WinDbg Built-in Commands
WinDbg built-in commands are controlling and getting information from the debugging target. The following table shows frequently used built-in commands.
| Command | Description | Example |
| bp | Set Breakpoint | bp notepad!AlertBox |
| bl | List Breakpoints | bl |
| be | Enable Breakpoint | be 1 |
| bd | Disable Breakpoint | bd 1 |
| bc | Clear Breakpoint | bc 1 bc * (clear all) |
| d (dd / dw / db) | Dump memory (dump memory in dword, word, byte) | dd 77960a70 |
| dt | Dump using type information | dt nt!_PEB CriticalSectionTimeout. 7ffdf000 |
| dv | Dump local variable | dv |
| dx | Display debugger object model expression | dx -r3 Debugger.Sessions |
| e, ed, ew, eb | Enter into memory the values that you specify | ed 7795ed3c 11112222 |
| g | Go | g |
| k (kp / kb) | Display stacktrace | kp |
| lm | List modules | lmvm ntdll |
| ln | List nearest symbols | ln 7795ed4b |
| p (pc / pa) | Step over (step over to next function / to next address) | p |
| t | Step into | t |
| r | View or set registers | r |
| s | Search memory to find a specific byte pattern | s -d 0012ff40 L20 'ABCD' |
| sx (sxe / sxd) | Display set exception list (break when the exception occurs / do not break) | sxe ld clr (break when clr is loaded) |
| u (uf) | Unassemble (unassemble function) | uf . |
| x | Examine symbols. Displays the symbols in all contexts that match the specified pattern | x notepad!* |
| ? expr / ?? expr | Display expression / display C++ expression | ? 0xFF |
| version | Show debuggee and debugger version | version |
| q | Quit | q |
| ~ | List threads | ~ ~3s (switch to thread#3) |
| | | Display current process information | | |
| ? | Help | ? |