| Space | Medium | Name | Description |
| U | A | !critsec | Shows a critical section information |
| U | A | !dreg | Shows registry information |
| U | A | !findstack | Finds all stacks for pattern |
| U | A | !gatom | Shows global atom table |
| U | A | !runaway | Shows thread consumption times |
| U | A | !uniqstack | Shows unique stack traces |
| U | A | !vadump | Shows virtual memory ranges and protection |
| U | A | !vprot | Shows virtual memory protection |
| U | L | .abandon | Ends debugging session only |
| U | L | .attach | Attaches to a process |
| U | L | .bpsync | Stops all threads upon a breakpoint |
| U | L | .breakin | Switches to kernel-mode debugging |
| U | L | .call | Calls a native function on a target |
| U | L | .childdbg | Controls debugging of child processes |
| U | L | .closehandle | Closes handle(s) in a process |
| U | L | .create | Creates a new target process |
| U | L | .createdir | Controls the starting directory |
| U | L | .dvalloc | Allocates memory to target process |
| U | L | .dvfree | Deallocates memory to target process |
| U | C | .ecxr | Current exception context record |
| U | L | .ocommand | Enables commands from target |
| U | L | .restart | Restarts the target process |
| U | L | .scroll_prefs | Sets source scrolling prefs |
| U | L | .tlist | Shows running processes on the system |
| U | A | .ttime | Shows thread times |
| S | S | .block | Groups commands and evaluates aliases |
| S | S | .break | Works similar to break in C and C++ |
| S | S | .catch | If an error occurs prevents termination |
| S | S | .continue | Works like continue in C and C++ |
| S | S | .do | Works like do in C and C++ |
| S | S | .else | Works like else in C and C++ |
| S | S | .elsif | Works like else if in C and C++ |
| S | S | .for | Works as for in C and C++ |
| S | S | .foreach | Works as foreach in C# |
| S | S | .if | Works like if keyword in C and C++ |
| S | S | .leave | Leaves .catch block (similar to __leave) |
| S | S | .printf | Works like printf function in C |
| S | S | .while | Works like while in C and C++ |
| K | A | !acpicache | Shows ACPI tables cached by HAL |
| K | A | !acpiinf | Shows ACPI configuration and table location |
| K | A | !acpiirqarb | Shows ACPI IRQ Arbiter structure |
| K | A | !ahcache | Shows application compatibility cache |
| K | A | !amli | ACPI Machine Language Interpreter debugger |
| K | A | !apc | Shows information about APC |
| K | A | !apicerr | Shows APIC error log |
| K | A | !arbinst | Shows arbiter information |
| K | A | !arbiter | Shows resource arbiters and their ranges |
| K | A | !bpid | Requests to break PID into a debugger |
| K | A | !bugdump | Shows bug check callback buffers |
| K | A | !ca | Shows control area for a section |
| K | A | !cpuinfo | Shows detailed info about processors |
| K | A | !d{bcdpquw} | Shows data at a physical address |
| K | A | !d{bf}link | Shows a linked list (backward/forward) |
| K | A | !deadlock | Shows deadlock info collected by verifier |
| K | A | !defwrites | Shows cache manager variables |
| K | A | !devnode | Shows entire device tree or node info |
| K | A | !devobj | Shows info from DEVICE_OBJECT |
| K | A | !devstack | Shows formatted device stack |
| K | A | !dma | Shows info about DMA subsystem |
| K | A | !dpcs | Shows DPC queues |
| K | A | !driveinfo | Shows volume information for a drive |
| K | A | !drvobj | Shows info about DRIVER_OBJECT |
| K | A | !e{bd} | Writes data to physical address |
| K | A | !ec{bdw} | Writes data to PCI configuration space |
| K | A | !errlog | Shows contents of pending system error log |
| K | A | !exqueue | Lists items in various system work queues |
| K | A | !filecache | Shows file cache memory and PTEs |
| K | A | !fileobj | Shows information about FILE_OBJECT |
| K | A | !filetime | Formats 64-bit FILETIME value |
| K | A | !finddata | Shows cached data at a file offset |
| K | A | !findfilelockowner | Finds an owner of a file lock |
| K | C | !findxmldata | Shows data from CAB file |
| K | A | !fpsearch | Searches freed special pool |
| K | A | !frag | Shows pool fragmentation |
| K | A | !frozen | Shows the state of processors |
| K | A | !gbl | Shows ACPI BIOS Root System Description table header |
| K | A | !gentable | Shows RTL_GENERIC_TABLE |
| K | A | !hidppd | Shows HIDP_PREPARSED_DATA structure |
| K | A | !icpleak | Examines I/O completion objects |
| K | A | !idt | Shows ISRs for IDT |
