| Developer(s) | Microsoft |
|---|---|
| Stable release | |
| Operating system | Microsoft Windows |
| Type | Debugger |
| License | Commercial |
| Website | Microsoft Learn |
WinDbg is a multipurposedebugger for theMicrosoft Windows computeroperating system, distributed by Microsoft.[2] It can be used to debuguser mode applications,device drivers, and the operating system itself inkernel mode.
Like theVisual Studio Debugger, WinDbg has agraphical user interface (GUI), but is more powerful and has little else in common. WinDbg can automatically loaddebugging symbol files (e.g.,PDB files) from a server by using a unique ID embedded in the executable (using the "RSDS Guid"[3]) via SymSrv (SymSrv.dll),[4] instead of requiring users to manually find the files. If a private symbol server is configured, the symbols can be correlated with thesource code for the binary. This eases the burden of debugging problems that have various versions of binaries installed on the debugging target by eliminating the need for finding and installing specific symbols version on the debug host. Microsoft has a public symbol server that has most of the public symbols for Windows 2000 and later versions of Windows (includingservice packs).[5]
WinDbg can also be used for debugging kernel-modememory dumps, created after what is commonly called theBlue Screen of Death which occurs when abug check is issued.[6] It can also be used to debug user-mode crash dumps. This is known aspost-mortem debugging.[7]
WinDbg is distributed as a standalone package from theWindows Debugger Portal and via theMicrosoft Store. The WinDBG Debugger Engine is the common debugging back-end between WinDbg andcommand line debuggerfront-ends likeKD,CDB, andNTSD. Most commands can be used as is with all the included debugger front-ends.
In 2023 Microsoft released a new version of WinDbg which was announced in 2017 as WinDbg Preview (WinDbgX).[8] One of the most notable features is so calledTime-Travel-Debugging (TTD).[9] TTD allows a user to record an actual live process (at a performance penalty) to later debug going back and forth in time. In addition, WinDbg has updated user interface, support for dark mode and keyboard navigation. It also allows writing scripts in theJavaScript language.[10][11]
WinDbg allows the loading of extensionDLLs[12] that can augment the debugger's supported commands and allow for help in debugging specific scenarios: for example, displaying anMSXML document given an IXMLDOMDocument, or debugging theCommon Language Runtime (CLR).[13] These extensions are a large part of what makes WinDbg such a powerful debugger. WinDbg is used by theMicrosoft Windows product team to build Windows, and everything needed to debug Windows is included in these extension DLLs.
Extension commands are always prefixed with!.
While some extensions are used only inside Microsoft, most of them are part of the public Debugging Tools for Windows package.
The extension model is documented in the help file included with the Debugging Tools for Windows.
Ext is a standard Windows Debugger extension that ships with WinDBG and is loaded by default.
The most commonly used command is!analyze -v,[14] which analyzes the current state of the program being debugged and the machine/process state at the moment of crash or hang. This command is often able to debug the current problem in a completely automated fashion.
When used without any switches,!analyze simply returns the results of its analysis. The-v and-vv give further details about that analysis.
Wow6432exts is a standard Windows Debugger extension that ships with WinDBG.It is used to debug processes running insideWoW64 (32-bit processes running in 64-bit Windows).[15]
The SOS (Son of Strike)[16] Debugging Extension (SOS.dll) assists in debugging managed programs in Visual Studio and WinDbg by providing information about the internal common language runtime (CLR) environment. This tool requires a project to have unmanaged debugging enabled. SOS.dll is automatically installed with the .NET Framework. To use SOS.dll in Visual Studio, install theWindows Driver Kit (WDK).[17] To debug a process or memory dump, the sos.dll version must match the .NET Framework version. Psscor2 and Psscor4 are a superset of SOS.
Psscor2 is the Windows Debugger Extension used to debug .NET Framework applications that use the .NET CLR version 2.0 (.NET Framework versions 2 through 3.5). Psscor2 was developed for internal use at Microsoft as part of their Product Support Services tools.[18] While Microsoft only released Psscor2 in 2010[19] Microsoft had been publishing commands from the extension several years before,[20] causing difficulty for those who were trying to follow their processes.
Psscor4 is a Windows Debugger extension used to debug .NET Framework 4 applications.
WinDbg allows debugging a Microsoft Windows kernel running on avirtual machine byVMware,VPC orParallels using anamed pipe. This can be achieved by using avirtualCOM port. In the case of VMware andVirtualBox, the VirtualKD extension adds native support for VM debugging to the Windows kernel, claiming to speed debugging by a factor of up to 45.[21] ForWindows 8 and later, kernel debugging over network is allowed,[22] allowing fast kernel debugging without special configuration.
The WinDbg protocol is not documented, but is supported by theIDA Pro andradare2disassemblers.
Microsoft development tools | |||||||
|---|---|---|---|---|---|---|---|
| Development environments |
| ||||||
| Languages | |||||||
| APIs and frameworks |
| ||||||
| Database |
| ||||||
| Source control | |||||||
| Testing and debugging | |||||||
| Delivery | |||||||
