Created
August 25, 2021 14:29
-
-
Save kaqq/754022e5f6afbe6bd53457683e6da0a7 to your computer and use it in GitHub Desktop.
windbg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !pe | |
| .exr -1 `last exception | |
| !sos.pe `last clr exception | |
| !dso `dump stack object | |
| .chain | |
| .load sos | |
| lmvm name `list dlls | |
| lmntsm | |
| !mdt -array info | |
| !dpx -du `list strings | |
| !dumparray -start 0 -length 10 0x4ca9560a | |
| .writemem C:\temp2\file 046348f8 L0n300318 -- dump image from memory | |
| .loadby sos clr | |
| .load C:\Tools\sosex_32\sosex.dll | |
| .load C:\Tools\mex\x86\mex.dll | |
| .cordll -ve -u -l | |
| !bhi | |
| !runaway | |
| !eeheap -loader | |
| !DumpHeap -stat | |
| !dumpobj | |
| !exchain | |
| !dumprcw 01a7f348 | |
| !sos.dumpheap -type System.__ComObject | |
| !DumpHeap -short -type System.__ComObject | |
| !finalizequeue | |
| ~2s | |
| !eestack -short | |
| !mk --stacl | |
| .foreach (obj {!dumpheap -mt 000007fef5fffb48 -short}) {!gcroot obj; .echo -----} | |
| syncblock | |
| !CLRStack | |
| !dumpstack | |
| k | |
| kb | |
| ~2kb | |
| !runaway | |
| !locks | |
| ~*e!clrstack | |
| !dumpheap -type System.__ComObject | |
| !sos.rcwcleanuplist | |
| .symfix c:\symbols | |
| !SyncBlk | |
| !finq – List the contents of the finalization queue | |
| !frq – List the contents of the f-reachable queue | |
| !gch – List GCHandles | |
| !rwlock – List all ReaderWriterLock instances, or list the details of a specific instance by passing an address. | |
| 59 58 57 52 51 49 48 47 46 45 44-38 36 35 34 33! 26! 18 10! -request shutdown | |
| Microsoft.ApplicationInsights.Extensibility.PerfCounterCollector.QuickPulse.QuickPulseTelemetryModule.StateThreadWorker | |
| Microsoft.ApplicationInsights.Channel.InMemoryTransmitter.Runner | |
| Microsoft.ApplicationInsights.Metrics.DefaultAggregationPeriodCycle.Run | |
| Microsoft.ApplicationInsights.Metrics.DefaultAggregationPeriodCycle.Run | |
| !analyze -v | |
| !analyze -v -hang | |
| ~~[26a4]s | |
| !waitlist | |
| !sym noisy | |
| .reload /f | |
| !runaway -time of threads | |
| .cordll | |
| ub . -stack assemblera | |
| !waitlist | |
| .cls | |
| save dll : !for_each_module .if ($spat ("${@#ImageName}","*.exe")) { !SaveModule ${@#Base} c:\temp\${@#ModuleName}.exe } .else { !SaveModule ${@#Base} c:\temp\${@#ModuleName}.dll } | |
| dump type for heap: .foreach (obj {!dumpheap -type COMException -short}) {!gcroot obj; .echo ----- ; !pe obj; } | |
| .foreach /pS 1 /ps 0 (token {!sosex.rcw}){.printf "${token}\t\t"}; | |
| !gle -all --list all events | |
| !sosex.rcw | |
| !sos.dumprcw | |
| !sos.rcwcleanuplist | |
| !cut -c 27-34 !sosex.rcw | |
| .foreach /pS 2 /ps 0 (token {!cut -c 27-34 !sosex.rcw}){!DumpRCW /d token}; | |
| .printf "${token}\t\n" | |
| !mex.obtrace -? | |
| dt GUID 98a74a74 | |
| !Mex.writemodule -a -p C:\temp3\ | |
| bu 79faa974 "dds @ecx L23; g" | |
| bu 79faa538 "dd @esp+20 L1; dds poi(@esp+20)+88 L1; g" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment