Recently I started to look at some use of windbg For unmanaged processes. We recommend that you go to debugging toolbox in Tess. The first article will make it hard for me to understand the script.
After practice, we found the followingArticleThe content is particularly helpful, so it is reposted here.
Original article address
First steps with windbg scripting... (Memento)
Http://www.msuiche.net/2007/08/03/first-steps-with-windbg-scripting-memento/
Here is a sample of script for windbg for people who doesn't want to waste time because they don't find any document.
Firstly, to declare a variable you must use the prefix"R". Moreover, the name must be$ T [0. N]
Secondly, if you use the flag "/D" after ". printf" you can use pseudo-HTML code inside.
Thirdly, to read the value of an address you have to use "poi ()" with the prefix "@" like:Poi (@ $ T0)
To write byte or DWORD, you should use"EB"Or"Ed".
And... The most fun is that you can create links like the following scheme:
. Printf/D "<link cmd = \" command_to_execute \ "> display_text </link> \ n ";
To execute a script use
KD >$ $> <"full_script_path"
References:
Http://blogs.msdn.com/debuggingtoolbox/archive/tags/Windbg+Scripts/default.aspx
Http://www.dumpanalysis.org/blog/index.php/category/windbg-scripts/