[go: up one dir, main page]
Scribd
Upload
158 views1 page

WinDbg CheatSheet

This document provides a summary of commands for the WinDbg debugger, organized into the following categories: meta commands, breakpoints, bang commands, display controls, editing, memory, searching, filling, comparing, and moving. It lists common commands such as setting breakpoints (.bp), examining memory (.dump), listing modules (.lm), and disassembling code (.u).

Uploaded by

M. tem
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
158 views1 page

WinDbg CheatSheet

This document provides a summary of commands for the WinDbg debugger, organized into the following categories: meta commands, breakpoints, bang commands, display controls, editing, memory, searching, filling, comparing, and moving. It lists common commands such as setting breakpoints (.bp), examining memory (.dump), listing modules (.lm), and disassembling code (.u).

Uploaded by

M. tem
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

.

symfix: set the symbol path to point to the


Microsoft symbol store.

.reload /f module.dll: reload module symbols


bp <Addr>: regular breakpoint 
.detach: detach from a process
Meta Commands bp <Addr> <Num>: break at the Nth hit 
.cls: clear commands window
bu <Addr>: unresolved breakpoint 
.childdbg <0|1>: attach to child process
bm module!<Regex>: symbols breakpoint 
.writemem <FileName> <Range>:
write contents of a memory range to a file ba <Access> <Size> <Addr>: memory access
Breakpoints breakpoint

bl: list breakpoints


!teb | !teb <Addr>:
display thread environment block bd <Breakpoints>: disable breakpoint

!peb | !peb <Addr>: be <Breakpoints>: enable breakpoint


display process environment block
bc <Breakpoints>: clear breakpoint
!handle <Val>: get handle type
!handle: list all handles Bang Commands
!handle <Val> f: get handle detailed info
da: ascii
!address: view complete address space du: unicode
dw: word
!address <Addr>: dd: dword
display status of a memory block dq: qword
(region size, protection, ...) WinDbg Display
db: byte + ascii hexdump
dc: dword + ascii hexdump 
dW: word + ascii hexdump
dp: pointer size
g: go (continue) dD: double
df: float
p: step over dv: local variables
controls dt <Type> <Addr>: map struct type to addr
t: step into
ea: ascii
gu: step out eu: unicode
ew: word
? <Num>: hex to decimal ed: dword
?: evaluate expression eq: qword
Edit eb: byte 
? 0n<Num>: decimal to hex
ep: pointer size
eD: double
lm: list modules
Memory ef: float
eza: null-terminated ascii
k: show stack backtrace
ezu: null-terminated unicode
~<Num>s: switch to thread
s -Flags <Range> <Pattern>
~: list threads
-b: byte
~<Num>k: thread backtrace
General -w: word
Search -d: dword 
|<Num>s: switch to process
-q: qword
|: list processes
-a: ascii
|<Num>k: process backtrace
-u: unicode

r <Reg>: read register 


Fill f <Range> <Pattern> 
r: registers
r <Reg>=<Val>: set register  Compare c <Range> <Addr> 

u <Addr>: disassemble from this address Move m <Range> <Addr> 

u <Range>: disassemble memory range u: disassemble

uf <Addr>: disassemble function

x /f module!<Regex>: examine module


 x: examine symbols
functions matching this regex

You might also like