1、基本命令帮助
(1)断点指令
B[C|D|E] [<bps>]
clear|disable|enable breakpoints
 
BL
list breakpoints
 
BP <address>
set soft breakpoints
 
BA <access> <size> <addr>
break on access
 
(2)数据查看指令
D[type][<range>]
dump memory
 
DT [-n|y] [[mod!]name] [[-n|y]fields][address] [-l list] [-a[]|c|i|o|r[#]|v]
dump using type information
 
DV [<name>] 
dump local variables
 
(3)数据修改指令
E[type] <address> [<values>]
enter memory values
 
(4)运行
G[H|N] [=<address> [<address>...]] 
go
 
P [=<addr>] [<value>]
step over
 
(5)堆栈操作
K[b|p|P|v]
 
(6)显示加载的模块列表
LM
list modules
 
(7)寄存器操作
R [[<reg> [= <expr>]]]
view or set registers
 
(8)Search指令
S[<opts>] <range> <values>
search memory
 
(9)跟踪指令T,TA,TB,TC,WT,P,PA,PC
 
(10)退出
 

(11)反汇编

U [<range>]

unassemble

UF

(12)版本查看

version 

show debuggee and debugger version

(13)查看符号

X [<*|module>!]<*|symbol>

view symbols

(14)查看表达式

? <expr>

display expression

?? <expr> 

display C++ expression

 
2.扩展命令
(1)!analyze
作用:该扩展命令执行大量分析,显示出当前异常或bug的大量信息
语法:
User-Mode
!analyze [-v] [-f | -hang] [-D BucketID
!analyze -c [ -load KnownIssuesFile | -unload | -help ]
Kernel-Mode
!analyze [-v] [-f | -hang]  [-D BucketID
!analyze -c [ -load KnownIssuesFile | -unload | -help ]
!analyze -show BugCheckCode [BugParameters
 
(2)显示临界区
!locks 扩展、!critsec 扩展、!cs 扩展和 dt
 
3.WinDBG快捷键
ctrl+s: set symbol path
ctrl+i: set image path
ctrl+p: set source path
 
ctrl+d: load crash dump file
ctrl+e: load exe file
ctrl+o: open source file
ctrl+r: connect to remote session
ctrl+k: kernel debug
f6: attach to a process
 
f5: go
f10: step over
f11: step into
ctrl+shift+f5: restart
 
alt+1: command
alt+2: watch
alt+3: locals
alt+4: registers
alt+5: memory
alt+6: callstack
alt+7: disassambly
alt+8: stratch pad
alt+9: processes and threads