|
|
Windbg is the Windows Debugger tool. It can be found at http://www.microsoft.com/ddk/debugging/default.asp. Table 16-8 lists the Windbg commands.
|
Command |
Description |
|---|---|
|
kvn |
Dumps stack |
|
r |
Dumps registers |
|
u |
Unassembles |
|
~[#]s |
Changes thread to # |
|
dt [type] address |
Dumps type |
|
dv |
Dumps locals and parameters |
|
bp (address or module!name) |
Sets breakpoint |
|
bc |
Clears breakpoint |
|
bd |
Disables breakpoint |
|
be |
Enables breakpoint |
|
x module!function |
Returns function address |
|
sxe ld:module.dll |
Breaks on module load |
|
dc |
Dumps characters |
|
da |
Dumps ASCII |
|
du |
Dumps Unicode |
|
!lmi |
Loads module information |
|
ln |
Lists nearest method |
|
lm |
Lists modules |
|
lmv |
Lists modules verbose |
|
!heap |
Gets Win32 heap information |
|
!sympath |
Sets symbols path |
|
!srcpath |
Sets source path |
|
!locks |
Shows critical sections for process |
|
!gle |
Gets last error |
|
!peb |
Dumps process block |
|
!teb |
Dumps thread block |
|
.dump /f [path.dmp] |
Forces a fill memory dump |
|
.server tcp:port=5000 |
Debug server |
|
tcp:server=name,port=5000 |
Debug client |
|
!logo |
Sets up API logging |
|
!loge |
Enables logging |
|
!logm x module.dll |
Excludes module logging |
|
!logm I ntdll.dll |
Logs NTDLL calls |
|
|