MohamedG's Log



Using Windbg, aka Debugging Tools for Windows, is a great way for debugging, crash analysis, and reading dump files. If you’re not a keyboard person who likes to write commands and be in the driver’s seat, you might not like it at the first glance, but after using it, you’ll appreciate its power. To give you a jump start on the available commands, here’s a a quick list of some handy commonly used ones:



.loadby sos mscorwks

Loads SOS extension for dealing with the managed code. SOS extension comes with the .Net framework. That command will load SOS.dll which resides in the same directory as mscorwks, which must be in the address space

.load <path>\sos.dll

Loads SOS extension from explicitly specified location

.sympath srv*\\Symbols\Symbols

Sets the symbols lookup path to the symbol server

.sympath+ <path>

Appends the symbol lookup paths

.srcpath <path>

Sets the source lookup path.

.srcpath+ <path>

Appends the source lookup path

.exepath <path>

Sets the executable lookup path

ld *

Loads symbols for all modules


Reloads symbols


Shows all loaded modules. You should run this command to check whether symbols are loaded for your binary

lm m *substring*

Shows all loaded modules that have "substring" in their names


Clears screen

.logopen c:\log.txt

Opens log file c:\log.txt. Now the output of all commands will also go into the text file you specified. This is extremely useful when you’re dealing with large amounts of data

.logappend c:\log.txt

Appends to the log file


Closes any open log file. Use this command once you’ve gathered all information you need

.dump /ma c:\dump.dmp

Creates a dump file


Analyzes the dump file. This command is useful for investigating dumps; it analyzes why the application hung or crashed, it’s also the most commonly-used command

!analyze –v

Analyzes the dump file, verbose

!analyze –vv

Analyzes the dump file, verbose verbose

.lastevent Prints last event
!pe Prints exception
kb Prints stack trace. It stands for: Stack Backtrace
kb 50 Shows 50 frames of the stack trace
~*kb Prints stack trace for all threads


Shows all active threads


Shows current thread’s stack


Shows call stacks for all threads


Lists managed threads


List thread pool threads


Call stack for all threads

!eeheap [-gc] [-loader]

Shows heap information

!DumpObject <address>

Prints content of the object

!DumpHeap -stat

Shows all allocated objects and provides more than enough information for investigations


Shows GC roots


Shows finalize-able objects


Displays information about the memory used by the process


Shows statistics for GC handles in the process


A helper command for tracking GC handle leaks

!help <command>

Displays help for the extension command (which starts with the bang), e.g.: !help PrintException

For more info, please visit: