Using
Windows Debugging Tools can be automated with scripts. These scripts can be used alike with WinDbg, KD and CDB
except that
.remote_exit cannot be used in WinDbg and tha a debugging client cannot exit from a script that is executed in WinDbg.
Comments
An asterisk (*) causes the text after it to be ignored.
The double-dollar sign ($$) is a command that is specifically used as comment. Unlike *, the scope $$ only goes to the next ; (or end of line).
If * or $$ follow a command, they need to be separated with a semicolon:
* foo bar baz
g ;* go on
g ;$$ go on again; dt
* more comment
Simple example
prog.c
#include <windows.h>
ULONG __stdcall tq84(void* PEB) {
char buf[100];
int lenUsed = wsprintfA(buf, "Address of PEB is %p\n", PEB);
DWORD charsWritten;
HANDLE stdOut = GetStdHandle(STD_OUTPUT_HANDLE);
WriteConsoleA(stdOut, buf, lenUsed, &charsWritten, NULL);
return 0;
}
The script
bp $exentry ;* Set a breakpoint at the entry point of the program
* g ;* Skip the System(?) breakpoint at LdrpDoDebuggerBreak (needs to be commented sometimes)
g ;* Go to the next breakpoint (which should be the entry point)
kv ;* Display stack trace
? rcx ;* Print value of first parameter (stored in rcx)
? $peb ;* Compare with variable stored in pseudo(?) register $peb
*
bp Kernel32!WriteConsoleA ;* Set another breakpoint
g ;* go to breakpoint and
p ; gu ;* step into function (p) and go up (gu)
q
The script can now be run like so:
cdb -cf .\script .\prog.exe
Compilation of program
cl /nologo /c /W4 /GS- prog.c
link /nodefaultlib prog.obj /entry:tq84 /subsystem:console user32.lib kernel32.lib /out:prog.exe