Skip navigation.
Home

WinDbg CheatSheet

This is a cheatsheet to WinDbg from Microsoft. Thanks to the Metasploit for writing this.

Reading memory

Disassemble u <addr> L<num instrs>
Dump byte db <addr> L<num bytes>
Dump word dw <addr> L<num words>
Dump dword dd <addr> L<num dwords>
Dump string ds <addr> L<num dwords>
Search memory s [a|b|w|d] <addr> pattern

Writing memory

Copy memory m <range> <dst addr>
Edit byte eb <addr> 0x41 'b' ...
Edit word ew <addr> 0x1234 ...
Edit dword ed <addr> 0x12345678 ..

Breakpoints

Add breakpoint bp <addr|sym>
Break on access ba [w|r|e|i] <addr> L<len>
Disable breakpoint bd <breakpoint num>
Enable breakpoint be <breakpoint num>
List breakpoints bl
Remove breakpoint bc <breakpoint num>

Tracing

Continue execution g or F5
Display call stack k
Display registers r
Step into t or F11
Step out Shift + F11
Step over p or F10
Step to branch tb
Step to call tc or pc

Advanced commands

Attach to process F6
Conditional j (condition) '<t>'; '<f>'
Display PEB !peb
Display TEB !teb
Display type dt <struct name> [<addr>]
Display stacks ~*k
Trace and watch wt