WintellectPowerShell

4.0.1.1

Code/Get-DumpAnalysis.ps1

                                
###############################################################################

# WintellectPowerShell Module

# Copyright (c) 2015-2017 - John Robbins/Wintellect

#

# Do whatever you want with this module, but please do give credit.

###############################################################################

# Always make sure all variables are defined and all best practices are

# followed.

Set-StrictMode -version Latest

function Get-DumpAnalysis

{

<#

.SYNOPSIS

Automates minidump analysis.

.DESCRIPTION

The CDB $< command allows you read in a text file and each line be executed

in the CDB command line. When you start CDB with the -c command line switch

you can tell it to execute specific commands. Thus if you use the following 

-c option, you can script CDB.

  cdb.exe -c "$$<Commands.txt"

This script wraps up the CDB -c trick to let you pipe in a bunch of files 

and have the same commands run on all individual files. All output is TEE'd

to the screen and to a file. 

The log file written will be named <minidump name>-<debugscriptname>.log

.PARAMETER Files

The minidump files to process.

.PARAMETER DebuggingScript

The script file to pass to CDB. You specify the CDB commands in this file one

line at a time. For comments, CDB supports using the "*" character at the start

of the line.

.PARAMETER CdbProgramPath

By default this script assumes that CDB is the PATH environment variable. If you 

would like to specify the particular CDB to run, put the full path and CDB.EXE

into this parameter.

.EXAMPLE

Get-DumpAnalysis -Files .\MyMiniDump.dmp -DebuggingScript .\BasicAnalysis.txt

This will run the commands in BasicAnalysis.txt on MyMiniDump.dmp and the output will be

writting to MyMiniDump.dmp-BasicAnalysis.txt.log

.EXAMPLE

Get-ChildItem *.dmp | Get-DumpAnalsys -DebuggingScript .\MoreStuff.txt

For all mini dump files will be piped to Get-DumpAnalysis and have the debug script 

MoreStuff.txt run on each one.

.NOTES

Here is an example of a debugging script. Note that asterisks are treated as comments

by CDB but are output to the log. It's a good idea to use comments so you can identify

where different commands run so you can use a regular expression to pull them out.

* Do the basic analysis

!analyze -v

* Get all the loaded modules 

lmv

.LINK

http://www.wintellect.com/devcenter/author/jrobbins

https://github.com/Wintellect/WintellectPowerShell

 #>

    [CmdletBinding(SupportsShouldProcess=$true)]

    param

    (

        [Parameter(ValueFromPipeline=$true,

                   ValueFromPipelineByPropertyName=$true,

                   Mandatory=$true,

                   HelpMessage="Please enter the minidump file to process")]

        [Alias('FullName')]

        [string]$Files,

        [Parameter(Mandatory=$true,

                   HelpMessage="Please enter WinDBG script file to use")]

        [ValidateScript({ Test-Path -Path $_ -PathType Leaf })]

        [string]$DebuggingScript,

        [AllowEmptyString()]

        [string]$CdbProgramPath=""

    )

    begin

    {

        Set-StrictMode -Version Latest

        # If the path to the version of cdb is null, use the first one 

        # found in the path.

        if ($CdbProgramPath.Length -eq 0)

        {

            $CdbProgramPath = (Get-Command -Name "cdb.exe" -ErrorAction Stop).Source

        }

        Test-Path -Path $CdbProgramPath -ErrorAction Stop | Out-Null

        Write-Verbose -Message "Using cdb from $CdbProgramPath"

    }

    process

    {

        foreach ($file in $Files)

        {

            $scriptName = [System.IO.Path]::GetFileName($DebuggingScript)

            $fullScriptPath = (Resolve-Path -Path $DebuggingScript).Path

            $file = (Resolve-Path -Path $file).Path

            $logFile = $file + "-" + $scriptName + ".log"

            Write-Verbose -Message "Logging to file $logFile"

            if ($PSCmdlet.ShouldProcess("$CdbProgramPath -z $file -c `"`$$<$fullScriptPath;q`"", "Executing"))

            {

                &$CdbProgramPath -z $file -c "`$`$<$fullScriptPath;Q" | Tee-Object -FilePath $logFile

