0

We have an application that crashes at startup, especially under high load. Problem is, there's no way to tell apart the various instances of this process from one another, except the invocation command line itself.

Is there a way to use WinDBG, WER, etc. to extract the command lines of crashed processes? I know it's nested in the PEB somewhere. The goal would be to just have it dump the information so that we can see if the crashing processes have anything in common.

Thoughts?

Improve this question

2 Answers 2

Reset to default
3

Try ??@$peb->ProcessParameters->CommandLine

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Might need to finesse this to get just the buffer but this takes me right where I need to go.
1

In WinDbg, !peb shows the Process Environment Block including the command line. Because the output is long, I recommend filtering it using .shell:

.shell -ci "!peb" find "CommandLine"
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.