Software Diagnostics Institute
Software Diagnostics Technology and Services
Tables of Contents and Indexes of WinDbg Commands from all volumes
Download Debugging Tools for Windows
Debugging Tools for Windows Help
Debugging Tools for Windows Blog
Symbol Server (Microsoft):
srv*c:\mss*http://msdl.microsoft.com/download/symbols
Symbol Server (Citrix):
srv*c:\css*http://ctxsym.citrix.com/symbols
.symfix c:\mss
.sympath+ srv*c:\css*http://ctxsym.citrix.com/symbols
WinDbg cheat sheet for crash dump analysis
CMDTREE.TXT for .cmdtree WinDbg command corresponding to Crash Dump Analysis Checklist
NEW! The book about using and writing WinDbg extensions
Large collection of extensions
Psscor4 Managed-Code Debugging Extension
CodeMachine Kernel Debugger Extension
Incident Response & Digital Forensics Debugging Extension (SwishDbgExt)
Windows Object Explorer 64-bit (WinObjEx64)
Complete Stack Traces from x64 System:
!for_each_thread "!thread @#Thread 16;.thread /w @#Thread; .reload; kv 256; .effmach AMD64"
x86 Stack Traces from WOW64 Process:
!for_each_thread ".thread @#Thread; r $t0 = @#Thread; .if (@@c++(((nt!_KTHREAD *)@$t0)->Process) == ProcessAddress) {.thread /w @#Thread; .reload; kv 256; .effmach AMD64 }"
Top CPU Consuming Threads:
!for_each_thread "r $t1 = dwo( @#Thread + @@c++(#FIELD_OFFSET(nt!_KTHREAD, KernelTime)) ); r $t0 = Ticks; .if (@$t1 > @$t0) {!thread @#Thread 3f}"
!for_each_thread "r $t1 = dwo( @#Thread + @@c++(#FIELD_OFFSET(nt!_KTHREAD, UserTime)) ); r $t0 = Ticks; .if (@$t1 > @$t0) {!thread @#Thread 3f}"
Windows Software Development Kit (SDK) Windows Driver Kit (WDK) .NET Core
NEW! Accelerated Windows API for Software Diagnostics
NEW! Accelerated Windows Postmortem Diagnostics and Debugging
NEW! Accelerated Windows Memory Forensics and Malware Analysis with Memory Dumps
NEW! Extended Windows Memory Dump Analysis
Accelerated Linux Core Dump Analysis
Accelerated Linux Core Dump Analysis
Accelerated .NET Core Memory Dump Analysis
Practical Foundations of Windows Debugging, Disassembling, Reversing
Accelerated Windows Memory Dump Analysis, Part 1: Process User Space
Accelerated Windows Memory Dump Analysis, Part 2: Kernel and Complete Spaces
Accelerated Windows Memory Dump Analysis
Advanced Windows Memory Dump Analysis with Data Structures
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Debugging4
Accelerated Disassembly, Reconstruction and Reversing
NEW! Accelerated Windows API for Software Diagnostics
NEW! Extended Windows Memory Dump Analysis
Accelerated Linux Core Dump Analysis
Accelerated .NET Core Memory Dump Analysis
Practical Foundations of Windows Debugging, Disassembling, Reversing
Accelerated Windows Memory Dump Analysis, Part 1: Process User Space
Accelerated Windows Memory Dump Analysis, Part 2: Kernel and Complete Spaces
Accelerated Windows Memory Dump Analysis
Advanced Windows Memory Dump Analysis with Data Structures
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Debugging4
Accelerated Disassembly, Reconstruction and Reversing
Windows Debugging: Practical Foundations
x64 Windows Debugging: Practical Foundations
Windows Debugging Notebook: Essential User Space WinDbg Commands
Inside Windows Debugging: A Practical Guide to Debugging and Tracing Strategies in Windows
Advanced Windows Debugging (The Addison-Wesley Microsoft Technology Series)
What Makes It Page?: The Windows 7 (x64) Virtual Memory Manager
Memory Dump Analysis Anthology, Volume 1
Memory Dump Analysis Anthology, Volume 2
Memory Dump Analysis Anthology, Volume 3
Memory Dump Analysis Anthology, Volume 4
Memory Dump Analysis Anthology, Volume 5
Memory Dump Analysis Anthology, Volume 6
Memory Dump Analysis Anthology, Volume 7
Memory Dump Analysis Anthology, Volume 8a
Memory Dump Analysis Anthology, Volume 8b
Memory Dump Analysis Anthology, Volume 9a
Memory Dump Analysis Anthology, Volume 9b
Memory Dump Analysis Anthology, Volume 10
Memory Dump Analysis Anthology, Volume 11
Memory Dump Analysis Anthology, Volume 12
Memory Dump Analysis Anthology, Volume 13
Memory Dump Analysis Anthology, Volume 14
Debugged! MZ/PE: MagaZine for/from Practicing Engineers
Debugged! MZ/PE: Modeling Software Defects
Debugged! MZ/PE: Software Tracing
Debugged! MZ/PE: Multithreading
WinDbg: A Reference Poster and Learning Cards
Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7 (6th Edition)
Windows Internals, Part 2: Covering Windows Server 2008 R2 and Windows 7 (6th Edition)
Windows Internals, Part 2 (7th Edition)
Debugging Microsoft .NET 2.0 Applications
Writing High-Performance .NET Code
Advanced Windows RT Memory Dump Analysis, ARM Edition
Fundamentals of Physical Memory Analysis: Anniversary Edition
Pattern-Oriented Memory Forensics: A Pattern Language Approach
Victimware: The Missing Part of the Equation
The Old New Crash: Cloud Memory Dump Analysis
Principles of Memory Dump Analysis: The Collected Seminars
Pro .NET Memory Management: For Better Code, Performance, and Scalability
