Special Command—Using .dump/.dumpcab to Get Dumps and Symbols from Production Servers

Using WinDbg you can create a dump file from an application running, for instance, in a production server. After collecting the dump file, you can load it in another machine and debug it. However, to be more effective during your debugging session you need symbols. Thus, thinking about it, here’s the trick to get both dump…


Special Command—Parsing Strings, Files, and Commands Output Using .foreach

  This is by far one of the most powerful WinDbg commands. Even if you don’t create scripts, you’ll benefit from this command.  It’s powerful because it’s flexible. You can use it for a huge variety of operations.   The .foreach token parses the output of one or more debugger commands and uses each value…


[WinDbg Script] Displaying Queries/Stored Procedures from Threads Running Managed Code

There’s another script that gives you all queries/stored procedures from SQL Server or Oracle that are stored in the managed heap. This script is more specific because it gives you the query/stored procedure running in a specific thread. It has the option to scan all threads and to display the queries/sp for each thread.  …


How to Decipher Strings Originating from SQL Injection Attacks

This blog article was written by Ayax Vargas, a friend and co-worker from my team. Ayax is very skilled in development/debugging and SQL Server. A few days ago I was reading one analysis done by Ayax and I was impressed by how he translated what looked like an encrypted message to SQL commands! Actually I…


[Windbg Script] Retrieving queries/stored procedures from .NET application

Ok, you are debugging a .NET application. You need to find out the queries and stored procedures being executed from the threads accessing the database, but you don’t know how. . . Good news! It’s not a problem anymore! This script shows you all the queries or stored procedures associated with a SQLCommand or OracleCommand object….