Manuals on MSDN on WinDbg

Reference: http://msdn.microsoft.com/en-us/library/windows/hardware/ff540507 (v=vs.85). aspx

This is the most reliable reference, than the. hh to be intuitive.

Make a little edit on Linux

[Email protected] ~/windbg $ awk ' BEGIN{MAXINDEX=0}{IDX = Index ($ A, "("); if (idx > Maxindex) maxindex = idx;} End{print maxindex} ' commands 57[email protected] ~/windbg $ awk ' fs= ' [()] "{printf ("%60s\t%s\n ", $, $)} ' commands > C ommands_formated

　　

Basic Commands

[email protected] ~/windbg $ awk ' fs= "[()]" {printf ("%60s\t%s\n", $, $)} ' commands ENTER (Repeat $<, $><, $$<, $$><, $$>a< Run Script File? Command help? Evaluate Expression??                                                         Evaluate C + + Expression # Search for disassembly Pattern || System Status | | s Set Current System |                                                          Process Status |s Set Current process                                            ~ Thread Status             ~e thread-specific Command ~f Freeze Thread                                                         ~u unfreeze Thread                                                         ~n Suspend thread ~m Resume thread ~s Set Current Thread ~s Change current P                                                         Rocessor a Assemble                                                         Ad Delete Alias Ah assertion handling Al List Aliases as, as Set Alia                                                         s BA break on Access BC Breakpoint Clear BD Breakpoint Disable                                                 Be breakpoint Enable BL breakpoint List                                                         BP, BU, bm Set Breakpoint                                                        BR Breakpoint Renumber BS Update Breakpoint Command                                                          BSc Update Conditional Breakpoint C Compare Memory D, DA, DB, DC, DD, DD, DF, DP, DQ, DU, DW, DW, Dyb, dyd Display Memory DDA, DDP, Ddu, DPA, DPP, DPU, DQA, DQP, dqu Display referenced Memory DDS, DPS, DQ                                           s display Words and Symbols DG Display Selector              DL Display Linked List ds, DS display String DT Display Type DV Di                                                      Splay Local Variables E, EA, Eb, ed, ed, EF, EP, EQ, EU, EW, Eza, Ezu Enter Values                                                         F, FP Fill Memory g Go                                                         GC Go from Conditional Breakpoint GH go with Exception Handled GN, GN go with Exception not Handl Ed Gu Go up ib, IW                                  , id Input from Port J Execute If-else K, KB, KC, KD,KP, KP, kv Display Stack backtrace l +, L-set Source Options LD Load Symbols LM                                                    List Loaded Modules ln list Nearest Symbols LS, LSA list Source Lines LSC list Cur                                                  RENT source LSE Launch Source Editor LSF, lsf-load or Unload Source File LSP Set Num                                                          ber of Source Lines m Move Memory                             n Set number Base ob, OW, OD Output to Port                             P Step PA Step to Address PC Step to Next call P CT step to Next call or Return ph Step to next branching instructi                                                      On PT Step to Next Return                                                          Q, QQ quit QD quit and Detach                                                         R Registers RDMSR Read MSR                                                          RM Register Mask                                           s Search Memory so Set Kernel debugging Options              Sq set Quiet Mode ss Set Symbol Suffix SX, SXD, Sxe, SXi, Sxn, SXR, Sx-set Exceptions t Tr                                                         Ace Ta Trace to Address                                                        TB trace to next Branch TC Trace to Next Call                                                         TCT Trace to Next call or Return  Th trace to Next branching instruction TT Trace to                                                         Next Return u unassemble UF unassemble Function up unassemble from Physica                L Memory                                         ur unassemble Real Mode BIOS                                                    UX unassemble x86 BIOS vercommand Show Debugger Command Line Version Show Debugger version V                                                         Ertarget Show Target Computer Version wrmsr Write MSR                                                          Wt Trace and Watch Data x examine Symbols Z Execute while

　　

