| Command | |
| ! | ! Extension Commands |
| displays information about the memory that the target process or target computer uses. | |
| !analyze -hang | (hang) Generates !analyze hung-application output. |
| !analyze -v | displays information about the current exception or bug check. |
| !devstack | displays a formatted view of the device stack associated with a device object. |
| !drvobj | displays detailed information about a DRIVER_OBJECT. |
| !exqueue | (hang) displays a list of items currently queued in the ExWorkerQueue work queues. |
| !exqueue 2 | (hang) display a list of threads and events associated with the work queue and their wait states. |
| !handle | displays information about a handle or handles that one or all processes in the target system own. |
| !irpfind | (hang) displays information about all I/O request packets (IRP) currently allocated in the target system, or about those IRPs matching the specified search criteria. |
| !irql | displays the interrupt request level (IRQL) of a processor on the target computer before the debugger break. |
| !locks | (hang) information about kernel ERESOURCE locks. |
| !memusage | displays summary statistics about physical memory use. |
| !pcr | (hang) displays the current status of the Processor Control Region (PCR) on a specific processor. |
| !podev | displays the power capabilities of the target computer. |
| !poolused | (hang) displays memory use summaries, based on the tag used for each pool allocation. Use !xpoolused if this command does not work. |
| !process | (hang) displays information about the specified process, or about all processes, including the EPROCESS block. |
| !pte | displays the page table entry (PTE) and page directory entry (PDE) for the specified address. |
| !ready | displays summary information about each thread in the system in a READY state. |
| !session | displays one or more user sessions, or displays a specified process running in multiple user sessions. |
| !stacks | displays information about the kernel stacks. |
| !stacks 2 | (hang) displays the full parameters for all stacks, including those currently paged out and the current kernel stacks |
| !teb | displays a formatted view of the information in the thread environment block (TEB). |
| !thread | displays summary information about a thread on the target system, including the ETHREAD block. |
| !verifier –f | displays the status of Driver Verifier and its actions. |
| !vm | (hang) displays summary information about virtual memory use statistics on the target system. |
| !vm 20 | (hang) display to include kernel virtual address usage. |
| !xpoolmap | (hang) displays a map of pool use |
| . | . Commands |
| .cxr | displays the context record saved at the specified address. It also sets the register context. |
| .imgscan | scans virtual memory for image headers |
| .kFrames | sets the default length of a stack trace display, i.e. 0n256 = 256 length |
| .reload | deletes all symbol information for the specified module and reloads these symbols as needed |
| .sympath | changes the default path of the host debugger for symbol search. |
| .trap | displays the trap frame register state and also sets the register context. |
| a | Standard Commands |
| dh | displays the headers for the specified image. |
| dps | The dds (double word), dps (pointer-sized), and dqs (quad-word) commands display the contents of memory in the given range. |
| dt | displays information about a local variable, global variable or data type |
| kvf, kvn | display the stack frame of the given thread, together with related information |
| lm | displays the specified loaded modules. |
| ln | displays the symbols at or near the given address |
| r | displays or modifies registers, floating-point registers, flags, pseudo-registers, and fixed-name aliases. |
| ub | displays an assembly translation of the specified program code in memory. |
| uf | displays an assembly translation of the specified function in memory. |
| uf /c | Displays only the call instructions in a routine instead of the full disassembly. |
| up | displays an assembly translation of the specified program code in physical memory. |
| vertarget | displays the current version of the Microsoft Windows operating system of the target computer. |
| x | displays the symbols in all contexts that match the specified pattern. |
Sunday, 30 April 2017
Common WinDBG Commands Reference
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment