Pattern-Oriented Software Diagnostics
Software Diagnostics Institute
Software Diagnostics Technology and Services
Memory Dump Analysis Anthology (Diagnomicon)
Tables of Contents and Indexes of WinDbg Commands from all volumes
WinDbg Quick Links
Download Debugging Tools for Windows
Debugging Tools for Windows Help
Debugging Tools for Windows Blog
Microsoft Symbol Server
srv*c:\mss*https://msdl.microsoft.com/download/symbols
.symfix c:\mss
.sympath+ other_symbols_location
WinDbg cheat sheet for crash dump analysis
CMDTREE.TXT for .cmdtree WinDbg command corresponding to Crash Dump Analysis Checklist
WinDbg Extensions
NEW! The book about using and writing WinDbg extensions
Large collection of extensions
Psscor4 Managed-Code Debugging Extension
CodeMachine Kernel Debugger Extension
Incident Response & Digital Forensics Debugging Extension (SwishDbgExt)
Windows Object Explorer 64-bit (WinObjEx64)
WinDbg Scripts
Complete Stack Traces from x64 System:
!for_each_thread "!thread @#Thread 16;.thread /w @#Thread; .reload; kv 256; .effmach AMD64"
x86 Stack Traces from WOW64 Process:
!for_each_thread ".thread @#Thread; r $t0 = @#Thread; .if (@@c++(((nt!_KTHREAD *)@$t0)->Process) == ProcessAddress) {.thread /w @#Thread; .reload; kv 256; .effmach AMD64 }"
Top CPU Consuming Threads:
!for_each_thread "r $t1 = dwo( @#Thread + @@c++(#FIELD_OFFSET(nt!_KTHREADKernelTime)) ); r $t0 = Ticks; .if (@$t1 > @$t0) {!thread @#Thread 3f}"
!for_each_thread "r $t1 = dwo( @#Thread + @@c++(#FIELD_OFFSET(nt!_KTHREADUserTime)) ); r $t0 = Ticks; .if (@$t1 > @$t0) {!thread @#Thread 3f}"
WinDbg Automation
Tools
SDK/DDK Quick Links
Windows Software Development Kit (SDK) Windows Driver Kit (WDK) .NET Core
WinDbg Training Courses
NEW! Accelerated Linux API for Software Diagnostics
NEW! Accelerated Windows API for Software Diagnostics
NEW! Accelerated Windows Postmortem Diagnostics and Debugging
NEW! Accelerated Windows Memory Forensics and Malware Analysis with Memory Dumps
NEW! Extended Windows Memory Dump Analysis
Accelerated Linux Core Dump Analysis
Accelerated .NET Core Memory Dump Analysis
Practical Foundations of Windows DebuggingDisassemblingReversing
Accelerated Windows Memory Dump AnalysisPart 1: Process User Space
Accelerated Windows Memory Dump AnalysisPart 2: Kernel and Complete Spaces
Accelerated Windows Memory Dump Analysis
Advanced Windows Memory Dump Analysis with Data Structures
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Debugging4
Accelerated DisassemblyReconstruction and Reversing
WinDbg Books
NEW! Accelerated Linux API for Software Diagnostics
NEW! Accelerated Windows API for Software Diagnostics
NEW! Extended Windows Memory Dump Analysis
Accelerated Linux Core Dump Analysis
Accelerated .NET Core Memory Dump Analysis
Practical Foundations of Windows DebuggingDisassemblingReversing
Accelerated Windows Memory Dump AnalysisPart 1: Process User Space
Accelerated Windows Memory Dump AnalysisPart 2: Kernel and Complete Spaces
Accelerated Windows Memory Dump Analysis
Advanced Windows Memory Dump Analysis with Data Structures
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Debugging4
Accelerated DisassemblyReconstruction and Reversing
Windows Debugging: Practical Foundations
x64 Windows Debugging: Practical Foundations
Windows Debugging Notebook: Essential User Space WinDbg Commands
Inside Windows Debugging: A Practical Guide to Debugging and Tracing Strategies in Windows
Advanced Windows Debugging (The Addison-Wesley Microsoft Technology Series)
What Makes It Page?: The Windows 7 (x64) Virtual Memory Manager
Memory Dump Analysis AnthologyVolume 1
Memory Dump Analysis AnthologyVolume 2
Memory Dump Analysis AnthologyVolume 3
Memory Dump Analysis AnthologyVolume 4
Memory Dump Analysis AnthologyVolume 5
Memory Dump Analysis AnthologyVolume 6
Memory Dump Analysis AnthologyVolume 7
Memory Dump Analysis AnthologyVolume 8a
Memory Dump Analysis AnthologyVolume 8b
Memory Dump Analysis AnthologyVolume 9a
Memory Dump Analysis AnthologyVolume 9b
Memory Dump Analysis AnthologyVolume 10
Memory Dump Analysis AnthologyVolume 11
Memory Dump Analysis AnthologyVolume 12
Memory Dump Analysis AnthologyVolume 13
Memory Dump Analysis AnthologyVolume 14
NEW! Memory Dump Analysis AnthologyVolume 15
Debugged! MZ/PE: MagaZine for/from Practicing Engineers
Debugged! MZ/PE: Modeling Software Defects
Debugged! MZ/PE: Software Tracing
Debugged! MZ/PE: Multithreading
WinDbg: A Reference Poster and Learning Cards
Windows InternalsPart 1: Covering Windows Server 2008 R2 and Windows 7 (6th Edition)
Windows InternalsPart 2: Covering Windows Server 2008 R2 and Windows 7 (6th Edition)
Windows InternalsPart 1: System architectureprocessesthreadsmemory managementand more (7th Edition)
Windows InternalsPart 2 (7th Edition)
Debugging Microsoft .NET 2.0 Applications
Writing High-Performance .NET Code
Advanced Windows RT Memory Dump AnalysisARM Edition
Fundamentals of Physical Memory Analysis: Anniversary Edition
Pattern-Oriented Memory Forensics: A Pattern Language Approach
Victimware: The Missing Part of the Equation
The Old New Crash: Cloud Memory Dump Analysis
Principles of Memory Dump Analysis: The Collected Seminars
Pro .NET Memory Management: For Better CodePerformanceand Scalability