As mentioned in this other question, I'd like to start Windbg, open a dump, and launch some commands (.load pykd.pyd and !py heap_stat.py).
I thought this would be easy, but even starting Windbg and open a crash dump seems not that easy, as you can see from following unsuccessful examples:
Prompt>windbg.exe /?
Prompt>windbg.exe --help
Prompt>windbg.exe E:\Bugs\program.exe_181212_215503.dmp
Prompt>windbg.exe -D E:\Bugs\program.exe_181212_215503.dmp
Prompt>windbg.exe -zertyuiopqsdfghjklwxcvbn
Prompt>windbg.exe -help
Prompt>windbg.exe help
The idea is to get something like:
Prompt>windbg.exe -d <dumpfile> -c <command1;command2>
it is documented and available in both windbg.chm as well as command prompt -?
note i use it on cdb which is console mode not on windbgwindbg -? , -h , --help , /? , -B#llCr@p
everything should should pop up the debugger.chm (broken in 17763 but check say 14951)
C:\>cdb -? | grep -i dump
-openPrivateDumpByHandle <HANDLE>
specifies the handle of a crash dump file to debug
-z <CrashDmpFile> specifies the name of a crash dump file to debug
-zd <CrashDmpFile> specifies the name of a crash dump file to debugand
deletes that crash dump after the debugger has finished
crash dump
C:\>
asking to create a dump
C:\>cdb -c ".dump /ma dominidumpi.dmp;q" cdb
Microsoft (R) Windows Debugger Version 10.0.17763.132 X86
ntdll!LdrpDoDebuggerBreak+0x2c:
774a05a6 cc int 3
0:000> cdb: Reading initial command '.dump /ma dominidumpi.dmp;q'
Creating dominidumpi.dmp - mini user dump
Dump successfully written
quit:
loading a dump doing something and quitting
C:\>cdb -c "lm;q" -z dominidumpi.dmp
Microsoft (R) Windows Debugger Version 10.0.17763.132 X86
Loading Dump File [C:\dominidumpi.dmp]
User Mini Dump File with Full Memory: Only application data is available
ntdll!LdrpDoDebuggerBreak+0x2c:
774a05a6 cc int 3
0:000> cdb: Reading initial command 'lm;q'
start end module name
01250000 01278000 cdb (deferred)
5b360000 5b4ef000 dbghelp (deferred)
5b4f0000 5b5cc000 ucrtbase (deferred)
5b5d0000 5bbac000 dbgeng (deferred)
77400000 7753c000 ntdll (pdb symbols) xxx\ntdll.pdb
775a0000 775aa000 lpk (deferred)
quit:
C:\>
来源:https://stackoverflow.com/questions/54293393/how-to-use-windbg-for-opening-a-dump-and-launching-some-windbg-commands-from-the