WinDbg Quick Reference

Setup: .symfix → .reload to configure symbols

Analysis: !analyze -v for crashes, k/kb/kv for call stack

Memory: dd/dq/db to inspect, u <address> to disassemble, s -a to search

Structures: dt ntdll!_PEB or modern dx @$peb

Modules: lmf to list loaded modules

Threads: ~ to list, ~<id>s to switch

Breakpoints: bp/bu to set, bl to list, bc to clear

Execution: t step into, p step over, g continue

System: !handle, !heap -s, !teb for internals, r for registers