WinDBG Cheatsheet


Exceptions

0:000> sx
  • Natively available in WinDbg
  • Display exception types which will break on first or second chance

0:000> sxe clr
  • Natively available in WinDbg
  • Break when a first chance .NET exception is thrown

0:000> sxr
  • Natively available in WinDbg
  • Restore default parameters on exceptions break

0:000> sxe -c "!pe;g" clr
  • Natively available in WinDbg
  • Execute a command for each thrown .NET exception

0:000> !pe
  • Available in SOS
  • Display current breaking .NET exception details

0:000> !analyse –v
  • Available in SOS
  • Display current breaking .NET exception details
  • “!analyse –vv” to get more details

Misc

0:000> !DumpDomain
  • Available in SOS
  • List AppDomains in the process and loaded assemblies in each AppDomain

0:000> db <address>
  • Natively available in WinDbg
  • Display bytes at specified address

0:000> dd <address>
  • Natively available in WinDbg
  • Display dword at specified address

0:000> !mk
  • Available in SOSEX
  • Display managed and non-managed stacks

0:000> .cmdtree <path_to_textfile>
  • Natively available in WinDbg
  • Display shortcuts to WinDBG commands stored in a text file. For more information, read this article.
  • Every commands not asking for specific context parameters are available in the following file.

Threads

0:000> !Threads
  • Natively available in WinDbg
  • Display threads list

0:000> ~0s
  • Natively available in WinDbg
  • Switch to thread 0 (current thread)

0:000> ~*e !pe
0:000> ~* kb
  • Natively available in WinDbg
  • Run command on every threads

Breakpoints

0:000> bp module!function
  • Disponible nativement dans WinDbg
  • Set a breakpoint in the function of the specified module

0:000> bl
  • Natively available in WinDbg
  • List breakpoints

0:000> bc <id>
  • Natively available in WinDbg
  • Delete the breakpoint with the specified ID (ID available in bl)

Extensions

0:000> .unload
  • Natively available in WinDbg
  • Unload the last loaded extension

0:000> .chain
  • Natively available in WinDbg
  • Display loaded extensions

Symbols

0:000> ln <address>
  • Natively available in WinDbg
  • List the nearest symbols of the specified address

Modules

0:000> sxeld:clr
  • Natively available in WinDbg
  • Break when the specified module is loaded

Deadlocks

0:000> !dlk
  • Available in SOSEX
  • Search for deadlocks

Garbage Collector

0:000> bp clr!WKS::GCHeap::RestartEE ".if (dwo(clr!GCHeap::GcCondemnedGeneration)==2) {kb} .else {g}"
  • Natively available in WinDbg
  • Break right after a garbable collect of generation 2 and run kb

0:000> !FindRoots -gen1
  • Available in SOS
  • Break right before a garbage collect of the specified generation