If these steps look familiar, they’re based off a post I wrote a few years back for parsing Exchange transaction logs.  Who knew 1) they’d still be relevant, 2) I’d still resort to such hacky means, and 3) others may actually find value in this ...

 

1.       Download the "Unix for Win32" utilities from http://downloads.sourceforge.net/unxutils/UnxUtils.zip?modtime=1172730504&big_mirror=0

 

2.       Extract all files from the UnxUtils\usr\local\wbin subsirectory to C:\Unix

 

3.       Download strings.exe from http://www.microsoft.com/technet/sysinternals/Miscellaneous/Strings.mspx, and place strings.exe into C:\Unix

 

4.       Make a C:\TMP directory (The Win32 versions of Unix tools need the Windows equivalent of the /tmp directory on Unix)

 

5.       Download the sosex.dll Windbg extension from http://www.stevestechspot.com/SOSEXV2NowAvailable.aspx; save sosex.dll to your directory where Windbg.exe resides

 

6.       In Windbg, open the .dmp file, '!load sosex.dll', do '.logopen managed-strings.log', then do '!sosex.strings'

 

Opened log file 'c:\drop\customers\internal\managed-strings.log'

0:000> !sosex.strings

Address   Gen  Value

---------------------------------------

7f2290c8   0  

7f229108   0  

7f22911c   0   Filters/IncludeExtensions

7f229160   0   Filters/IncludeExtensions

7f229394   0   true

7f22c778   0  

7f22c7d4   0   true

7f22c7f0   0   Filters/CrawlWebApplication

7f22c838   0   Filters/CrawlWebApplication

...

 

7.       Once the sosex.dll extension completes, do '.logclose'

 

8.       In your filename.log, you'll see output similar to the following:

 

0:000> !sosex.strings

Address   Gen  Value

---------------------------------------

7f2290c8   0  

7f229108   0  

7f22911c   0   Filters/IncludeExtensions

7f229160   0   Filters/IncludeExtensions

7f229394   0   true

7f22c778   0  

7f22c7d4   0   true

7f22c7f0   0   Filters/CrawlWebApplication

7f22c838   0   Filters/CrawlWebApplication

7f22cd6c   0  

7f230150   0  

7f230190   0  

7f2301a4   0   Filters/ExcludeListTypes

7f2301e8   0   Filters/ExcludeListTypes

7f23041c   0   true

7f233800   0  

7f23385c   0   true

7f233878   0   Filters/IndexItemView

7f2338b4   0   Filters/IndexItemView

7f233d9c   0   logs

7f237180   0  

7f2371dc   0   logs

7f2371f8   0   ConnectorExecution/WorkFolder

7f237244   0   ConnectorExecution/WorkFolder

 

 

9. Open an elevated command prompt, change to your C:\Unix directory, and then issue the following command:

 

strings -q -n 16 C:\path-to-logfile\managed-strings.log | cut -d " " -f7 | sort | uniq -c | sort | tee c:\users\your-username\sorted-managed-strings.txt

 

For example:

 

strings -q -n 16 C:\drop\customers\internal\managed-strings.log | cut -d " " -f7 | sort | uniq -c | sort | tee c:\users\scottos\sorted-managed-strings.txt 

 

   ...

202564    Database/DataSource

202564    Database/InitialCatalog

202564    Database/Password

202564    Database/PersistenceHandlerDB

202564    Database/PurgeAtStart

202564    Database/RetryPeriodWhenDBIsDown

202564    Database/TableNamePrefix

202564    Database/Username

202564    ESPSubmit/Collection

202564    Filters/CrawlWebApplication

202564    id;listtitle;listdescription;listid;listitemcount;modifiedby;createdby;id;name;created

202564    Logging/FileMode

202564    Logging/LogFile

202564    Logging/LogLevel

202564    Logging/LogServer

202564    espconn-1:16100

202564    teamsites

202565    50

202565    5000

202565    548513

202565    AUTOFLUSHFILE

202565    sql08ma1-1.eelab.fastesc.com

202565    FAST_SEARCH_QA

202565    logs

202565    MOSSConnector.log

202565    my_fast_search

202565    prod

202565    SqlServer

202566    5

202566    FAST_Hello_QA

202566    kerberos

202569    TRACE

202572    1

405130    3600

2025650   true