Cheatography
https://cheatography.com
A cheat sheet on WinDbg commands
This is a draft cheat sheet. It is a work in progress and is not finished yet.
Basic commands
Continue |
g |
Step over |
p |
Step into |
t |
Step to next return |
pt |
Reload symbols |
.reload -f |
Print registers |
r <register> |
Change register |
r <register>=<value> |
List modules |
lm |
Search module |
lm m <MODULENAME> |
Examine symbol |
x <Symbol> |
Execution flow control
New breakpoint |
bp <LOCATION> |
List breakpoints |
bl |
Disable breakpoint |
bd <Breakpoint number> |
Enable breakpoint |
be <Breakpoint number> |
Clear breakpoint |
bc <Breakpoint number> |
New unresolved breakpoint |
bu <Unresolved func> |
Hardware BP |
ba <x|w|r> <size> <addr> |
|
|
Memory access
Unassemble from memory |
u <addr|symbol> |
Display bytes |
db <addr|symbol> [L<size>] |
Display words |
dw <addr|symbol> [L<size>] |
Display double words |
dd <<addr|symbol> [L<size>] |
Display quad words |
dq <addr|symbol> [L<size>] |
Display ascii chars |
dB|dW|dD|dQ <addr|symbol> [L<size>] |
Display content of pointer |
db|dw|dd|dq poi(<REGISTER>) |
Display datatype |
dt <DATATYPE> |
Display dt nested structs |
dt -r <DATATYPE> |
Display dt fields |
dt <DATATYPE> <Field> |
Display dt in address |
dt <DATATYPE> <addr> |
Get size of structure |
?? sizeof(<STRUCT>) |
Edit memory |
ed <ADDR> <value> |
Edit in ascii |
ea <ADDR> <value> |
Edit in unicode |
eu <ADDR> <value> |
Search DWORD in memory |
s -d <START_ADDR> <LEN> <NEEDLE> |
Search ASCII in memory |
s -a <START_ADDR> <LEN> <NEEDLE> |
|
|
|
