is there a way we can trap the command that is being executed in the windbg command line from an extension?
thanks,
venkat
I’ve not found a debugger extension class method that returns the debugger (winddbg, kd). I did, however, notice that the WMI class Win32_Process has CommandLine as a member, so if your extension enumerated Win32_Process and figured out which represents the debugger, it looks as though CommandLine would have what you want.
James
there is an inbuilt command .write_cmd_hist that can capture all your
past commands you have issued in windbg command window to a file you
specify
0:000> kb 3
ChildEBP RetAddr Args to Child
0007af78 01014ed3 00ce3710 00000000 0007b23c
windbg!WinCommand::WriteCommandHistory
0007cfcc 01015020 00ce36f0 00ce36f0 00ce36f0 windbg!DirectCommand+0xa83
0007cfe0 01012b57 00cf3d10 00000000 00000000 windbg!CmdExecuteCmd+0x90
0:000> wt
Tracing windbg!WinCommand::WriteCommandHistory to return address 01014ed3
9 0 [0] windbg!WinCommand::WriteCommandHistory
7 0 [1] msvcrt!_wfopen
3 0 [2] msvcrt!_wfsopen
19 0 [3] msvcrt!_SEH_prolog
…
…
…
windbg!DbsDoubleListwindbg!DbsDoubleListlinkinfolist::node: 1 9 9 9
windbg!DbsStringList::GetHead 1 1 1 1
windbg!DbsStringList::Node::G 11 10 10 10
windbg!LinkInfoList::GetHead 1 9 9 9
windbg!WinCommand::WriteCommandHistory 1 182 182 182
4 system calls were executed
i dont know if this is exposed via any apis
like this
windbg> .write_cmd_hist c:\hist.txt
Wrote command history to ‘c:\hist.txt’
0:000> .shell cat c:\hist.txt
.write_cmd_hist c:\hist.txt
.echo iam writing this to show how cmd history can be captured
.echo iam writing this
.shell cat c:\hist.txt
.cls
.shell cat c:*.txt
.shell dir c:*.txt
.shell type c:\hist.txt
.shell -x type c:\hist.txt
kv
kb
.shell: Process exited
Press ENTER to continue
<.shell waiting 1 second(s) for process>
<.shell process may need input>
On 12/9/11, xxxxx@yahoo.com wrote:
> is there a way we can trap the command that is being executed in the windbg
> command line from an extension?
>
> thanks,
> venkat
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></linkinfolist::node>
Hi venkat, as far as i know, there is no exstension like that.
But you can use *.logopen* command to save all comands to a log file. What
i would do in such kinda situation would be :
starting windbg with *windbg.exe -c "$$><d: with>Myscript.wds containing “.logopen mycommand.log”
this way every command will be written to mycommand.log
Maybe you can find a way to compare log from time to time? I am sure its in
an easily parseable format.
Best Regards,*
**
*Emre TINAZTEPE
On Fri, Dec 9, 2011 at 7:59 AM, raj_r wrote:
> there is an inbuilt command .write_cmd_hist that can capture all your
> past commands you have issued in windbg command window to a file you
> specify
>
> 0:000> kb 3
> ChildEBP RetAddr Args to Child
> 0007af78 01014ed3 00ce3710 00000000 0007b23c
> windbg!WinCommand::WriteCommandHistory
> 0007cfcc 01015020 00ce36f0 00ce36f0 00ce36f0 windbg!DirectCommand+0xa83
> 0007cfe0 01012b57 00cf3d10 00000000 00000000 windbg!CmdExecuteCmd+0x90
> 0:000> wt
> Tracing windbg!WinCommand::WriteCommandHistory to return address 01014ed3
> 9 0 [0] windbg!WinCommand::WriteCommandHistory
> 7 0 [1] msvcrt!_wfopen
> 3 0 [2] msvcrt!_wfsopen
> 19 0 [3] msvcrt!_SEH_prolog
> …
> …
>
> …
> windbg!DbsDoubleList> 1
> windbg!DbsDoubleListlinkinfolist::node: 1 9 9
> 9
> windbg!DbsStringList::GetHead 1 1 1
> 1
> windbg!DbsStringList::Node::G 11 10 10
> 10
> windbg!LinkInfoList::GetHead 1 9 9
> 9
> windbg!WinCommand::WriteCommandHistory 1 182 182
> 182
>
> 4 system calls were executed
>
> i dont know if this is exposed via any apis
>
> like this
>
> windbg> .write_cmd_hist c:\hist.txt
> Wrote command history to ‘c:\hist.txt’
>
>
> 0:000> .shell cat c:\hist.txt
> .write_cmd_hist c:\hist.txt
> .echo iam writing this to show how cmd history can be captured
> .echo iam writing this
> .shell cat c:\hist.txt
> .cls
> .shell cat c:*.txt
> .shell dir c:*.txt
> .shell type c:\hist.txt
> .shell -x type c:\hist.txt
> kv
> kb
> .shell: Process exited
> Press ENTER to continue
> <.shell waiting 1 second(s) for process>
> <.shell process may need input>
>
>
>
>
>
> On 12/9/11, xxxxx@yahoo.com wrote:
> > is there a way we can trap the command that is being executed in the
> windbg
> > command line from an extension?
> >
> > thanks,
> > venkat
> >
> > —
> > WINDBG is sponsored by OSR
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></linkinfolist::node></d:>
For the command history extension on our site
(http://www.osronline.com/article.cfm?article=547) we instantiate an
IDebugOutputCallbacks and look for DEBUG_OUTPUT_PROMPT in the output
callback. Works well enough in most cases, though I suppose it depends on
what you’re really trying to do.
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@windbg…
is there a way we can trap the command that is being executed in the windbg
command line from an extension?
thanks,
venkat
Sorry, I misunderstood the oriiginal question. If the present command is an invocation of the extension, the extension has the command parameters in its arguments. But is it the case that you’re not talking about that scenario but rather one where your extension is invoked indirectly, eg, by the command being executed? If your question is this latter one, the previous posts give some possibilities.
James
Thanks for the responses! I was hoping to get a hook in, before Windbg starts a command, trap and do something before it, and then allow the execution. I was looking for an event handler that fires before and after the windbg executes a command. This way, we would like to trap some commands, add some extra functionality to them. This is specific to our environment, and so we want to see if we can extend the windbg commands and other extensions, without creating a 1:1 wrapper extension commands for them.
Thanks all again for the responses. Will take a look at the IDebugOutputCallbacks as Scott suggested…
regards,
venkat