forked from vedang/csaoid
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwindbg-cheatsheet
executable file
·58 lines (50 loc) · 2.36 KB
/
windbg-cheatsheet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
* Basics
F5 - g - run until inserted breakpoint throws exception
F10 - p - step to next instruction (without entering functions)
F11 - t - same as above, but will enter functions
.hh command - launch windbg help for particular command
.attach - to attach to a process
.detach - to detach the process you have attached.
!analyze -v : verbose analysis of exception (especially unhandled exceptions and access violations)
q - will quit, exit the process
* Display
dt - display type - shows the type of variable
dv - display information about local variables
dds, dqs, dps - display the contents of memory in the given range
* Call Stacks
k - show call stack
kv - show verbose output
kn - frame number for each call
kp - displays full paramaters for each function call
* Breakpoints:
bp - set breakpoint
bl - list breakpoint
bd - disable breakpoint
be - enable breakpoint
bc - clear breakpoint
* Threads:
~. - current thread
~<thread ordinal number> - display thread
~<thread ordinal number>s - Change and stay with this thread
~# - shows last thread that called the break
~* - shows information for all the threads
!token -n - display thread permissions
!runaway - information about thread CPU consumption
!thread - displays summary of information about the thread. used only in kernel debugging mode
!teb - displays a formatted view of the information in the thread environment block
Since commands can be stacked we can say something like:
~*kv - show verbose call stack information for all threads
* Useful when debugging hangs:
!locks - dump all the locks in the process.
!handle - dump handles taken by all the threads in the process
This is especially useful to find which thread has taken a handle that some other thread is waiting on. We get the name (so to say) of the handle from the waiting thread, and we can use it to find information about the handle by running '!handle handle_name f'.
* Information
lm - display all the modules
lmf - with full path
!lmi module_name - display information about a particular module
!address -summary - print summary of memory that the target process or target computer uses.
* Other
put cursor at point and do Ctrl+Shift+I - will alter the instruction pointer to exec this instruction next
r - will display registers
n - will change base
!peb - will display lots of helpful information about the environment