            }

        }

    }

}

# SIG # Begin signature block

# MIIUywYJKoZIhvcNAQcCoIIUvDCCFLgCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB

# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR

# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUFlLoseBwRUWiAvJLdTAskLK0

# OXyggg+6MIIEmTCCA4GgAwIBAgIPFojwOSVeY45pFDkH5jMLMA0GCSqGSIb3DQEB

# BQUAMIGVMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQg

# TGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNV

# BAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEdMBsGA1UEAxMUVVROLVVTRVJG

# aXJzdC1PYmplY3QwHhcNMTUxMjMxMDAwMDAwWhcNMTkwNzA5MTg0MDM2WjCBhDEL

# MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE

# BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKjAoBgNVBAMT

# IUNPTU9ETyBTSEEtMSBUaW1lIFN0YW1waW5nIFNpZ25lcjCCASIwDQYJKoZIhvcN

# AQEBBQADggEPADCCAQoCggEBAOnpPd/XNwjJHjiyUlNCbSLxscQGBGue/YJ0UEN9

# xqC7H075AnEmse9D2IOMSPznD5d6muuc3qajDjscRBh1jnilF2n+SRik4rtcTv6O

# KlR6UPDV9syR55l51955lNeWM/4Og74iv2MWLKPdKBuvPavql9LxvwQQ5z1IRf0f

# aGXBf1mZacAiMQxibqdcZQEhsGPEIhgn7ub80gA9Ry6ouIZWXQTcExclbhzfRA8V

# zbfbpVd2Qm8AaIKZ0uPB3vCLlFdM7AiQIiHOIiuYDELmQpOUmJPv/QbZP7xbm1Q8

# ILHuatZHesWrgOkwmt7xpD9VTQoJNIp1KdJprZcPUL/4ygkCAwEAAaOB9DCB8TAf

# BgNVHSMEGDAWgBTa7WR0FJwUPKvdmam9WyhNizzJ2DAdBgNVHQ4EFgQUjmstM2v0

# M6eTsxOapeAK9xI1aogwDgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwFgYD

# VR0lAQH/BAwwCgYIKwYBBQUHAwgwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2Ny

# bC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtT2JqZWN0LmNybDA1BggrBgEF

# BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20w

# DQYJKoZIhvcNAQEFBQADggEBALozJEBAjHzbWJ+zYJiy9cAx/usfblD2CuDk5oGt

# Joei3/2z2vRz8wD7KRuJGxU+22tSkyvErDmB1zxnV5o5NuAoCJrjOU+biQl/e8Vh

# f1mJMiUKaq4aPvCiJ6i2w7iH9xYESEE9XNjsn00gMQTZZaHtzWkHUxY93TYCCojr

# QOUGMAu4Fkvc77xVCf/GPhIudrPczkLv+XZX4bcKBUCYWJpdcRaTcYxlgepv84n3

# +3OttOe/2Y5vqgtPJfO44dXddZhogfiqwNGAwsTEOYnB9smebNd0+dmX+E/CmgrN

# Xo/4GengpZ/E8JIh5i15Jcki+cPwOoRXrToW9GOUEB1d0MYwggU1MIIEHaADAgEC

# AhEA+CGT8y+uLXmA2UBOFe5VGzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJH

# QjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3Jk

# MRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEjMCEGA1UEAxMaQ09NT0RPIFJT

# QSBDb2RlIFNpZ25pbmcgQ0EwHhcNMTYwMjE4MDAwMDAwWhcNMTgxMDI4MjM1OTU5

# WjCBnTELMAkGA1UEBhMCVVMxDjAMBgNVBBEMBTM3OTMyMQswCQYDVQQIDAJUTjES

# MBAGA1UEBwwJS25veHZpbGxlMRIwEAYDVQQJDAlTdWl0ZSAzMDIxHzAdBgNVBAkM

# FjEwMjA3IFRlY2hub2xvZ3kgRHJpdmUxEzARBgNVBAoMCldpbnRlbGxlY3QxEzAR

# BgNVBAMMCldpbnRlbGxlY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB

