WinDBG is the best debugger available for Windows. It’s able to debug both user mode and kernel code. The preview version of WinDBG can be downloaded from the Microsoft store here.
The article contains a list of useful WinDBG commands.
General Commands
Command
Description
.sympath [SymbolPath]
Set or display the symbol search path.
.reload
Reload symbol information.
.chain
Display the current function call chain.
.cls
Clear the screen.
.restart
Restart the target application or operating system.
Breakpoints
Command
Description
bp [Address]
Set a breakpoint at the specified address.
bu [Address]
Set an unresolved breakpoint.
bc [BreakpointNumber]
Clear a breakpoint.
bl
List all breakpoints.
bp <module>!<function>
Break on a function call. E.g bp ws2_32!recv, bp Application!Main
Execution Control
Command
Description
g
Go (resume execution).
p
Step into (execute one instruction and break).
t
Trace (execute one instruction and continue).
pt
Trace until the current function returns.
gu
Go until the specified address.
Registers & Memory
Command
Description
r
Display or modify register values.
dq [Address]
Display quad-word (64 bits) memory at the specified address.
dd [Address]
Display double-word (32 bits) memory at the specified address.
db [Address]
Display byte memory at the specified address.
dq poi([Address])
Derference memory at specified address.
u @rip
Display next instructions to be executed.
Stack Commands
Command
Description
k
Display the call stack.
!teb
Display information about the Thread Environment Block (TEB).
Module and Symbol Information
Command
Description
lm
List loaded modules.
x [Symbol]
Examine symbols (display information about symbols).