notes/os/win/debugging/windbg/commands.txt

--------------------------------------------------------------------------------------------------------------------
GENERAL
--------------------------------------------------------------------------------------------------------------------
.cls - clear screen
.lines [-e | -d | -t] - enable/disable/toggle source lines

qd - quit and detach (don't stop the debugee)

--------------------------------------------------------------------------------------------------------------------
SYMBOLS
--------------------------------------------------------------------------------------------------------------------
.sympath - get the current symbol path
.sympath SRV*D:\dev\MsSymbols*http://msdl.microsoft.com/download/symbols - set path

--- add path
.sympath+ SRV*D:\dev\MsSymbols*http://msdl.microsoft.com/download/symbols
.sympath+ D:\Knova\Geneva\7.22\inst\Platform\Server

http://msdn.microsoft.com/en-us/library/cc266473.aspx:

SRV*D:\dev\MsSymbols*http://msdl.microsoft.com/download/symbols

!sym noisy - before your reload command for detailed output
.reload /f - reload symbols
!sym quiet 

.sympath[+] path_to_pdbs
.symfix[+] path_to_system_pdb_store 

--------------------------------------------------------------------------------------------------------------------
MODULES
--------------------------------------------------------------------------------------------------------------------

!lmi ntdll.dll - detailed info about module

Each build of your module generates a new GUID embeded into the build results (the PE file and the PDB file).
Windbg uses this GUID to match the module with the proper PDB. Youcan see the GUID of the current module
using the windbg command !lmi <module name> and look at the RSDS -GUID line.

--------------------------------------------------------------------------------------------------------------------
Process and threads
--------------------------------------------------------------------------------------------------------------------

Process and threads - http://msdn.microsoft.com/en-us/library/cc266412.aspx

Processes - http://msdn.microsoft.com/en-us/library/cc266586.aspx

| - displays all processes (|*)

--------------------------------------------------------------------------------------------------------------------
THREADS
--------------------------------------------------------------------------------------------------------------------

Threads - http://msdn.microsoft.com/en-us/library/cc266597.aspx

~ - display all threads

~. - currently active thread
~<num> s - set current thread
~# - the thread that originally caused the exception
~2 - thread number 2
~~[<TID>] - thread with id
~* - all the threads

All the above could be applied to the other command
~2 k - dump stack trace of thread NUMBER 2

kd - WORKS!!!
k - call stack (20 frames)
kb100 - command asks the debugger to display up to 100 stack frames
kM (kinda undocumented) generates links to frames (DML)


?????
!stacks - Waiting threads
!running - Running threads
!ready - Ready threads

--------------------------------------------------------------------------------------------------------------------
TRACES
--------------------------------------------------------------------------------------------------------------------

.lines - toggle source line support
l+[option]
l-[option]
 
p  - Step
t  - Trace

wt - Trace and Watch Data (at the beginning of the function)

--------------------------------------------------------------------------------------------------------------------
LOCKS
--------------------------------------------------------------------------------------------------------------------

Locks, Critical sections - http://msdn.microsoft.com/en-us/library/cc267852.aspx

!locks
!locks -v
!cs -l -s -o - for both crashes and hangs

!qlocks - internal queued spinlocks

--------------------------------------------------------------------------------------------------------------------
MEMORY
--------------------------------------------------------------------------------------------------------------------

!address Addr

!address -?
!address -summary 
!address -RegionUsageXXX - Dump specified regions (RegionUsageStack, RegionUsagePageHeap, ..)

--------------------------------------------------------------------------------------------------------------------
ANALYSIS
--------------------------------------------------------------------------------------------------------------------

!analyze -v
!analyze -vv
!analyze -v -hang - for hangs (need to set active thread for better info)

http://www.dumpanalysis.org/blog/index.php/2007/06/20/crash-dump-analysis-checklist/

--------------------------------------------------------------------------------------------------------------------
SYSTEM
--------------------------------------------------------------------------------------------------------------------

GetLastError:
!gle 
!error error_number 

--------------------------------------------------------------------------------------------------------------------
EXPRESSION
--------------------------------------------------------------------------------------------------------------------

?? this - evaluate C++ expression (this)

--------------------------------------------------------------------------------------------------------------------
USEFULL SCRIPTS
--------------------------------------------------------------------------------------------------------------------

Scripts:
Dump2txt (automation) - http://www.dumpanalysis.org/blog/index.php/2006/12/09/dmp2txt-solving-security-problem/
http://www.dumpanalysis.org/blog/index.php/2006/08/25/windbg-scripts-first-encounters/
http://www.dumpanalysis.org/blog/index.php/2006/09/07/yet-another-windbg-script/





Advanced Debugging - http://msdn.microsoft.com/en-us/library/cc267838.aspx


.foreach - http://blogs.msdn.com/debuggingtoolbox/archive/2009/03/12/special-command-parsing-strings-files-and-commands-output-using-foreach.aspx
dv /i /t