参考:http://msdn.microsoft.com/en-us/library/windows/hardware/ff540507(v=vs.85).aspx
这是最靠谱的参考了,比.hh要直观。
在Linux上稍作编辑
daniel@daniel-mint ~/windbg $ awk 'BEGIN{maxIndex=0}{idx = index($0, "("); if (idx > maxIndex) maxIndex = idx;}END{print maxIndex}' commands
57
daniel@daniel-mint ~/windbg $ awk 'FS="[()]"{printf("%60s %s
", $1, $2)}' commands > commands_formated
Basic Commands
daniel@daniel-mint ~/windbg $ awk 'FS="[()]"{printf("%60s %s
", $1, $2)}' commands
ENTER (Repeat
$<, $><, $$<, $$><, $$>a< Run Script File
? Command Help
? Evaluate Expression
?? Evaluate C++ Expression
# Search for Disassembly Pattern
|| System Status
||s Set Current System
| Process Status
|s Set Current Process
~ Thread Status
~e Thread-Specific Command
~f Freeze Thread
~u Unfreeze Thread
~n Suspend Thread
~m Resume Thread
~s Set Current Thread
~s Change Current Processor
a Assemble
ad Delete Alias
ah Assertion Handling
al List Aliases
as, aS Set Alias
ba Break on Access
bc Breakpoint Clear
bd Breakpoint Disable
be Breakpoint Enable
bl Breakpoint List
bp, bu, bm Set Breakpoint
br Breakpoint Renumber
bs Update Breakpoint Command
bsc Update Conditional Breakpoint
c Compare Memory
d, da, db, dc, dd, dD, df, dp, dq, du, dw, dW, dyb, dyd Display Memory
dda, ddp, ddu, dpa, dpp, dpu, dqa, dqp, dqu Display Referenced Memory
dds, dps, dqs Display Words and Symbols
dg Display Selector
dl Display Linked List
ds, dS Display String
dt Display Type
dv Display Local Variables
e, ea, eb, ed, eD, ef, ep, eq, eu, ew, eza, ezu Enter Values
f, fp Fill Memory
g Go
gc Go from Conditional Breakpoint
gh Go with Exception Handled
gn, gN Go with Exception Not Handled
gu Go Up
ib, iw, id Input from Port
j Execute If - Else
k, kb, kc, kd, kp, kP, kv Display Stack Backtrace
l+, l- Set Source Options
ld Load Symbols
lm List Loaded Modules
ln List Nearest Symbols
ls, lsa List Source Lines
lsc List Current Source
lse Launch Source Editor
lsf, lsf- Load or Unload Source File
lsp Set Number of Source Lines
m Move Memory
n Set Number Base
ob, ow, od Output to Port
p Step
pa Step to Address
pc Step to Next Call
pct Step to Next Call or Return
ph Step to Next Branching Instruction
pt Step to Next Return
q, qq Quit
qd Quit and Detach
r Registers
rdmsr Read MSR
rm Register Mask
s Search Memory
so Set Kernel Debugging Options
sq Set Quiet Mode
ss Set Symbol Suffix
sx, sxd, sxe, sxi, sxn, sxr, sx- Set Exceptions
t Trace
ta Trace to Address
tb Trace to Next Branch
tc Trace to Next Call
tct Trace to Next Call or Return
th Trace to Next Branching Instruction
tt Trace to Next Return
u Unassemble
uf Unassemble Function
up Unassemble from Physical Memory
ur Unassemble Real Mode BIOS
ux Unassemble x86 BIOS
vercommand Show Debugger Command Line
version Show Debugger Version
vertarget Show Target Computer Version
wrmsr Write MSR
wt Trace and Watch Data
x Examine Symbols
z Execute While
meta commands
daniel@daniel-mint ~/windbg $ awk 'FS="[()]"{printf("%30s %s
", $1, $2)}' meta_commands
.abandon (Abandon
.allow_exec_cmds Allow Execution Commands
.allow_image_mapping Allow Image Mapping
.apply_dbp Apply Data Breakpoint to Context
.asm Change Disassembly Options
.attach Attach to Process
.beep Speaker Beep
.bpcmds Display Breakpoint Commands
