问题
Let's say I have a memory dump of a process. I want to run a report on it, so essentially I want to open WinDBG, load SOS and run a script that runs some commands, parses the output and then runs some more commands based on that.
Apart from hackish stuff like SendKeys, is there a way to automate/script this process? Or can I write my own tool on top of SOS.dll/whatever?
回答1:
The best way to do this is through a DbgEng based application. Essentially this serves as a replacement for WinDBG, which is really just a GUI interface layered over the DbgEng APIs. We wrote one of these to back the Online Crash Analyzer for our site:
http://www.osronline.com/page.cfm?name=analyze
It really gives you the maximum flexibility to do whatever you want with the dump file. An example of this type of application is provided with WinDBG in the \sdk\samples\dumpstk directory.
In terms of implementing these, I wrote a short intro article about DbgEng here:
http://www.osronline.com/article.cfm?article=559
It's geared towards using DbgEng to write an extension DLL to WinDBG, though the concepts are the same for a standalone application.
As an alternative you could possibly try writing a script or extension that you execute as part of the WinDBG command line (see the "-c" command line option). This is probably easier to get started, though I suspect you'll be happier in the long run if you start with DbgEng.
回答2:
In CLR 4.0 ICorDebug has support for reading dump files so you can use mdbg to extract at least some of the information you need.
You can also use IronPython to write scripts for it.
来源:https://stackoverflow.com/questions/9008065/automating-windbg-or-otherwise-extracting-information-from-dump-files