Tables of Contents and Indexes of WinDbg Commands from all volumes
Download Debugging Tools for Windows
Debugging Tools for Windows Help
Symbol Server (Microsoft):
srv*c:\mss*http://msdl.microsoft.com/download/symbols
Symbol Server (Citrix):
srv*c:\css*http://ctxsym.citrix.com/symbols
.symfix c:\mss
.sympath+ srv*c:\css*http://ctxsym.citrix.com/symbols
WinDbg cheat sheet for crash dump analysis
CMDTREE.TXT for .cmdtree WinDbg command corresponding to Crash Dump Analysis Checklist
Psscor4 Managed-Code Debugging Extension
CodeMachine Kernel Debugger Extension
Incident Response & Digital Forensics Debugging Extension (SwishDbgExt)
Windows Object Explorer 64-bit (WinObjEx64)
Complete Stack Traces from x64 System:
!for_each_thread "!thread @#Thread 16;.thread /w @#Thread; .reload; kv 256; .effmach AMD64"
x86 Stack Traces from WOW64 Process:
!for_each_thread ".thread @#Thread; r $t0 = @#Thread; .if (@@c++(((nt!_KTHREAD *)@$t0)->Process) == ProcessAddress) {.thread /w @#Thread; .reload; kv 256; .effmach AMD64 }"
Top CPU Consuming Threads:
!for_each_thread "r $t1 = dwo( @#Thread + @@c++(#FIELD_OFFSET(nt!_KTHREAD, KernelTime)) ); r $t0 = Ticks; .if (@$t1 > @$t0) {!thread @#Thread 3f}"
!for_each_thread "r $t1 = dwo( @#Thread + @@c++(#FIELD_OFFSET(nt!_KTHREAD, UserTime)) ); r $t0 = Ticks; .if (@$t1 > @$t0) {!thread @#Thread 3f}"
Windows Software Development Kit (SDK) Windows Driver Kit (WDK)
Practical Foundations of Windows Debugging, Disassembling, Reversing
Accelerated Windows Memory Dump Analysis
Accelerated .NET Memory Dump Analysis
Advanced Windows Memory Dump Analysis with Data Structures
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Debugging3
Accelerated Disassembly, Reconstruction and Reversing
Practical Foundations of Windows Debugging, Disassembling, Reversing
Accelerated Windows Memory Dump Analysis
Accelerated .NET Memory Dump Analysis
Advanced Windows Memory Dump Analysis with Data Structures
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Debugging3
Accelerated Disassembly, Reconstruction and Reversing
Windows Debugging: Practical Foundations
x64 Windows Debugging: Practical Foundations
Windows Debugging Notebook: Essential User Space WinDbg Commands
Inside Windows Debugging: A Practical Guide to Debugging and Tracing Strategies in Windows
Advanced Windows Debugging (The Addison-Wesley Microsoft Technology Series)
What Makes It Page?: The Windows 7 (x64) Virtual Memory Manager
Memory Dump Analysis Anthology, Volume 1
Memory Dump Analysis Anthology, Volume 2
Memory Dump Analysis Anthology, Volume 3
Memory Dump Analysis Anthology, Volume 4
Memory Dump Analysis Anthology, Volume 5
Memory Dump Analysis Anthology, Volume 6
Memory Dump Analysis Anthology, Volume 7
Memory Dump Analysis Anthology, Volume 8a
Memory Dump Analysis Anthology, Volume 8b
Memory Dump Analysis Anthology, Volume 9a
Memory Dump Analysis Anthology, Volume 9b
Memory Dump Analysis Anthology, Volume 10
Debugged! MZ/PE: MagaZine for/from Practicing Engineers
WinDbg: A Reference Poster and Learning Cards
Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7 (6th Edition)
Windows Internals, Part 2: Covering Windows Server 2008 R2 and Windows 7 (6th Edition)
Debugging Microsoft .NET 2.0 Applications
Advanced Windows RT Memory Dump Analysis, ARM Edition
Fundamentals of Physical Memory Analysis
Pattern-Oriented Memory Forensics: A Pattern Language Approach
