|This article needs additional citations for verification. (June 2013)|
|Stable release||6.3.9600.16384 / August 22, 2013|
|Operating system||Microsoft Windows|
|Website||WinDbg at microsoft.com|
WinDbg is a multipurpose debugger for Microsoft Windows, distributed on the web by Microsoft. It can be used to debug user mode applications, drivers, and the operating system itself in kernel mode. It is a GUI application, but it has little in common with the better known, but less powerful, Visual Studio Debugger.
WinDbg can be used for debugging kernel-mode memory dumps, created after what is commonly called the Blue Screen of Death which occurs when a bug check is issued. It can also be used to debug user-mode crash dumps. This is known as post-mortem debugging.
WinDbg also has the ability to automatically load debugging symbol files (e.g., PDB files) from a server by matching various criteria (e.g., timestamp, CRC, single or multiprocessor version). This is a very helpful and time saving alternative to creating a symbol tree for a debugging target environment. If a private symbol server is configured, the symbols can be correlated with the source code for the binary. This eases the burden of debugging problems that have various versions of binaries installed on the debugging target by eliminating the need for finding and installing specific symbols version on the debug host. Microsoft has a public symbol server that has most of the public symbols for Windows 2000 and later versions of Windows (including service packs).
Recent versions of WinDbg have been and are being distributed as part of the free Debugging Tools for Windows suite, which shares a common debugging back-end between WinDbg and command line debugger front-ends like KD, CDB, and NTSD. Most commands can be used as is with all the included debugger front-ends.
WinDbg allows the loading of extension DLLs that can augment the debugger's supported commands and allow for help in debugging specific scenarios: for example, displaying an MSXML document given an IXMLDOMDocument, or debugging the Common Language Runtime (CLR). These extensions are a large part of what makes WinDbg such a powerful debugger. WinDbg is used by the Microsoft Windows product team to build Windows, and everything needed to debug Windows is included in these extension DLLs.
Extension commands are always prefixed with !.
While some extensions are used only inside Microsoft, most of them are part of the public Debugging Tools for Windows package.
The extension model is documented in the help file included with the Debugging Tools for Windows.
Ext is the Windows Debugger standard extension that ships with WinDBG and loaded by default.
The most commonly used command is !analyze -v, which analyzes the current state of the program being debugged and the machine/process state at the moment of crash or hang. This command is often able to debug the current problem in a completely automated fashion.
When used without any switches, !analyze simply returns the results of its analysis. The -v and -vv give further details about that analysis.
The SOS Debugging Extension (SOS.dll) helps you debug managed programs in Visual Studio and in the Windows debugger (WinDbg.exe) by providing information about the internal common language runtime (CLR) environment. This tool requires your project to have unmanaged debugging enabled. SOS.dll is automatically installed with the .NET Framework. To use SOS.dll in Visual Studio, install the Windows Driver Kit (WDK). To debug a process or memory dump you need sos.dll of exact same version of .NET Framework used in the process. Psscor2 and Psscor4 is a superset of SOS.
Psscor2 is the Windows Debugger Extension used to debug .NET Framework applications that use the .NET CLR version 2.0 (.NET Framework versions 2 through 3.5). Psscor2 was developed for internal use at Microsoft as part of their Product Support Services tools. While Microsoft only released Psscor2 in 2010  Microsoft had been publishing commands from the extension several years before  causing difficulty for those who where trying to follow their processes.
Psscor4 is a Windows Debugger extension used to debug .NET Framework 4 applications.
Coupling with virtual machines
WinDbg allows debugging Microsoft Windows kernel running on a VMware or VPC or Parallels virtual machine using a named pipe. This can be achieved by using a virtual COM port. Disadvantage of using COM port for kernel debugging is very low speed of data exchange because maximum baud rate of COM is 115200 bauds that is about 0,11 MB/s. Saving full memory dump of machine with 4Gb RAM goes about 10 hours. In the case of VMware or VirtualBox, the VirtualKD extension adds native support for VM debugging to Windows kernel that speeds up debugging up to 45 times. Beginning from Windows 8 kernel debugging over network is allowed that makes fast kernel debugging allowed from the box.
- Getting Started: Install Instructions, Part 1, Part 2
- Debugging Tools for Windows - information and free downloads
- WinDbg. From A to Z! - Theory and examples, 111 slides
- Common WinDbg Commands (Thematically Grouped)
- Tutorial on solving system crashes using WinDbg
- Symbols loading in WinDbg
- Windows Debuggers: Part 1: A WinDbg Tutorial
- KD extension for fast VMWare and VirtualBox debugging
- SOS Debugging Extension (SOS.dll)
- psscor4 (.NET 4.0) or psscor2 (.NET 2.0-3.5) Replacement for SOS with a superset of commands
-  WinDBG v220.127.116.113 available via Windows Driver Kit Version 7.1.0
- Extension for python scripting (pykd)