Search code examples
debuggingcommand-linecommand-promptwindbgprompt

How to use Windbg for opening a dump and launching some Windbg commands from the command prompt?

As mentioned in this other question, I'd like to start Windbg, open a dump, and launch some commands (.load pykd.pyd and !py heap_stat.py).

I thought this would be easy, but even starting Windbg and open a crash dump seems not that easy, as you can see from following unsuccessful examples:

Prompt>windbg.exe /?
Prompt>windbg.exe --help
Prompt>windbg.exe E:\Bugs\program.exe_181212_215503.dmp
Prompt>windbg.exe -D E:\Bugs\program.exe_181212_215503.dmp
Prompt>windbg.exe -zertyuiopqsdfghjklwxcvbn
Prompt>windbg.exe -help
Prompt>windbg.exe help

The idea is to get something like:

Prompt>windbg.exe -d <dumpfile> -c <command1;command2>
Solution

  • it is documented and available in both windbg.chm as well as command prompt -? note i use it on cdb which is console mode not on windbg
    windbg -? , -h , --help , /? , -B#llCr@p
    everything should should pop up the debugger.chm (broken in 17763 but check say 14951)

    enter image description here

    C:\>cdb -? | grep -i dump
  -openPrivateDumpByHandle <HANDLE>
    specifies the handle of a crash dump file to debug
  -z <CrashDmpFile> specifies the name of a crash dump file to debug
  -zd <CrashDmpFile> specifies the name of a crash dump file to debugand
                     deletes that crash dump after the debugger has finished
                      crash dump

C:\>

    asking to create a dump

    C:\>cdb -c ".dump /ma dominidumpi.dmp;q" cdb

Microsoft (R) Windows Debugger Version 10.0.17763.132 X86

ntdll!LdrpDoDebuggerBreak+0x2c:
774a05a6 cc              int     3
0:000> cdb: Reading initial command '.dump /ma dominidumpi.dmp;q'
Creating dominidumpi.dmp - mini user dump
Dump successfully written
quit:

    loading a dump doing something and quitting 

    C:\>cdb -c "lm;q" -z dominidumpi.dmp

Microsoft (R) Windows Debugger Version 10.0.17763.132 X86


Loading Dump File [C:\dominidumpi.dmp]
User Mini Dump File with Full Memory: Only application data is available



ntdll!LdrpDoDebuggerBreak+0x2c:
774a05a6 cc              int     3
0:000> cdb: Reading initial command 'lm;q'
start    end        module name
01250000 01278000   cdb        (deferred)
5b360000 5b4ef000   dbghelp    (deferred)
5b4f0000 5b5cc000   ucrtbase   (deferred)
5b5d0000 5bbac000   dbgeng     (deferred)

77400000 7753c000   ntdll      (pdb symbols)   xxx\ntdll.pdb
775a0000 775aa000   lpk        (deferred)
quit:


C:\>