.bpsync Synchronize Threads at Breakpoint
.breakin Break to the Kernel Debugger
.browse Display Command in Browser
.bugcheck Display Bug Check Data
.cache Set Cache Size
.call Call Function
.chain List Debugger Extensions
.childdbg Debug Child Processes
.clients List Debugging Clients
.closehandle Close Handle
.cls Clear Screen
.context Set User-Mode Address Context
.copysym Copy Symbol Files
.cordll Control CLR Debugging
.crash Force System Crash
.create Create Process
.createdir Set Created Process Directory
.cxr Display Context Record
.dbgdbg Debug Current Debugger
.detach Detach from Process
.dml_flow Unassemble with Links
.dml_start Display DML Starting Point
.dump Create Dump File
.dumpcab Create Dump File CAB
.dvalloc Allocate Memory
.dvfree Free Memory
.echo Echo Comment
.echocpunum Show CPU Number
.echotime Show Current Time
.echotimestamps Show Time Stamps
.ecxr Display Exception Context Record
.effmach Effective Machine
.enable_long_status Enable Long Integer Display
.enable_unicode Enable Unicode Display
.endpsrv End Process Server
.endsrv End Debugging Server
.enumtag Enumerate Secondary Callback Data
.event_code Display Event Code
.eventlog Display Recent Events
.exepath Set Executable Path
.expr Choose Expression Evaluator
.exptr Display Exception Pointers
.exr Display Exception Record
.extmatch Display All Matching Extensions
.extpath Set Extension Path
.f+, .f- Shift Local Context
.fiber Set Fiber Context
.fiximports Fix Target Module Imports
.flash_on_break Flash on Break
.fnent Display Function Data
.fnret Display Function Return Value
.force_radix_output Use Radix for Integers
.force_tb Forcibly Allow Branch Tracing
.formats Show Number Formats
.fpo Control FPO Overrides
.frame Set Local Context
.help Meta-Command Help
.hh Open HTML Help File
.hideinjectedcode Hide Injected Code
.holdmem Hold and Compare Memory
.idle_cmd Set Idle Command
.ignore_missing_pages Suppress Missing Page Errors
.inline Toggle Inline Function Debugging
.imgscan Find Image Headers
.kdfiles Set Driver Replacement Map
.kframes Set Stack Length
.kill Kill Process
.lastevent Display Last Event
.lines Toggle Source Line Support
.load, .loadby Load Extension DLL
.locale Set Locale
.logappend Append Log File
.logclose Close Log File
.logfile Display Log File Status
.logopen Open Log File
.netuse Control Network Connections
.noshell Prohibit Shell Commands
.noversion Disable Version Checking
.ocommand Expect Commands from Target
.ofilter Filter Target Output
.open Open Source File
.opendump Open Dump File
.outmask Control Output Mask
.pagein Page In Memory
.pcmd Set Prompt Command
.pop Restore Debugger State
.prefer_dml Prefer Debugger Markup Language
.process Set Process Context
.prompt_allow Control Prompt Display
.push Save Debugger State
.quit_lock Prevent Accidental Quit
.readmem Read Memory from File
.reboot Reboot Target Computer
.record_branches Enable Branch Recording
.reload Reload Module
.remote Create Remote.exe Server
.remote_exit Exit Debugging Client
.restart Restart Target Application
.restart Restart Kernel Connection
.rrestart Register for Restart
.scroll_prefs Control Source Scrolling Preferences
.secure Activate Secure Mode
.send_file Send File
