| Debugger |
| Inspect and Monitor Execution of Program |
| For Instance cdb.exe, windbg.exe etc. |
| How To |
| Debugger Usage | CMD@ cdb.exe /? |
cdb.exe : Program, CUI Symbolic Debugger
/? : Switch, Specifies Help Message |
| Alternatively, RUN@ windbg.exe → Help → Contents → Debugger Reference → Command-Line Options → WinDbg Command-Line Options |
| Debugger Engine |
| Examine and Manipulate Debugging Target |
| Windows Symbolic Debugger Engine |
| Application Extension |
| dbgeng.dll | | x86 C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\dbgeng.dll | | x64 C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbgeng.dll |
|
| Dbg Eng : API |
| Exported Functions like DebugConnect, DebugCreate, DebugCreateEx etc. |
| Debugger Command |
| Instructions to Perform Task and Operation |
| For Instance Standard, Meta, Extension etc. |
| Usage |
| Standard Command | g (Go) etc. |
| Meta Command (Starts with .) | .cls (Clear Screen) etc. |
| Extension Command (Starts with !) | !peb (Process Environment Block) etc. |
. : Period Character
! : Exclamation Character |
| Standard aka Regular Command, Meta aka Dot Command and Extension aka Bang Command |
| Debugger Extension |
| Additional Commands and Features |
| For Instance exts.dll, uext.dll etc. |
| How To |
| List Debugger Extension | CDB@ .chain |
| .chain : Meta Command, To Display Loaded Debugger Extension |
| Alternatively, RUN@ windbg.exe → View → Command (Alt+1) → .chain |
| Debugging Symbol |
| Instructions to Map Address to Name |
| For Instance *.pdb etc. |
| How To |
| Load Debugging Symbol | CDB@ .reload |
| .reload : Meta Command, To Reload Module Symbol |
| Alternatively, RUN@ windbg.exe → View → Command (Alt+1) → .reload |
| User Mode |
| Run in Applications, Application Extensions and Subsystems |
| Thread Access Restricted Mode |
| How To |
| Access User Mode | CMD@ cdb.exe -p {PId}
CMD@ cdb.exe -o {Exe} [Args] |
cdb.exe : Program, CUI Symbolic Debugger
-p : Switch, Specifies Process Identifier
{PId} : Parameter, Process Identifier
-o : Switch, Specifies Target Executable
{Exe} : Parameter, Executable File Name
[Args] : Optional Parameter, Command Line Arguments |
Alternatively, RUN@ windbg.exe → File → Attach to a Process... (F6) → Process Identifier
Alternatively, RUN@ windbg.exe → File → Open Executables... (Ctrl+E) → Executable File Name |
| Kernel Mode |
| Run in Operating System, Privileged Programs and Device Drivers |
| Processor Access Privileged Mode |
| How To |
| Access Kernel Mode | CMD@ kd.exe -kl |
kd.exe : Program, Kernel Debugger
-kl : Switch, Specifies Local Machine |
| Alternatively, RUN@ windbg.exe → File → Kernel Debug... (Ctrl+K) → Local |
| Live Debugging |
| Analyze State of Running Process |
| For Instance Attaching, Spawning etc. |
| How To |
| Attach to Process | CMD@ cdb.exe -p {PId} |
| Spawn New Process | CMD@ cdb.exe -o {Exe} [Args] |
cdb.exe : Program, CUI Symbolic Debugger
-p : Switch, Specifies Process Identifier
{PId} : Parameter, Process Identifier
-o : Switch, Specifies Target Executable
{Exe} : Parameter, Executable File Name
[Args] : Optional Parameter, Command Line Arguments |
Alternatively, RUN@ windbg.exe → File → Attach to a Process... (F6) → Process Identifier
Alternatively, RUN@ windbg.exe → File → Open Executables... (Ctrl+E) → Executable File Name |
| Postmortem Debugging |
| Analyze Memory Dump of Process |
| Also Known As Dump Analysis |
| How To |
| Analyze Dump File | CMD@ cdb.exe -z {Dump} |
cdb.exe : Program, CUI Symbolic Debugger
-z : Switch, Specifies Dump File
{Dump} : Parameter, Dump File Name |
| Alternatively, RUN@ windbg.exe → File → Open Crash Dump... (Ctrl+D) → Dump File Name |