asked me about the .cmdtree command and I told him I’ve never configured it before. A few days ago he sent me another e-mail saying he figured out how to use this…

10

How to Decipher Strings Originating from SQL Injection Attacks

This blog article was written by Ayax Vargas, a friend and co-worker from my team. Ayax is very skilled in development/debugging and SQL Server. A few days ago I was reading one analysis done by Ayax and I was impressed by how he translated what looked like an encrypted message to SQL commands! Actually I…

6

[PowerShell Script] Chart and Statistics from Top 20 Objects Leaking

  If you want to know the top 20 objects associated with the GC Handles that are leaking, you have manual work to do. Think about it: a)    Run GCHandleLeaks and wait… it’s going to take time. b)    Get the objects’ instances from the handles. c)    Count and classify them. d)    Get the 20 objects…

9

[PowerShell Script] PowerDbg v4.0 – Using PowerShell to Control WinDbg

Good news! Here’s the newest PowerDbg library. This version is more stable and has more features.  Let me tell you about them and how to install it.   New Features    – Send-PowerDbgCTRL-BREAK / Send-PowerDbgResumeExecution   If you’re wondering why do you need these cmdlets I can see at least one scenario: software testing. For…

3

CSI is Cool, But What About Lieutenant Columbo?

OK, you may be wondering, “If this blog is supposed to be a technical blog, why is he talking about movies?” Here it is: It’s inevitable to compare all those people that work for support teams isolating software problems, myself included, with the folks from CSI. To be honest, it’s a very fair comparison since…

4

[PowerShell Script] Downloading PDB for Specific Modules

A few weeks ago, during a laboratory with a customer, I found myself struggling to download the public symbol from a specific driver. Since driver is Kernel Mode if you get a User Mode dump from the application using the driver, you won’t be able to actually see and download the driver. If you have…

2