| K | A | !ioresdes | Shows IO_RESOURCE_DESCRIPTOR structure |
| K | A | !ioreslist | Shows IO_RESOURCE_REQUIREMENTS_LIST structure |
| K | A | !iovirp | Shows I/O Verifier IRP |
| K | A | !ipi | Shows interprocessor interrupt state |
| K | A | !irpfind | Shows or searches for I/O request packets |
| K | A | !irql | Shows a processor IRQL before a debugger break |
| K | A | !isainfo | Shows PNPISA cards or devices |
| K | A | !job | Shows a job object |
| K | A | !ks.* | Kernel streaming debugging extension |
| K | A | !loadermemorylist | Shows memory allocation list from boot loader |
| K | A | !lockedpages | Shows pages locked by drivers |
| K | A | !locks | Shows ERESOURCE locks |
| K | A | !logonsession | Shows a logon session information |
| K | A | !lookaside | Shows and modifies look-aside lists |
| K | A | !lpc | Shows LPC ports and messages |
| K | A | !mapic | Shows ACPI Multiple APIC table |
| K | A | !mca | Shows machine check architecture registers |
| K | A | !memlist | Scans PFN memory lists for consistency |
| K | A | !memusage | Shows physical memory stats |
| K | A | !minipkd.* | SCSI Miniport debugging extension |
| K | A | !mps | Shows Intel Multiprocessor Specification |
| K | A | !mtrr | Shows MTRR register |
| K | A | !ndiskd.* | NDIS debugging extension |
| K | A | !npx | Shows FLOATING_SAVE_AREA structure |
| K | A | !nsobj | Shows an ACPI namespace object |
| K | A | !nstree | Shows an ACPI namespace object and its children |
| K | A | !obja | Shows attributes of an object |
| K | A | !object | Shows information about an object |
| K | A | !obtrace | Shows object reference tracing data |
| K | A | !openmaps | Shows BCBs and VACBs for a shared cache map |
| K | A | !pat | Shows Page Attribute Table registers |
| K | A | !pci | Shows the status of PCI buses and attached devices |
| K | A | !pcitree | Shows PCI buses and attached devices |
| K | A | !pcr | Shows Processor Control Region |
| K | A | !pfn | Shows information about a page frame or database |
| K | A | !pnpevent | Shows PnP device event queue |
| K | A | !pocaps | Shows power capabilities |
| K | A | !pool | Shows information about a pool allocation |
| K | A | !poolfind | Searches for instances of a pool tag |
| K | A | !poolused | Shows tag-based pool usage summary |
| K | A | !poolval | Analyzes a pool page for possible corruption |
| K | A | !popolicy | Shows a power policy |
| K | A | !prcb | Shows Processor Control Block |
| K | A | !process | Shows EPROCESS and thread stacks |
| K | A | !pte | Shows page table and directory entry for an address |
| K | A | !pte2va | Shows virtual address corresponding to page table entry |
| K | A | !ptov | Shows entire physical to virtual map |
| K | A | !qlocks | Shows queued spin locks |
| K | A | !ready | Shows threads in a READY state |
| K | A | !reg | Shows and searches registry data |
| K | A | !rellist | Shows a PnP relation list |
| K | A | !rsdt | Shows ACPI Root System Description Table |
| K | A | !running | Shows running threads |
| K | A | !search | Searches physical memory for ptr-sized data |
| K | A | !searchpte | Searches physical memory for page frame number |
| K | A | !session | Shows user sessions |
| K | A | !spoolsum | Shows session pool summary |
| K | A | !spoolused | Shows session paged pool memory usage |
| K | A | !sprocess | Shows session processes |
| K | A | !srb | Shows SCSI Request Block |
| K | A | !stacks | Shows kernel stack traces |
| K | A | !swd | Shows software watchdog timer state |
| K | A | !sysinfo | Shows SMBIOS, ACPI and CPU information |
| K | A | !sysptes | Shows formatted system page table entries |
| K | A | !thread | Shows ETHREAD and stacks |
| K | A | !timer | Shows system timers |
| K | A | !tz | Shows power thermal zone |
| K | A | !tzinfo | Shows thermal zone information |
| K | L | !ub(cdelp) | Clears (disables, enables, lists, sets) user breakpoints |
| K | A | !vad | Shows virtual address descriptor |
| K | A | !validatelist | Validates backward and forward links in a list |
| K | A | !vm | Shows summary and stats about virtual memory |
| K | A | !vpb | Shows a volume parameter block |
| K | A | !vtop | Virtual to physical address conversion |
| K | A | !walklist | Searches session list |
| K | A | !wdfkd.* | Kernel-mode driver framework extension |
| K | A | !whatperftime | Converts high-resolution perf. counter values |
| K | A | !whattime | Converts tick count values |
| K | A | !wsle | Shows working set list entries |
