WinDBG Scripts

2 minute read

I see post-mortem debugging as:

  • 39.5% taking memory dumps at the right time
  • 20.5% running the same ol’ commands over and over
  • 31% jumping to conclusions based on experience and proving the theory, and…
  • 9% pure luck, i.e. you happen to stumble upon something when poking around

Don’t you just love it when people apply arbitrary percentages to abstract things, especially here, 9% of what, and how did I get to that conclusion :) And have you noticed that as opposed to this list, arbitrary percentages are usually given in 5 or 10% increments. I would venture to guess that if we had a hex numbering system our arbitrary values would probably not be divisible by 5 or 10, but rather by 8 or 16 :) much the same as when you say it’s about 10 cms, you wouldn’t ever say I’m estimating it to be 3.9370 inches, however once you use numbers that are non-standard and at least have one decimal number people start believing it as truths rather than estimates.

While I’m on the topic of estimates, try this out… have one person estimate 1*2*3*4*5*6*7*8*9*10 (without giving them enough time to actually calculate it) and another person estimate 10*9*8*7*6*5*4*3*2*1. I bet you that the estimate from person 1 will be dimensions lower than the estimate from person 2.

What does this have to do with windbg scripts and tools? Well, I’m a lazy debugger, and I can find a lot better uses of my time (learning potentially useless math facts for example:)), than running the same commands over and over. So anyways, I couldn’t imagine debugging without the .foreach command or other windbg script elements, but man, Roberto here just made it into an art, producing script for everything you can think of :) much like my colleague Doug actually, whenever I ask Doug for advice on something, he comes up with a new script or a new debugger command that I’ve never heard of…

Anyways, what I have just spent about half a page trying to say is… bookmark Roberto’s blog, it’ll be worth it… the good thing about scripts like these is that not only do you not have to retype the same old commands, but if you have a script with a set of commands you would always run for hangs for example, you won’t forget to run one of the commands that might be the key to resolving your issue.