.server Create Debugging Server
.servers List Debugging Servers
.setdll Set Default Extension DLL
.shell Command Shell
.show_read_failures
.show_sym_failures
.sleep Pause Debugger
.sound_notify Use Notification Sound
.srcfix, .lsrcfix Use Source Server
.srcnoisy Noisy Source Loading
.srcpath, .lsrcpath Set Source Path
.step_filter Set Step Filter
.suspend_ui Suspend WinDbg Interface
.symfix Set Symbol Store Path
.symopt Set Symbol Options
.sympath Set Symbol Path
.thread Set Register Context
.time Display System Time
.tlist List Process IDs
.trap Display Trap Frame
.tss Display Task State Segment
.ttime Display Thread Times
.typeopt Set Type Options
.unload Unload Extension DLL
.unloadall Unload All Extension DLLs
.urestart Unregister for Restart
.wake Wake Debugger
.write_cmd_hist Write Command History
.writemem Write Memory to File
.wtitle Set Window Title
Kernel Mode Extensions
!ahcache !alignmentfaults !analyzebugcheck !apc !apicerr !arbinst !arbiter !ate !bcb !blockeddrv !bpid !btb !bth !bugdump !bushnd !ca !callback !calldata !can_write_kdump !cbreg !cchelp !chklowmem !cmreslist !cpuinfo !db, !dc, !dd, !dp, !dq, !du, !dw !dbgprint !dblink !dcr !dcs !deadlock !defwrites !devext !devhandles !devnode !devobj !devstack !dflink !diskspace !dma !dpa !dpcs !driveinfo !drivers !drvobj !dskheap !eb, !ed !ecb, !ecd, !ecw !ecs !errlog !errpkt !errrec !exca !filecache !filelock !fileobj !filetime !finddata !findfilelockowner !for_each_process !for_each_thread !fpsearch !frag !frozen !fwver !gbl !gentable !hidppd !ib, !id, !iw !icpleak !idt !ih !ihs !ioresdes !ioreslist !iovirp !ipi !irp !irpfind !irpzone !irql !isainfo !isr !ivt !job !kb, !kv !loadermemorylist !lockedpages !locks (!kdext*.locks) !logonsession !lookaside !lpc !mca !memlist !memusage !mps !mtrr !npx !ob, !od, !ow !object !obtrace !openmaps !pars !pat !pci !pciir !pcitree !pcm !pcr !pcrs !pfn !pmc !pmssa !pnpevent !pocaps !pool !poolfind !poolused !poolval !popolicy !pplookaside !ppmidle !ppmidleaccounting !ppmperf !ppmperfpolicy !ppmstate !prcb !process !processfields !processirps !psp !pte !pte2va !ptov !qlocks !ready !reg !regkcb !rellist !ruleinfo !running !scm !search !searchpte !sel !session !smt !spoolsum !spoolused !sprocess !srb !stacks !swd !sysinfo !sysptes !thread !threadfields !time !timer !tokenfields !trap !tss !tz !tzinfo !ubc !ubd !ube !ubl !ubp !urb !vad !vad_reload !validatelist !verifier !vm !vpb !vpdd !vtop !walklist !wdmaud !whattime !whatperftime !whea !wsle !xpoolmap !zombies
general extensions
!acl !address !analyze !asd !atom !bitcount !chksym !chkimg !cppexr !cpuid !cs !cxr !dh !dlls !dml_proc !dumpfa !elog_str !envvar !error !exchain !exr !findxmldata !for_each_frame !for_each_function !for_each_local !for_each_module !for_each_register !gflag !gle !gs !handle !heap !help !homedir !hstring !hstring2 !htrace !imggp !imgreloc !kuser !list !lmi !mui !net_send !obja !owner !peb !rebase !rtlavl !sd !sid !slist !std_map !stl !str !sym !symsrv !teb !tls !token !tp !triage !ustr !version !winrterr
user mode extensions
!avrf !critsec !dp (!ntsdexts.dp) !dreg !dt !evlog !findstack !gatom !igrep !locks (!ntsdexts.locks) !mapped_file !runaway !threadtoken !uniqstack !vadump !vprot