# WinDbg_Scripts **Repository Path**: baohongyu/WinDbg_Scripts ## Basic Information - **Project Name**: WinDbg_Scripts - **Description**: clone 备份来的... - **Primary Language**: 其他 - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2023-08-05 - **Last Updated**: 2023-12-18 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # WinDbg_Scripts Useful scripts for WinDbg using the debugger data model Usage, examples, explanations and general rants (also available in PDF form here): https://medium.com/@yardenshafir2/windbg-the-fun-way-part-1-2e4978791f9b
https://medium.com/@yardenshafir2/windbg-the-fun-way-part-2-7a904cba5435 ## Useful Commands and Syntax - __iserror(x) Returns true if a statement throws an error. ``` dx @$curprocess.Io.Handles.Where(h => !__iserror(h.Type == "File") && h.Type == "File") ``` - SelectMany Flattens a nested collection, for example runs a query on all threads in all processes and flattens the results ``` dx @$cursession.Processes.SelectMany(p => p.Threads.Select(t => t.KernelObject.ThreadName)) ``` - Conditional Operations ``` dx @$curthread.KernelObject.ActiveImpersonationInfo != 0 ? @$curthread.KernelObject.ClientSecurity.ImpersonationLevel : "Not Impersonating" ``` - Executing a Legacy Command ``` dx @$printSecurityDescriptor = (sd => Debugger.Utility.Control.ExecuteCommand("!sd " + ((__int64)sd).ToDisplayString("x") + " 1")) ``` - Cast Pointer to Function Address ``` dx @$curprocess.Threads.Select(t => (void(*)())t.KernelObject.StartAddress) ```