# AQDfLujuIe3yrrTfTOdYfstwFDZrI7XezoeFPA33GRxY/MSbKuUvPcN8XqU8Jpg4

# NUkByzoSjPsq9Yjx3anHflcNendqa/8gbkPdiEMg+6kRVmtv1QHfGt+UbEMfrUk0

# Ltm0DE+6OIZFx8hjsxifJvWrQ/jG9lat6e2YwIdNAqyG2htqCrmBN90lW+0+zU9s

# YJIVD0ZfyZJVkvbeay+HwlbojW7JQyyhdGOSa61zUqlD85RX6HzcCbb1WHf5bZRO

# 2idaVNAOw1YHqJAUjY4oJY4lqWwg5Inza4f33Wt82zJAgKY4S01bddkvjPi6iMnG

# y8bI1EfWAdFFC+UM2qKsNc2/AgMBAAGjggGNMIIBiTAfBgNVHSMEGDAWgBQpkWD/

# ik366/mmarjP+eZLvUnOEjAdBgNVHQ4EFgQUZdNFdxzRtMVCZCvcFV4g7vsL8vgw

# DgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUH

# AwMwEQYJYIZIAYb4QgEBBAQDAgQQMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQMC

# MCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BTMEMG

# A1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JT

# QUNvZGVTaWduaW5nQ0EuY3JsMHQGCCsGAQUFBwEBBGgwZjA+BggrBgEFBQcwAoYy

# aHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ29kZVNpZ25pbmdDQS5j

# cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTANBgkqhkiG

# 9w0BAQsFAAOCAQEAnSVG6TXbazSxczonyo/Q+pjX+6JERtMZ0sz3Fc3PTMDcb9DS

# tALjZiZhOgOoRNC+5OHgE3tTPLCT6ZGktfedzp6J9mICzoJIIBelfdiIwJNkPTzR

# I2krUn/6ld5coh0zyM85lCjXkqzZmyQmRRNQoycWtxUwxsNlkiGlRIiIJHztbg1I

# lv9C90zCZ1nAhfOpv+maUohLtz22F9wXCJuIUQapOhPG5n/opM/AUQV2WuDa3AZP

# VYleK90zOgHLDgLICxrx57z2JRlXyW2ga2N5J6DXzwGmxpCe0LbzYCj4h42SjUuf

# 9hOQtORlSjYEj8RFpxatyxcmIIpej9/NDNXgIzCCBeAwggPIoAMCAQICEC58h8wO

# k0pS/pT9HLfNNK8wDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYD

# VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNV

# BAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRp

# ZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDUwOTAwMDAwMFoXDTI4MDUwODIzNTk1

# OVowfTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ

# MA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxIzAh

# BgNVBAMTGkNPTU9ETyBSU0EgQ29kZSBTaWduaW5nIENBMIIBIjANBgkqhkiG9w0B

# AQEFAAOCAQ8AMIIBCgKCAQEAppiQY3eRNH+K0d3pZzER68we/TEds7liVz+TvFvj

# nx4kMhEna7xRkafPnp4ls1+BqBgPHR4gMA77YXuGCbPj/aJonRwsnb9y4+R1oOU1

# I47Jiu4aDGTH2EKhe7VSA0s6sI4jS0tj4CKUN3vVeZAKFBhRLOb+wRLwHD9hYQqM

# otz2wzCqzSgYdUjBeVoIzbuMVYz31HaQOjNGUHOYXPSFSmsPgN1e1r39qS/AJfX5

# eNeNXxDCRFU8kDwxRstwrgepCuOvwQFvkBoj4l8428YIXUezg0HwLgA3FLkSqnmS

# Us2HD3vYYimkfjC9G7WMcrRI8uPoIfleTGJ5iwIGn3/VCwIDAQABo4IBUTCCAU0w

# HwYDVR0jBBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFCmRYP+K

# Tfrr+aZquM/55ku9Sc4SMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/

# AgEAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMBEGA1UdIAQKMAgwBgYEVR0gADBMBgNV

# HR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FD

# ZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYIKwYB

# BQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0

# Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJ

