Microsoft Learn

Getting Started with WinDbg

Welcome to the world of WinDbg, a powerful debugger for Windows. This guide will walk you through the essential steps to start debugging your applications and the operating system itself.

What is WinDbg?

WinDbg is a versatile debugger that supports user-mode and kernel-mode debugging. It's an integral part of the Debugging Tools for Windows package and is widely used by developers and system administrators for identifying and resolving complex issues.

Installation

WinDbg is included in the Debugging Tools for Windows, which is part of the Windows SDK. You can download the Windows SDK from the official Microsoft Developer website.

During the SDK installation, ensure you select the "Debugging Tools for Windows" component.

Launching WinDbg

Once installed, you can launch WinDbg from the Start Menu or by running windbg.exe.

First Steps: Attaching to a Process

The most common use case is to attach WinDbg to a running process. Here's how:

1. Launch WinDbg.
2. Go to File > Attach to a Running Process....
3. In the dialog box, select the process you want to debug from the list and click OK.

Basic Commands and Concepts

Once attached, you'll see the command window. Here are a few essential commands to get you started:

• bp
  : Set a breakpoint at a specific memory address.
• g: Go (continue execution until the next breakpoint or event).
• p: Step Over (execute the next instruction, stepping over function calls).
• t: Step Into (execute the next instruction, stepping into function calls).
• lm: List loaded modules in the process.
• dv: Display local variables.
• di
  : Display memory at a given address.

Example: Setting a breakpoint and running

kd> bp MyFunction
kd> g

Debugging a Crash Dump

WinDbg is also essential for analyzing crash dumps (minidumps or full memory dumps).

1. Go to File > Open Crash Dump....
2. Browse to your dump file and click Open.

Once the dump is loaded, you can use the same commands to inspect the state of the system or application at the time of the crash.

Further Learning

This guide provides a basic introduction. For more advanced topics, including kernel debugging, scripting, and specific debugging scenarios, refer to the official Microsoft documentation and other resources.