| K | L | .bugcheck | Shows bugcheck code and args |
| K | L | .cache | Sets the size and memory cache options |
| K | A | .context | Sets page directory for user space |
| K | L | .crash | Issues a bugcheck on a target |
| K | L | .echocpunum | On/Off CPU number output |
| K | A | .enumtag | Shows secondary callback data |
| K | C | .ignore_missing_pages | Supresses errors |
| K | L | .kdfiles | Reads driver replacement map file |
| K | L | .pagein | Pages in specified memory address |
| K | A | .process | Specifies process for process context |
| K | L | .reboot | Restarts the target |
| K | A | .restart | Restarts the kernel connection (KD) |
| K | A | .secure | Sets or shows secure mode |
| K | L | .sleep | Pauses user debugger from kernel |
| K | A | .thread | Sets the current thread context |
| K | A | .trap | Shows or sets the trap frame |
| K | A | .tss | Shows TSS information for a processor |
| K | L | .wake | Ends sleep mode for a user debugger |
| A | A | !acl | Shows friendly contents of ACL |
| A | A | !address | Shows memory region usage and attributes |
| A | A | !analyze | Information about exception or bugcheck |
| A | A | !avrf | Controls settings and output of App Verifier |
| A | A | !bitcount | Counts the number of 1-bits in memory |
| A | A | !chkimg | Compares an image with its original copy |
| A | A | !chksym | Tests a module against a symbol file |
| A | A | !cpuid | Shows information about processors |
| A | A | !cs | Shows info about critical sections in a range |
| A | A | !dh | Shows image headers |
| A | A | !dlls | Shows verbose info about all loaded modules |
| A | A | !envvar | Shows the value of an environment variable |
| A | A | !error | Shows information about an error code |
| A | A | !evlog | Manipulates with event log in UL debugging |
| A | A | !exchain | Shows the chain of exception handlers |
| A | A | !extDLL.help | Shows description of extension commands |
| A | A | !for_each_frame(local|module|process|thread) | Traverses each frame (local, module, process, thread) |
| A | A | !gflag | Shows global flags |
| A | A | !gle | Shows last error value for thread(s) |
| A | A | !gs | Shows analysis of /GS stack overflow |
| A | A | !handle | Shows handle information |
| A | A | !heap | Shows heap usage and detects leaks |
| A | A | !homedir | Sets default directory for symbol and source servers |
| A | A | !htrace | Shows stack trace history for handles |
| A | A | !imggp | Shows 64-bit image global pointer directory value |
| A | A | !imgreloc | Shows preferred addresses of relocated modules |
| A | A | !kuser | Shows logged user information from KUSER_SHARED_DATA |
| A | A | !list | Executes commands for every linked list element |
| A | A | !lmi | Shows detailed module information |
| A | L | !logexts.* | Logger extension |
| A | A | !mui | Shows Multilingual User Interface cache |
| A | A | !net_send | Sends a local network message |
| A | A | !ntsdexts.locks | Shows a list of critical sections |
| A | A | !owner | Shows a module or function owner |
| A | A | !peb | Shows formatted process environment block |
| A | A | !rpcexts.* | RPC debugging extension |
| A | A | !rtlavl | Shows RTL_AVL_TABLE structure |
| A | A | !sd | Shows a security descriptor |
| A | A | !sid | Shows a security identifier |
| A | A | !slist | Traverses singly-linked list |
| A | A | !std_map | Shows std::map tree |
| A | A | !stl | Shows Standard Template Library templates |
| A | A | !str | Shows ANSI_STRING structure |
| A | A | !sym | Controls verbose symbol loading and prompts |
| A | A | !symsrv | Closes symbol server client |
| A | A | !teb | Shows formatted thread environment block |
| A | A | !tls | Shows a thread local storage slot |
| A | A | !token | Shows formatted security token object |
| A | A | !tp | Shows thread pool information |
| A | A | !ustr | Shows UNICODE_STRING structure |
| A | A | !verifier | Shows status of Driver Verifier |
| A | A | !version | Shows extension version |
| A | L | !wmitrace.* | Event tracing extension |
| A | A | !wudfext.* | User-mode driver framework extension |
| A | L | .allow_exec_cmds | Enables/disables g, t and p |
| A | A | .allow_image_mapping | Sets module mapping |
| A | L | .apply_dbp | Applies bps to specified CONTEXT |
| A | A | .asm | Sets format of disassembly output |
| A | A | .chain | Lists loaded extensions in search order |
| A | A | .cls | Clears command window contents |
