[Windbg Script] Serviced Components

A few days ago a friend of mine, Fabrício Catae, a SQL Server Ranger here at Microsoft, gave me an idea: to create a script that shows if Serviced Components are or are not disposed.   I thought it was a great idea, so I decided to create a script for it. During the development…


[Windbg Script] Disabling IsDebuggerPresent()

Years ago I needed to debug an application that just had the binary code with no symbols or source code. To make things even more difficult, I found out the application had some kind of anti-debugger protection. After analyzing the dead listing of the application using DumpBin I discovered the trick. The application performed some…


[Windbg Script] Get Portable Executable Headers

There are several tools you can use to read the image headers, like Dumpbin.exe and Link.exe, for instance. You can, however, also use Windbg for doing that! In other words, during your debugging session you can see the header from an image file without executing any other tool except this script.   This is a…


[Windbg Script] Tracing MessageBox calls

In the past I worked on a support case where I needed to find out if some MessageBox from a C++ application was displayed and, if positive, what the message was. I got inconsistent answers whenever I asked the user, so I didn’t know if the MessageBox appeared or what the message was. It sounded…


[Windbg Script] Extracting Performance Monitor counters from .NET application

Have you ever had a situation where you find yourself debugging a dump from ASP.NET when suddenly you notice you forgot to get the Performance Monitor log?   If sometimes you face this situation, I have great news for you: this script shows you some of the main .NET Performance Monitor counters. It gets the…


[Windbg Script] Tracing API calls

This is a very simple script, yet powerful script. You can use it to see the APIs an application is using from your Windbg screen without using another tool. If you need more details from the APIs, just execute LogViewer.exe and open the .lgv file that is automatically created when you use this script.  …


[Windbg Script] Playing with Notepad

This is one of my “just for fun” scripts. It’s very simple and has some limitations, but it’s fun! What does it do? Open Notepad.exe then copy and paste a text on it or just write some stuff. After that, open the script and replace the StringsToFind and StringsToReplace with the strings you want to…


[Windbg Script] Retrieving queries/stored procedures from .NET application

Ok, you are debugging a .NET application. You need to find out the queries and stored procedures being executed from the threads accessing the database, but you don’t know how. . . Good news! It’s not a problem anymore! This script shows you all the queries or stored procedures associated with a SQLCommand or OracleCommand object….


[Windbg Script] Connections from Pool

If you are like me, you may forget the classes and namespaces you need to find out some specific information. Or maybe you forget the field names you need to look for. It happens to me when I need to take a peek at information from System.Data.SqlClient namespace, for example. This script retrieves specific information…


[Windbg Script] Playing with Minesweeper

First, this script is not really about cheating. It does that with Minesweeper, but there are several other possibilities using a bit more bytes that do a better job to fool the application. However, the point here is to show you how powerful the debugger is or, more precisely, the power you have when you…