dv //dump local variables
r //display all registers
q //close debugger window, also terminate the target process
qd //quit and detach, it exits the debugger but doesn't kill the target process
x notepad!*open* //list the available symbols in a loaded module; doesn't work with wildcards the first time - need to let the target go and break back into the debugger again
.symfix //set debugger symbol search path to point to Microsoft online symbol server
.sympath //show current symbol search path
.sympath SRV*c:\LocalSymbolCache*http://msdl.microsoft.com/download/symbols
.sympath + D:\xxx\yyy
.srcpath + D:\src\zzz //add source path
.exr -1 //show the last exception record
.exr Address //show exception record at Address
.excr //show exception context record - 如果设置了srcpath等,可以打开崩溃代码
.reload //reload the symbols for all the loaded modules
bp notepad!ShowOpenSaveDialog
bm notepad!Show*
k //list the stack trace
~ //list all the active threads within the process being debugged
~0s //change the current thread context to thread 0 (main UI thread)
~*k //list the call stacks of all the threads in the process
kP //displays the paramters next to each function in the call stack
kn //display the frame number
.frame 1 //switch to frame 1
dv //display local variables
dt variable_name //dump variable type
r ebp //show ebp register value
t //step one instruction
u . //list the next disassembly that's about to get executed, "." means current address stored in eip
dd 0012f9c0 //dump memory at 0012f9c0 as a sequence of DWORD(4-byte) values
du 00176fa8 //dump as a Unicode string
du poi xxxxx //dump as a Unicode string, std::wstring 可以用这个,如果是直接存在struct里的,也可以直接用du
da xxxx //dump as ascii
da poi xxxxx //ascii字符, std::string 可以用这个
//__stdcall 所有参数都在栈上,参数按逆序存放(最后一个参数在最前面)
//__fastcall 前几个参数放在寄存器中
l //toggle between the two (assembly vs. source) debugging modes
lm //list all the loaded modules in the target process
.reload /f //force reloading symbols for all of the loaded modules
.reload /f notepad.exe //only force reloading symbol for notepad.exe
//pre-download the symbols for all the system binaries under system32 dir
C:\Program Files\Debugging Tools for Windows (x86)>symchk.exe /r c:\Windows\system32 /s
srv*C:\LocalSymbolCache*http://msdl.microsoft.com/download/symbols
!sym noisy
!sym quiet
.tlist //list the running user-mode processes on the debugger machine
.restart //restart the target process
.help //list the avaialble dot commands
.hh .tlist //show help for .tlist
!gle //display the last error saved in the thread environment block
!token //display the security access token of the current thread
!handle //display info about a user-mode handle
.chain //view the loaded extension DLLs that are enabled by default
!extension_name.help //view the commands supported by extension_name