Skip to content

Releases: yotsuda/CrashDrive

v0.4.0

16 Apr 21:34
@yotsuda yotsuda
v0.4.0
7ea84cd

Choose a tag to compare

View all tags
v0.4.0 Latest
Latest

What's new

New: Invoke-CrashCommand

Generic dbgeng passthrough cmdlet for Dump and TTD drives — the escape hatch for commands that don't fit a filesystem path (!locks, !syncblk, custom .ecxr workflows, etc.). Shares the drive's session via DbgEngSessionManager, so it runs in the same engine instance the provider uses for path resolution (no duplicate target load, no cross-drive steal).

New-CrashDrive dmp .\crash.dmp
Invoke-CrashCommand '!analyze -v'
Invoke-CrashCommand 'lm m *CrashDrive*'

New-CrashDrive ttd .\recording.run
Invoke-CrashCommand 'dx -r0 @\$curprocess.TTD.Lifetime' -Position start

Paths still come first — this is the fallback, not the default.

Improved: managed source resolution on Normal / WithHeap dumps

`ClrRuntime.GetMethodByInstructionPointer` needs a Full dump's code-heap metadata, which Normal and WithHeap dumps lack. For stack-frame IPs specifically, `ClrThread.EnumerateStackTrace()` can still recover a `ClrMethod` through the stack walker. 0.4.0 builds an IP→Method cache from the walker and consults it when the heap-index path returns null. Arbitrary non-stack IPs still won't resolve on non-Full dumps by design.

Line-level resolution remains gated by `ClrMethod.ILOffsetMap` — a separate data-availability limit that only Full dumps carry fully. "Method but no line" is the honest ceiling for Normal dumps.

Improved: `ttd:\calls<mod><fn>\` paginates for high-hit functions

Hot-path functions (e.g. 1000+ hits) used to list every call as a sibling `.json`, which made `ls` unusable. When the hit count exceeds 256, the folder now exposes `-\ page folders (size 256, last page may be partial). Indices inside a page stay absolute, so \ttd:\calls\python313\PyObject_IsTrue\1024-1041\1024.json` reads the 1024th hit directly. Folders with ≤256 hits still render flat (unchanged).

Infrastructure

  • Pester 5 smoke suite under `tests/` (manifest, per-provider mount, capture round-trip, TTD pagination behavior)
  • GitHub Actions CI on `windows-latest` with .NET 8, builds and runs tests on push/PR to `master`

Install

```powershell
Install-Module -Name CrashDrive -RequiredVersion 0.4.0
```

Full changelog

  • Add Invoke-CrashCommand for dbgeng passthrough
  • Dump: walker-cache fallback for non-Full managed source resolution
  • Add Pester smoke tests and GitHub Actions CI
  • Bump version to 0.4.0
  • TTD: paginate calls<mod><fn>\ for high-hit functions

🤖 Generated with Claude Code

Assets 2
Loading

0.3.0 — First PSGallery Release

16 Apr 15:35
@yotsuda yotsuda
v0.3.0
1b90d9e

Choose a tag to compare

View all tags
0.3.0 — First PSGallery Release

First public release of CrashDrive. Mount Windows post-mortem artifacts as PSDrives — ls, cd, cat your way through crash dumps, Time-Travel Debugging recordings, and execution traces.

Why This Exists

Combined with splash (ConPTY-based shell MCP), AI agents can navigate crash dumps and TTD recordings through the filesystem metaphor — no specialized debugger-vocabulary tool wrappers required. Get-ChildItem dmp:\threads\12\frames works the same for humans and AI agents.

What's In The Box

Three providers, auto-selected from file content

Provider Opens Backend
Dump Windows minidumps, .NET crash dumps ClrMD + dbgeng
Ttd Time-Travel Debugging .run dbgeng + TTDAnalyze
Trace Python sys.monitoring JSONL, or .NET Harmony trace direct JSON

Key features

  • Source resolution on dumps
    • Native frames via dbgeng ln
    • Managed frames via ClrMD + portable PDB sequence points (requires DumpType.Full)
  • TTD answer-first overviewtriage.md, timeline/{events,exceptions,significant}, memory reverse-lookup (first-write, last-write-before)
  • .NET tracerNew-CrashDrive app -ExecutablePath .\App.exe launches a program under a runtime tracer (Harmony + DOTNET_STARTUP_HOOKS) and mounts the result. Zero code changes required in the target program
  • Python tracersys.monitoring-based JSONL capture with locals / globals / watch expressions
  • Editor-followcd into a frame or event and VS Code jumps to the source line

Install

Install-Module CrashDrive

Requirements

  • Windows
  • PowerShell 7.4+
  • WinDbg Preview (Microsoft Store) — for TTD support
  • .NET 6+ target — for .NET tracing
  • Python 3.12+ — for Python tracing

Known Limitations

  • Managed source resolution only resolves arbitrary JIT IPs on DumpType.Full. WithHeap / Normal dumps may still resolve stack-frame IPs but this is not guaranteed.
  • JIT inlining vs .NET tracer — Harmony cannot intercept calls that the JIT has inlined at the call site. For trivial one-liner methods, annotate with [MethodImpl(MethodImplOptions.NoInlining)]. Most real-world methods aren't aggressively inlined.
  • Windows (MSF) PDBs are not supported for managed source — only portable PDBs (the default for modern .NET).

Roadmap

  • Invoke-CrashCommand — generic dbgeng passthrough cmdlet
  • WithHeap / Normal dump managed source resolution
  • Unit / integration tests

Credits

Built on ClrMD, Harmony, and Microsoft.Diagnostics.NETCore.Client — all MIT, attributions in NOTICES.

Loading