Windbg - command types

1 minute read

Windbg has the following command types

  • Native commands: it starts without any prefix
    • vertaget, k, ~, s, lm, lmv m *clr*
  • Meta commands(.): it starts with '.'
    • .load, .chain, .prefer_dml 1(available .NET4)
    • .exr -1 => dd poi(addr) => !pe
    • Print all exceptions: .foreach (ex {!dumpheap -type Exception -short}){.echo "********************************";!pe ${ex} }
  • Extension commands(!): it starts with '!'
    • !help, !peb
    • List exceptions in dump file: !dumpheap -type Exception

Loading the right version of sos.dll

The following command will ensure that the debugger to load the extension "sos.dll" from the same place that clr.dll was loaded. That ensures that you get the right version of SOS (it should be the one that matches the clr you are using)
Notes: SOS stands for Son of Strike from (Drill Into .NET Framework Internals to See How the CLR Creates Runtime Objects: http://msdn.microsoft.com/en-us/magazine/cc163791.aspx#S5)

  • .NET4
    • 1

    .loadby sos.dll clr
  • .NET2
    • 1

    .loadby sos.dll mscoworks

Channel9 MSDN show

http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-14-WinDbg-SOS

More examples

    version
    vertarget
    |
    ||
    .sympath
    .srcpath
    .exepath
    .extpath
    .chain
    !analyze -v
    .bugcheck
    !error
    ~
    ~NNs
    ~~[TID]s
    ~*k
    ~*r
    !process 0 17
    !threads
    !findstack
    !uniqstack
    !peb
    !teb
    k=
    dps
    dpu
    dpa
    dpp
    .reload /f
    .reload /user
    !gle
    !tls
    !address -summary
    !address
    !vprot
    !mapped_file
    ~*kv
    ~
    ~~[TID]s
    !cs
    !locks
    dv
    dt
    !sos.dumpstack
    !sos.dumpstackobjects / !sos.dso
    !sos.dumpobj / !sos.do
    !sos.printexception / !sos.pe
    .frame
    .f+
    .f-
    .load
    .unload
    .loadby
    .chain
    lm / lmm / lmvm
    .extmatch
    .prefer_dml 1
    .lines
    .ecxr
    .cls

You may also enjoy