1. WinDbg Command Types
WinDbg has 3 different types of commands: WinDbg built-in commands, dot commands, bang commands. In a nutshell, here is the brief explanation about the types.
- WinDbg built-in commands are the ones controlling and getting information from the debugging target.
For example, "g" (go) command is used to run the debugging process and "bp" is used to set breakpoint. "k" command is used to get call stack information and "dd" command is used to dump memory data.
- dot commands, aka meta commands, are the ones controlling debugger itself, not the debugging target.
All dot commands start with dot (.), hence the name.
For example, ".cls" command clears WinDbg screen and ".dump" command is used to create a dump file from WinDbg.
- bang commands, aka extension commands, are the commands from the debugger extension.
WinDbg have many different debugger extensions, which can be developed by 3rd party or individual developers.
Debugger extension commands start with bang(!), hence the name.
Once the debugger extension is loaded (by using .load command), any command from the extension can be used.
For example, .NET application can be debugged by using SOS debugger extension. "!sos.clrstack" (or simply "!clrstack") command is used to display .NET CLR call stack and "!threads" command is used to display all managed threads in the .NET process.