| A | A | .cordll | Controls CLR debugging |
| A | A | .cxr | Shows or writes a context record |
| A | A | .dbgdbg | Launches CDB to debug the debugger |
| A | A | .detach | Ends the debugging session |
| A | A | .dump | Saves a user or a complete dump file |
| A | C | .dumpcab | Saves a dump file in a CAB file |
| A | A | .echo | Displays a string |
| A | A | .echotime | Displays the current time |
| A | A | .echotimestamps | On/Off timestamps |
| A | A | .effmach | Changes the processor mode |
| A | A | .enable_long_status | Decimal/default radix |
| A | A | .enable_unicode | 16-bit values as Unicode |
| A | A | .endpsrv | Closes process/connection server |
| A | A | .endsrv | Cancels an active debugging server |
| A | L | .event_code | Shows the event instructions |
| A | A | .eventlog | Shows Win32 debug events log |
| A | A | .exepath | Sets/appends executable search path |
| A | A | .expr | Sets the default expression evaluator |
| A | A | .exptr | EXCEPTION_POINTERS structure |
| A | A | .exr | Shows exception record information |
| A | A | .extpath | Sets/appends extension search path |
| A | A | .f(+/-) | Moves frame index down/up on stack |
| A | A | .fiber | Sets fiber context |
| A | C | .fiximports | Performs static import linking |
| A | A | .flash_on_break | Flashes WinDbg on taskbar |
| A | A | .fnent | Shows function data (extends ln) |
| A | A | .fnret | Shows function return value |
| A | A | .force_radix_output | Decimal/default radix |
| A | A | .force_tb | Allow branch tracing earlier |
| A | A | .formats | Evaluates expr in several formats |
| A | A | .fpo | Shows or fixes FPO information |
| A | A | .frame | Sets or shows the local context |
| A | A | .help | Lists all meta-commands |
| A | A | .hh | Opens help Index pane for specified text |
| A | A | .holdmem | Saves or compares memory range |
| A | A | .imgscan | Scans memory for MZ/PE headers |
| A | A | .kframes | Sets the length of stack trace |
| A | L | .kill | Ends a process and a debugging session |
| A | A | .lastevent | Shows last exception or event |
| A | A | .lines | Enables/disables source line support |
| A | A | .load | Loads a WinDbg extension DLL |
| A | A | .loadby | Loads an extension from module path |
| A | A | .locale | Shows or sets locale (setlocale in C) |
| A | A | .logappend | Appends output to a log file |
| A | A | .logclose | Closes an open log file |
| A | A | .logfile | Shows a log file status |
| A | A | .logopen | Opens a log file to record output |
| A | A | .lsrcfix | Sets the path to a local source server |
| A | A | .lsrcpath | Sets the source file search path |
| A | A | .netuse | Adds a network share connection |
| A | A | .noshell | Disables shell commands |
| A | A | .noversion | Disables ver. check for extensions |
| A | A | .ofilter | Filters debugging output from target |
| A | A | .open | Searches and opens a source file |
| A | C | .opendump | Opens a dump file |
| A | A | .outmask | Sets the output mask |
| A | A | .pcmd | Sets command to execute on prompt |
| A | A | .prompt_allow | Configures prompt |
| A | A | .quit_lock | Prevents accidental session ends |
| A | A | .readmem | Copies binary data from a file |
| A | L | .record_branches | Enables recording (x64) |
| A | A | .reload | Reloads symbols and modules |
| A | A | .remote | Creates a remote.exe server |
| A | A | .remote_exit | Exits a a debugging client |
| A | A | .send_file | Copies files or loaded symbols |
| A | A | .server | Creates a debugging server |
| A | A | .servers | Shows the list of debugging servers |
| A | A | .setdll | Sets the default debugging extension |
| A | A | .shell | Starts a shell process |
| A | A | .sound_notify | Sets notification sound |
| A | A | .srcfix | Sets the path to a source server |
| A | A | .srcnoisy | Sets verbosity for source file loads |
| A | A | .srcpath | Sets the source file search path |
| A | A | .step_filter | Creates a function skip list |
| A | A | .suspend_ui | Suspends WinDbg refresh |
| A | A | .symfix | Sets the path to a symbol server |
| A | A | .symopt | Shows or sets symbol options |
| A | A | .sympath | Sets the symbol file search path |
| A | A | .time | Shows values of system time variables |
| A | A | .unload | Unloads a debugging extension |
| A | A | .unloadall | Unloads all extensions |
| A | A | .write_cmd_hist | Writes command history |
| A | A | .writemem | Writes memory to a file |
| A | A | .wtitle | Sets main debugger window title |