# KoZIhvcNAQEMBQADggIBAAI/AjnD7vjKO4neDG1NsfFOkk+vwjgsBMzFYxGrCWOv

# q6LXAj/MbxnDPdYaCJT/JdipiKcrEBrgm7EHIhpRHDrU4ekJv+YkdK8eexYxbiPv

# VFEtUgLidQgFTPG3UeFRAMaH9mzuEER2V2rx31hrIapJ1Hw3Tr3/tnVUQBg2V2cR

# zU8C5P7z2vx1F9vst/dlCSNJH0NXg+p+IHdhyE3yu2VNqPeFRQevemknZZApQIvf

# ezpROYyoH3B5rW1CIKLPDGwDjEzNcweU51qOOgS6oqF8H8tjOhWn1BUbp1JHMqn0

# v2RH0aofU04yMHPCb7d4gp1c/0a7ayIdiAv4G6o0pvyM9d1/ZYyMMVcx0DbsR6HP

# y4uo7xwYWMUGd8pLm1GvTAhKeo/io1Lijo7MJuSy2OU4wqjtxoGcNWupWGFKCpe0

# S0K2VZ2+medwbVn4bSoMfxlgXwyaiGwwrFIJkBYb/yud29AgyonqKH4yjhnfe0gz

# Htdl+K7J+IMUk3Z9ZNCOzr41ff9yMU2fnr0ebC+ojwwGUPuMJ7N2yfTm18M04oyH

# IYZh/r9VdOEhdwMKaGy75Mmp5s9ZJet87EUOeWZo6CLNuO+YhU2WETwJitB/vCgo

# E/tqylSNklzNwmWYBp7OSFvUtTeTRkF8B93P+kPvumdh/31J4LswfVyA4+YWOUun

# MYIEezCCBHcCAQEwgZIwfTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIg

# TWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENB

# IExpbWl0ZWQxIzAhBgNVBAMTGkNPTU9ETyBSU0EgQ29kZSBTaWduaW5nIENBAhEA

# +CGT8y+uLXmA2UBOFe5VGzAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAig

# AoAAoQKAADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgEL

# MQ4wDAYKKwYBBAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQUUx9G5Ly54PpQas8w7e6a

# BXwLyo0wDQYJKoZIhvcNAQEBBQAEggEAwJTC3Rg4V39QPORBCr3y0CDqi88u8Iz5

# uFuES2cmqapxx9pDX+uyGcWFKjv4Mxusbst3X1hpiR1hV5gCLdS3nkG00CAbczHO

# rOMJ5AniM8R+SaTzqbbFMH/lGqkraa/Ir2waWB/IwBPHp5U0sJADHwdTtG6AlqJU

# Yt81qlQfaFc5+66ZsKsFSpz5G+beVWifKfOmcia1+K4sEMn1Hu+GxEFruAnnYlb7

# Ln7eOhv5IL7AQkPgM2ZI3FIbsNSPf1I/NhGMe7+xUI2RYY2PZKAvNh0OJvdhwsCY

# pkBBmdGnXubtfS90JrRYknUEOxPbqmRW/U4xWWxWd362btxOEpwYL6GCAkMwggI/

# BgkqhkiG9w0BCQYxggIwMIICLAIBADCBqTCBlTELMAkGA1UEBhMCVVMxCzAJBgNV

# BAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVT

# RVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5j

# b20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3QtT2JqZWN0Ag8WiPA5JV5jjmkUOQfm

# MwswCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI

# hvcNAQkFMQ8XDTE3MDExMjIzMDcwMVowIwYJKoZIhvcNAQkEMRYEFISPkeuhlZVK

# YnJw1CX6Tw2k5h/SMA0GCSqGSIb3DQEBAQUABIIBACX2m6QxlEo7fb7nbWD9ObYt

# LVZDrri+PF5snWr56nRQnRRvprLTiBNuXPr9yhiKeGduUGdx5E1RLpWQ/5hj5puG

# nakYbyrH0OKt/gYrWvlvqdpSxXGt+luMbrjh8I4j8TarvYlX8uM4M8irQ+O5Hrtq

# L6t/VKQHJRWzN4+JAnX8b5gmfB1cNH7FkuidV12HwKSW6cu40AsfK31Cvr6xiRA2

# UsGcALCiuBpYZw3SwC9gyiXngqMohogeF9uJQxGSHVa2bisbFy6pmRXmRO4frMhF

# Lf1eJQOc9w1a2CfCmM8SSHhOt/GR1MK0mvfNmbx19S25Rgwft/a06Ll+3qO+Kw4=

# SIG # End signature block