WinDbg Built-in Commands

WinDbg Built-in Commands

WinDbg built-in commands are controlling and getting information from the debugging target. The following table shows frequently used built-in commands.

Command Description Example
bp Set Breakpoint bp notepad!AlertBox
bl List Breakpoints bl
be Enable Breakpoint be 1
bd Disable Breakpoint bd 1
bc Clear Breakpoint bc 1
bc * (clear all)
d (dd / dw / db) Dump memory (dump memory in dword, word, byte) dd 77960a70
dt Dump using type information dt nt!_PEB CriticalSectionTimeout. 7ffdf000
dv Dump local variable dv
dx Display debugger object model expression dx -r3 Debugger.Sessions
e, ed, ew, eb Enter into memory the values that you specify ed 7795ed3c 11112222
g Go g
k (kp / kb) Display stacktrace kp
lm List modules lmvm ntdll
ln List nearest symbols ln 7795ed4b
p (pc / pa) Step over (step over to next function / to next address) p
t Step into t
r View or set registers r
s Search memory to find a specific byte pattern s -d 0012ff40 L20 'ABCD'
sx (sxe / sxd) Display set exception list (break when the exception occurs / do not break) sxe ld clr (break when clr is loaded)
u (uf) Unassemble (unassemble function) uf .
x Examine symbols. Displays the symbols in all contexts that match the specified pattern x notepad!*
? expr / ?? expr Display expression / display C++ expression ? 0xFF
version Show debuggee and debugger version version
q Quit q
~ List threads ~
~3s (switch to thread#3)
| Display current process information |
? Help ?
WinDbg