问题
WinDbg has the .if statement for conditional execution of commands:
.if (Condition) { Commands } .else { Commands }
For Condition, it's not possible to use WinDbg commands. Is there any indirect way of using commands for the condition, e.g. through pseudo registers?
Example task to accomplish: If a logfile is already opened, do nothing. If no logfile is open, use .logopen /t /u /d
With .logfile, I can find out whether a log is open or not. But how to parse that output and how to assign the result to a pseudo register?
Any other way without pseudo registers is also welcome.
As the example may not seem very useful, consider the following tasks which can be automated by scripting or the .cmdtree window:
- Loading the correct version of SOS, e.g.
.if (lm m clr == clr) { .loadby sos clr } .elseif (lm m mscorwks == mscorwks) {.loadby sos mscorwks} - Things I always forget to do, e.g.
.if (| == myprocess) {.childdbg 1; .sympath+ mydir}
回答1:
I tested this and it loads the correct sos.dll if it finds clr in the list of modules:
.foreach (module {lm1m} ) { .if ($sicmp("${module}","clr") == 0) {.echo FOUND ${module}; .loadby sos.dll clr} }
You can easily extend it using .elsif and comparing module with "mscorwks".
As for checking for your process, I attached to calc.exe and ran | which gives me: . 0 id: 6bc attach name: C:\Windows\system32\calc.exe
I only want the last token so I can skip the first six by specifying /pS 6 to .foreach. The following uses a wildcard comparison for *calc.exe and if found, tells the debugger to debug child processes:
.foreach /pS 6 (token {|}) {.echo ${token}; .if($spat("${token}","*calc.exe") == 1) {.echo FOUND MY APP;.childdbg 1} .else {.echo FAILED TO FIND MY APP} }
Also tested and worked.
ps. my debugger version is 6.2.8400.0
来源:https://stackoverflow.com/questions/20069961/windbg-using-commands-for-the-condition-in-if