Meta commands

[email protected] ~/windbg $ awk ' fs= "[()]" {printf ("%30s\t%s\n", $, $)} ' Meta_commands. Aband                   On (Abandon allow_exec_cmds allow execution Commands. allow_image_mapping Allow image mapping                      . APPLY_DBP apply Data breakpoint to the Context. ASM Change Disassembly Options . Attach attach to Process. Beep Speaker beep. Bpcmds Display Breakpoi NT Commands. Bpsync Synchronize Threads at breakpoint. Breakin Break to the Kerne                       L Debugger. Browse display Command in Browser. bugcheck Display Bug Check Data . cache Set Cache Size. Call call Function. Chain List Debu                 Gger Extensions. childdbg Debug child Processes. Clients List Debugging clients . ClosehandlE Close Handle. CLS Clear screen. Context Set User-mode Address context . copysym Copy Symbol Files. Cordll Control CLR debugging. Crash F                         Orce System Crash. Create create process. Createdir Set Created Process Directory                      . CXR Display Context Record. dbgdbg Debug Current Debugger . Detach detach from Process. Dml_flow unassemble with Links. Dml_start Display DML                     Starting point dump Create dump file. Dumpcab Create dump file CAB                  . Dvalloc Allocate memory. Dvfree free memory. Echo Echo Comment . Echocpunum show CPU number. Echotime Show current time Echotimestamps show T              IME Stamps          . ECXR Display Exception Context Record. Effmach effective machine. Enable_long_stat US enable Long Integer display. Enable_unicode enable Unicode display. Endpsrv End proces                  S Server. endsrv End Debugging server. Enumtag Enumerate secondary Callback Data . Event_code display event code. EventLog Display recent Events. ex Epath Set executable Path. Expr Choose Expression Evaluator. Exptr Display Ex Ception pointers. EXR display Exception Record. Extmatch Display all Matching E                       Xtensions. Extpath Set Extension Path. f+,. F-shift Local Context . Fiber Set Fiber Context. Fiximports Fix Target Module Imports. Flash_on_break Flash                On break       . fnent display function Data. fnret display function Return Value. FORCE_RADIX_OUTPU t use Radix for integers. FORCE_TB forcibly allow Branch tracing. Formats Show Numb                        Er Formats. Fpo Control FPO Overrides. Frame Set Local Context . Help Meta-command Help. hh Open HTML help File hideinjectedcode Hide injec Ted Code. Holdmem hold and Compare Memory. Idle_cmd Set idle Command. Ignore                     _missing_pages suppress missing Page Errors. Inline Toggle inline Function debugging . Imgscan Find Image Headers. Kdfiles set Driver replacement Map. Kframes Set S                       Tack Length. Kill kill Process. Lastevent Display Last Event . Lines Toggle Source LINE support. Load,. loadby load Extension DLL. Locale Set locale. Log                     Append append log file. logclose Close log file. logfile Display Log file Status . Logopen Open Log File. Netuse Control Network Connections. nos Hell prohibit Shell Commands. noversion Disable Version Checking. Ocommand Expect Com                    Mands from Target. Ofilter Filter Target Output. Open Open Source File . opendump Open Dump File. Outmask Control Output Mask. Pagein Page in                  Memory. Pcmd Set Prompt Command. Pop Restore Debugger State . Prefer_dml prefer Debugger Markup Language. Process Set process Context. Prompt_allo W Control Prompt Display                        . Push Save Debugger State quit_lock Prevent Accidental quit . Readmem Read Memory from File. Reboot reboot Target computer. Record_branches Enable Br                 Anch recording. Reload reload Module. Remote Create Remote.exe Server . remote_exit Exit Debugging Client Restart restart Target application. Rest Art Restart Kernel Connection. Rrestart Register for Restart. Scroll_prefs Control Sourc                      e scrolling Preferences. Secure Activate secure Mode. send_file Send File . server Create debugging server. Servers List debugging servers. setd ll Set Default Extension DLL. Shell Command Shell show_read_failures. Show_sym               _failures        . Sleep Pause Debugger. sound_notify use Notification sound. Srcfix,. Lsrcfix Use Source Server. Srcnoisy Noisy source Loading. Srcpath,. Lsrcpath Set source Path. Ste P_filter set Step filter. suspend_ui suspend WINDBG Interface. Symfix Set Symbol Sto                      Re Path. symopt set symbol Options. Sympath Set Symbol Path . Thread Set Register Context. Time Display System time tlist List Process ID                       S. Trap display trap Frame. TSS Display Task State Segment . Ttime Display Thread times. typeopt Set Type Options. Unload Unload Extens                        Ion DLL. Unloadall Unload all Extension DLLs. Urestart Unregister for Restart . Wake WaKe Debugger. write_cmd_hist write Command history. Writemem Write Memory to File . wtitle Set Window Title

