Filter output of windbg

Question

I'm trying to filter the output of a command, e.g the output of lm is too long.

Something similar to lm | find "some_string".

Does windbg support that? I can't find any document online talking about it.

Answer 1

I usually use the .shell command, either with windows tools (like findstr) or binaries installed with cygwin. .shell command help from MSDN

Example :

Windbg version, although this should work with older versions too:

0:000> version
[snip]
Microsoft (R) Windows Debugger Version 10.0.14321.1024 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Started notepad

0:000> |
.  0    id: 31a0    create  name: notepad.exe

list modules :

0:000> lm
start    end        module name
00030000 0006e000   notepad    (deferred)             
52270000 52280000   FeClient   (deferred)             
6d360000 6d4af000   PROPSYS    (deferred)             
6f650000 6f879000   iertutil   (deferred)             
6f880000 6fa14000   urlmon     (deferred)             
73c40000 73c5b000   bcrypt     (deferred)             
73dc0000 73e2a000   WINSPOOL   (deferred)             
73ee0000 740ea000   COMCTL32   (deferred)             
74130000 7413a000   CRYPTBASE   (deferred)             
74140000 7415e000   SspiCli    (deferred)             
746b0000 7472b000   msvcp_win   (deferred)             
74730000 7488f000   USER32     (deferred)             
74890000 74970000   KERNEL32   (deferred)             
749d0000 74a58000   shcore     (deferred)             
[snip]

Use Windows findstr to get all module with "kern" (case insensitive)

0:000> .shell -ci "lm" findstr /i kern
74890000 74970000   KERNEL32   (deferred)             
76ac0000 76acd000   kernel_appcore   (deferred)             
77530000 776d1000   KERNELBASE   (deferred)             
.shell: Process exited

The same with grep.exe (from cygwin, which is in my %PATH%)

0:000> .shell -ci "lm" grep.exe -i kern
74890000 74970000   KERNEL32   (deferred)             
76ac0000 76acd000   kernel_appcore   (deferred)             
77530000 776d1000   KERNELBASE   (deferred)             
.shell: Process exited

[edit]

This command is very powerful as you can easily send windbg's command outputs to script interpreters (I use python a lot at work) :

.shell -ci "<windbg command>" python mypythonscript.py

Answer 2

I just wrote a Grep-like WinDbg extension, please try it and reply to me if it meets your requirement.

The supported commands are as below:

!silent               : Switch On/Off silent mode     
!grep                 : Filter lines by regular expression
!igrep                : Filter lines by regular expression, case-insensitive
!grep_format          : Do regular expression searching, output formatted result upon captured groups
!igrep_format         : Do regular expression searching, output formatted result upon captured groups, case-insensitive
!grep_formatx         : Do regular expression searching, output formatted result upon captured groups, then execute formatted string as windbg commands
!igrep_formatx        : Do regular expression searching, output formatted result upon captured groups, case-insensitive, then execute formatted string as windbg commands