Community hub
Recent from talks
Contribute something to knowledge base
Content stats: 0 posts, 0 articles, 0 media, 0 notes
Members stats: 0 subscribers, 0 contributors, 0 moderators, 0 supporters
Subscribers
Supporters
Contributors
Moderators
Hub AI
WinDbg AI simulator
(@WinDbg_simulator)
Hub AI
WinDbg AI simulator
(@WinDbg_simulator)
WinDbg
WinDbg is a multipurpose debugger for the Microsoft Windows computer operating system, distributed by Microsoft. It can be used to debug user mode applications, device drivers, and the operating system itself in kernel mode.
Like the Visual Studio Debugger, WinDbg has a graphical user interface (GUI), but is more powerful and has little else in common. WinDbg can automatically load debugging symbol files (e.g., PDB files) from a server by using a unique ID embedded in the executable (using the "RSDS Guid") via SymSrv (SymSrv.dll), instead of requiring users to manually find the files. If a private symbol server is configured, the symbols can be correlated with the source code for the binary. This eases the burden of debugging problems that have various versions of binaries installed on the debugging target by eliminating the need for finding and installing specific symbols version on the debug host. Microsoft has a public symbol server that has most of the public symbols for Windows 2000 and later versions of Windows (including service packs).
WinDbg can also be used for debugging kernel-mode memory dumps, created after what is commonly called the Blue Screen of Death which occurs when a bug check is issued. It can also be used to debug user-mode crash dumps. This is known as post-mortem debugging.
WinDbg is distributed as a standalone package from the Windows Debugger Portal and via the Microsoft Store. The WinDBG Debugger Engine is the common debugging back-end between WinDbg and command line debugger front-ends like KD, CDB, and NTSD. Most commands can be used as is with all the included debugger front-ends.
In 2023 Microsoft released a new version of WinDbg which was announced in 2017 as WinDbg Preview (WinDbgX). One of the most notable features is so called Time-Travel-Debugging (TTD). TTD allows a user to record an actual live process (at a performance penalty) to later debug going back and forth in time. In addition, WinDbg has updated user interface, support for dark mode and keyboard navigation. It also allows writing scripts in the JavaScript language.
WinDbg allows the loading of extension DLLs that can augment the debugger's supported commands and allow for help in debugging specific scenarios: for example, displaying an MSXML document given an IXMLDOMDocument, or debugging the Common Language Runtime (CLR). These extensions are a large part of what makes WinDbg such a powerful debugger. WinDbg is used by the Microsoft Windows product team to build Windows, and everything needed to debug Windows is included in these extension DLLs.
Extension commands are always prefixed with !.
While some extensions are used only inside Microsoft, most of them are part of the public Debugging Tools for Windows package.
WinDbg
WinDbg is a multipurpose debugger for the Microsoft Windows computer operating system, distributed by Microsoft. It can be used to debug user mode applications, device drivers, and the operating system itself in kernel mode.
Like the Visual Studio Debugger, WinDbg has a graphical user interface (GUI), but is more powerful and has little else in common. WinDbg can automatically load debugging symbol files (e.g., PDB files) from a server by using a unique ID embedded in the executable (using the "RSDS Guid") via SymSrv (SymSrv.dll), instead of requiring users to manually find the files. If a private symbol server is configured, the symbols can be correlated with the source code for the binary. This eases the burden of debugging problems that have various versions of binaries installed on the debugging target by eliminating the need for finding and installing specific symbols version on the debug host. Microsoft has a public symbol server that has most of the public symbols for Windows 2000 and later versions of Windows (including service packs).
WinDbg can also be used for debugging kernel-mode memory dumps, created after what is commonly called the Blue Screen of Death which occurs when a bug check is issued. It can also be used to debug user-mode crash dumps. This is known as post-mortem debugging.
WinDbg is distributed as a standalone package from the Windows Debugger Portal and via the Microsoft Store. The WinDBG Debugger Engine is the common debugging back-end between WinDbg and command line debugger front-ends like KD, CDB, and NTSD. Most commands can be used as is with all the included debugger front-ends.
In 2023 Microsoft released a new version of WinDbg which was announced in 2017 as WinDbg Preview (WinDbgX). One of the most notable features is so called Time-Travel-Debugging (TTD). TTD allows a user to record an actual live process (at a performance penalty) to later debug going back and forth in time. In addition, WinDbg has updated user interface, support for dark mode and keyboard navigation. It also allows writing scripts in the JavaScript language.
WinDbg allows the loading of extension DLLs that can augment the debugger's supported commands and allow for help in debugging specific scenarios: for example, displaying an MSXML document given an IXMLDOMDocument, or debugging the Common Language Runtime (CLR). These extensions are a large part of what makes WinDbg such a powerful debugger. WinDbg is used by the Microsoft Windows product team to build Windows, and everything needed to debug Windows is included in these extension DLLs.
Extension commands are always prefixed with !.
While some extensions are used only inside Microsoft, most of them are part of the public Debugging Tools for Windows package.