Quick Tips: using debugger scripts to your advantage - .shell

  • Article

Hi,

After debugging for quite some time, and looking almost every day at memory dumps you start to think “I really need a command to this, to do that,…” in order to easy on some of the repetitive work and allow you to more quickly focus on the issue itself.

I find debuggers scripts to be a big advantage here, and use them a lot. These are pretty simple to define and use (don´t confuse with debugger extensions. That’s another history). So there are quite a few I keep at hand to ease the pain on some manual work.

The sample I’m going to provide is one of the scripts I use most and allows you to understand what needs to be defined and loaded on the debugger.

The purpose on this sample is to find some string on the ouput of a debugger command. Syntax will be

Find “ExecuteCommand” “value_to_find”

The output will all lines that contain value_to_find

First, all you need is notepad. Open notepad and paste the following line

.shell -i - -ci "$param1" FIND /I "$param2"

Save the file as find.txt and place it on a folder.

Next step is to load this script on the debugger. Open windbg.exe and load a memory dump. Below is a sample on how to invoke my script with two parameters and the output that was returned.

0:124> $$>a< find.txt "~*e!clrstack" "lock"

00000000099ce420 00000642bcacddc8 System.Web.Compilation.CompilationLock.GetLock(Boolean ByRef)

000000002db8e8f0 00000642bcacddc8 System.Web.Compilation.CompilationLock.GetLock(Boolean ByRef)

000000002dc3e910 00000642780a9bc3 System.Web.SessionState.SessionStateModule.PollLockedSessionCallback(System.Object)

000000003ebee490 00000642780a9bc3 System.Web.SessionState.SessionStateModule.PollLockedSessionCallback(System.Object)

000000003eade4f0 00000642bcacddc8 System.Web.Compilation.CompilationLock.GetLock(Boolean ByRef)

0000000042cfda20 00000642bcacddc8 System.Web.Compilation.CompilationLock.GetLock(Boolean ByRef)

00000001cbbddfa0 00000642bcacddc8 System.Web.Compilation.CompilationLock.GetLock(Boolean ByRef)

.shell: Process exited

I will leave it as an exercise another very useful script that is to count the number of occurrences of value on input command.

Have fun

Bruno