Using Windbg, aka Debugging Tools for Windows, is a great way for debugging, crash analysis, and reading dump files. If you’re not a keyboard person who likes to write commands and be in the driver’s seat, you might not like it at the first glance, but after using it, you’ll appreciate its power. To give you a jump start on the available commands, here’s a a quick list of some handy commonly used ones:

Command

Description

.loadby sos mscorwks

Loads SOS extension for dealing with the managed code. SOS extension comes with the .Net framework. That command will load SOS.dll which resides in the same directory as mscorwks, which must be in the address space

.load <path>\sos.dll

Loads SOS extension from explicitly specified location

.sympath srv*\\Symbols\Symbols

Sets the symbols lookup path to the symbol server

.sympath+ <path>

Appends the symbol lookup paths

.srcpath <path>

Sets the source lookup path.

.srcpath+ <path>

Appends the source lookup path

.exepath <path>

Sets the executable lookup path

ld *

Loads symbols for all modules

.reload

Reloads symbols

lm

Shows all loaded modules. You should run this command to check whether symbols are loaded for your binary

lm m *substring*

Shows all loaded modules that have "substring" in their names

.cls

Clears screen

.logopen c:\log.txt

Opens log file c:\log.txt. Now the output of all commands will also go into the text file you specified. This is extremely useful when you’re dealing with large amounts of data

.logappend c:\log.txt

Appends to the log file

.logclose

Closes any open log file. Use this command once you’ve gathered all information you need

.dump /ma c:\dump.dmp

Creates a dump file

!analyze

Analyzes the dump file. This command is useful for investigating dumps; it analyzes why the application hung or crashed, it’s also the most commonly-used command

!analyze –v

Analyzes the dump file, verbose

!analyze –vv

Analyzes the dump file, verbose verbose
.lastevent Prints last event
!pe Prints exception
kb Prints stack trace. It stands for: Stack Backtrace
kb 50 Shows 50 frames of the stack trace
~*kb Prints stack trace for all threads

~

Shows all active threads

K

Shows current thread’s stack

~e*k

Shows call stacks for all threads

!threads

Lists managed threads

!ThreadPool

List thread pool threads

~*e!clrstack

Call stack for all threads

!eeheap [-gc] [-loader]

Shows heap information

!DumpObject <address>

Prints content of the object

!DumpHeap -stat

Shows all allocated objects and provides more than enough information for investigations

!GCRoot

Shows GC roots

!FinalizeQueue

Shows finalize-able objects

!address

Displays information about the memory used by the process

!GCHandles

Shows statistics for GC handles in the process

!GCHandleLeaks

A helper command for tracking GC handle leaks

!help <command>

Displays help for the extension command (which starts with the bang), e.g.: !help PrintException

For more info, please visit: http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx