Archive

Archive for December, 2012

Script WinDbg

December 19th, 2012 No comments

For my own Notes but I thought to share it, may be it help someone. I was trying to analyse some dumps yesterday (around 40 GB each)… Orphan sessions issue and found atleast 20+ sessions in two dmps… I concentrated on Alpc wait chains and it was too tiring to find all relevant threads as it is all manual task. However, yesterday I found some scripts and technique that helps to speed up the analysis (Thanks to http://www.dumpanalysis.org & MSDN Blog): -

1. .logopen folderpath\filname.txt – this will open a log file for you and later any command you run will dump the o/p to this file.

2. !process 0 ff – everyone know this command but if you run after above command you can dump all info in a txt file and then use Notepad++ to find ‘Waiting for reply to ALPC Message’ string and it will show you all aplc wait chain. Read more…