　　

Kernel Mode Extensions

!ahcache!alignmentfaults!analyzebugcheck!apc!apicerr!arbinst!arbiter!ate!bcb!blockeddrv!bpid!btb!bth!bugdump! Bushnd!ca!callback!calldata!can_write_kdump!cbreg!cchelp!chklowmem!cmreslist!cpuinfo!db,!DC,!dd,!DP,!DQ,!du,! dw!dbgprint!dblink!dcr!dcs!deadlock!defwrites!devext!devhandles!devnode!devobj!devstack!dflink!diskspace!dma! Dpa!dpcs!driveinfo!drivers!drvobj!dskheap!eb,!ED!ECB,!ECD,!ecw!ecs!errlog!errpkt!errrec!exca!filecache! filelock!fileobj!filetime!finddata!findfilelockowner!for_each_process!for_each_thread!fpsearch!frag!frozen! Fwver!gbl!gentable!hidppd!ib,!id,!IW!ICPLEAK!IDT!IH!IHS!IORESDES!IORESLIST!IOVIRP!IPI!IRP!IRPFIND!IRPZONE!IRQL !ISAINFO!ISR!IVT!JOB!KB,!kv!loadermemorylist!lockedpages!locks (!kdext*.locks)!logonsession!lookaside!lpc!mca! Memlist!memusage!mps!mtrr!npx!ob,!od,!ow!object!obtrace!openmaps!pars!pat!pci!pciir!pcitree!pcm!pcr!pcrs!pfn! pmc!pmssa!pnpevent!pocaps!pool!poolfind!poolused!poolval!popolicy!pplookaside!ppmidle!ppmidleaccounting! Ppmperf!ppmperfpolicy!ppmstate!prcb!process!processfields!processirps!psp!pte!pte2va!ptov!qlocks!ready!reg!regkcb!rellist! Ruleinfo!running!scm!search!searchpte!sel!session!smt!spoolsum!spoolused!sprocess!srb!stacks!swd!sysinfo! sysptes!thread!threadfields!time!timer!tokenfields!trap!tss!tz!tzinfo!ubc!ubd!ube!ubl!ubp!urb!vad!vad_reload! Validatelist!verifier!vm!vpb!vpdd!vtop!walklist!wdmaud!whattime!whatperftime!whea!wsle!xpoolmap!zombies

General Extensions

!acl!address!analyze!asd!atom!bitcount!chksym!chkimg!cppexr!cpuid!cs!cxr!dh!dlls!dml_proc!dumpfa!elog_str! Envvar!error!exchain!exr!findxmldata!for_each_frame!for_each_function!for_each_local!for_each_module!for_each_ Register!gflag!gle!gs!handle!heap!help!homedir!hstring!hstring2!htrace!imggp!imgreloc!kuser!list!lmi!mui!net_ Send!obja!owner!peb!rebase!rtlavl!sd!sid!slist!std_map!stl!str!sym!symsrv!teb!tls!token!tp!triage!ustr!version !winrterr

　　

User mode extensions

!AVRF!CRITSEC!DP (!NTSDEXTS.DP)!dreg!dt!evlog!findstack!gatom!igrep!locks (!ntsdexts.locks)!mapped_file!runaway! Threadtoken!uniqstack!vadump!vprot