Using debugger to Log command lines of crashed applications

Question

We have an application that crashes at startup, especially under high load. Problem is, there's no way to tell apart the various instances of this process from one another, except the invocation command line itself.

Is there a way to use WinDBG, WER, etc. to extract the command lines of crashed processes? I know it's nested in the PEB somewhere. The goal would be to just have it dump the information so that we can see if the crashing processes have anything in common.

Thoughts?

Answer 1

Try ??@$peb->ProcessParameters->CommandLine

Answer 2

In WinDbg, !peb shows the Process Environment Block including the command line. Because the output is long, I recommend filtering it using .shell:

.shell -ci "!peb" find "CommandLine"