Unattended WinDbg script for breakpoints and delays

Question

I want to debug an application running on Windows by setting a breakpoint on a certain address, waiting till the breakpoint is hit, keeping the application paused for a certain period of time and then continuing. All of this should be done in an unattended fashion (e.g. a script).

To do this, I chose to use WinDbg since the scripting support seems promising.

Starting WinDbg and attaching to the process by process name can e.g. be done by invoking the following command:

"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe" -pn my-executable.exe

Setting the breakpoint is done with the bu command:

bu 0x1337

Continuing works with the g command.

Delaying can be done with the .sleep command:

.sleep milliseconds

For writing WinDbg scripts this PDF might be helpful.

How can I piece it all together? I didn't figure out how delaying after hitting a breakpoint can be done nor do I know how to perform all of those actions (including attaching) from the command line alone without loading up the WinDbg GUI at all.

Answer 1

what for you need to sleep

you can embed the script commands and pass it to and instance of windbg

with -c switch the command below lists the modules and quits the session

windbg -c "lm;q" calc.exe

you can put it inside a batfile and run the batfile like

cdb -c "bu %2 \".sleep 5000;g\";g" %1.exe

a gif showing how i broke on winmain slept for 5 seconds before allowing the exe to run below