[PowerShell Script] PowerDbg v2.3 - Using PowerShell to Control WinDbg

re: [PowerShell Script] PowerDbg v2.0 - Using PowerShell to Control WinDbg

Roberto Farah — Sat, 22 Dec 2007 04:36:12 GMT

I just fixed two bugs. This new version is 2.1

re: [PowerShell Script] PowerDbg v2.0 - Using PowerShell to Control WinDbg

Roberto Farah — Tue, 01 Jan 2008 03:37:10 GMT

Another bug fixed. This new version is 2.2

re: [PowerShell Script] PowerDbg v2.2 - Using PowerShell to Control WinDbg

nativecpp — Thu, 17 Jan 2008 22:29:52 GMT

For the latest powershell-script,

1)Can I download from somewhere ? Or do I have to copy and paste ?

2)Can you tell me the environment requirements for using this library ?

Keep up the good work.

Thanks

re: [PowerShell Script] PowerDbg v2.2 - Using PowerShell to Control WinDbg

Roberto Farah — Fri, 18 Jan 2008 00:41:15 GMT

Hi nativecpp,

1- For now you cannot download it. You have to copy and paste it. If you use MS Word and save the file as text file, it should not add extra spaces between lines. This approach works fine.

2- The environment is:

PowerShell v 1.0

.NET Framework 2.0

Debugging Tools For Windows

Attention to that:

a) The PowerDbg library should be in your $profile file. From PS if you type notepad $profile you'll be able to now the location of this file and the name. You'll need to create it if it doesn't exist.

In my case the code for the PowerDbg library is here:

C:\Users\rafarah\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1

So, my Microsoft.PowerShell_profile.ps1 has the code posted in this blog article.

Because the PowerDbg is into the $profile, you can call the commandlets from any place.

b) After updating the $profile you need to close and reopen PS again. Doing that, the PowerShell will recognize the updates.

c) The Windbg window must have its title changed to PowerDbg. Rememember: because PowerDbg simulates a user using WinDbg, you cannot change the windows focus during the time it is interacting with WinDbg. If you do that the PowerDbg and PowerDbg scripts won't be able to "talk" with WinDbg.

d) If you get errors, most of the time they are related to timing issues. To solve that you just need to run the script again after making sure the WinDbg stopped to process the command or increase the start-sleep delay. It usually happens when you send a "k" command from Send-PowerDbgCommand and it takes too much time to solve the symbols. Anyway, it not happens that often.

If you have any other questions, doubts or problems, let me know! I'll be happy to help you because I want my readers to have a good experience using my little toys. :)

Any suggestions for future cmdlets or scrips are welcome.

re: [PowerShell Script] PowerDbg v2.2 - Using PowerShell to Control WinDbg

Roberto Farah — Fri, 25 Jan 2008 02:42:35 GMT

Version 2.3 - My co-worker Cristhian Uribe asked me to put in red the threads doing unknown activity when running Analyze-PowerDbgThreads and I added two more API calls based on his feedback.

re: [PowerShell Script] PowerDbg v2.3 - Using PowerShell to Control WinDbg

solidstore — Thu, 31 Jan 2008 16:02:13 GMT

Sorry for being dumb! But i dont see the source code? Can you re-post it please.

re: [PowerShell Script] PowerDbg v2.3 - Using PowerShell to Control WinDbg

Roberto Farah — Thu, 31 Jan 2008 21:48:18 GMT

Hi solidstore! You are not dumb, I am! :) For some reason I changed the code and didn't paste it.

I'm going to do that between today and tomorrow.

Thanks for letting me know!

re: [PowerShell Script] PowerDbg v2.3 - Using PowerShell to Control WinDbg

Ed F — Fri, 22 Feb 2008 23:13:36 GMT

I added a function to return the results of ~*e !clrstack -p

The output is something like this:

0x1184 82 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0x1360 175 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0x228 33 {}

0x928 201 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0x12bc 91 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0x11a8 105 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0x894 202 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0x11bc 49 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0x10a4 68 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0xf20 75 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0xde8 57 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0x1468 185 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0x1474 130 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0x17c4 120 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

0x7c8 34 {SomeNameSpace.SomeManagedFunction, SomeNameSpace...

Which is useful for me, because I can then use it like this:

$res = Analyze-PowerDbgClrThreads

$res.keys | %{$res[$_]."SomeNameSpace.SomeManagedFunction".this}

Which gives me a list of object addresses like this:

0x1dbcb630

0x1e2f2c78

0x0927793c

0x0a302de4

0x0a280308

########################################################################################################

# Function: Analyze-PowerDbgClrThreads

# Parameters: None.

# Return: hash by thread id by method name of hashtables

# Purpose:

# Changes History: 01/25/08 - Threads with unknown symbol appear in red color.

# Ed Fancher

# All my functions are provided "AS IS" with no warranties, and confer no rights.

########################################################################################################

function Analyze-PowerDbgClrThreads()

{

$ThreadRegEx = "OS\s+Thread\s+Id:\s+(0x[0-9a-fA-F]+)\s$(\d+)$"

$ParameterLineRegEx = "\s+(\w+)\s+=\s+(.*)"

#a real regex, since $matches was behaving funny.

$FunctionRegEx = [regex] "([0-9a-fA-F]+)\s+([0-9a-fA-F]+)\s+(?<fname>[^(]+)"

$FrameRegex = "([0-9a-fA-F]+)\s+([0-9a-fA-F]+)\s+\[[A-Fa-f0-9: ]+\]"

Send-PowerDbgCommand "~*e !clrstack -p"

sleep 120

#get the log written out by powerdbg.

write-host $global:g_fileCommandOutput

$pdl = get-content $global:g_fileCommandOutput

$currentThread = "";

$currentFunction = "";

$threads = @{};

return;

#loop through each line

for($i=0; $i -lt $pdl.length;$i++)

{

#if this matches, we've seen a thread.

if ($pdl[$i] -match $ThreadRegEx)

{

$currentThread = $matches[1] + " " + $matches[2];

$threads[$currentThread] = @{};

}

if ($currentThread -eq "")

{

continue;

}

#ignore frames, since I'm not usually interested in them.

if ($pdl[$i] -match $FrameRegex)

{

continue;

}

#if this matches, we have a function so add it onto the last found thread.

$fmatch = $FunctionRegEx.Match($pdl[$i]);

if ($fmatch.success)

{

$currentFunction = $fmatch.Groups["fname"].Value;

$threads[$currentThread][$currentFunction] = @{};

}

if ($currentFunction -eq "")

{

continue;

}

#if there are any parameters add them on the the last found method.

if ($pdl[$i] -match $ParameterLineRegEx)

{

$threads[$currentThread][$currentFunction][$matches[1]] = $matches[2];

}

$threads;

}

re: [PowerShell Script] PowerDbg v2.3 - Using PowerShell to Control WinDbg

Roberto Farah — Fri, 22 Feb 2008 23:40:01 GMT

Hey Ed, congratulations! This is an awesome cmdlet! :)

Thanks for sharing with us!