File ▸ Open Executable...

Click Open Executable on the File menu to start a new user-mode process and debug it.

File ▸ Attach to a Process...

Click Attach to a Process on the File menu to debug a user-mode application that is currently running.

q

Ends the debugging session.

g

Begins or resumes execution on the target.

bp address

Sets a new breakpoint at the address of the breakpoint location that is specified in the command.

bl

Lists information about existing breakpoints.

bc breakpoint ID

Removes previously set breakpoints specified by their breakpoint ID.

t

Executes a single instruction or source line and, optionally, displays the resulting values of all registers and flags. Will step into subfunctions.

p

Executes a single instruction or source line and, optionally, displays the resulting values of all registers and flags. Will not enter subfunctions.

dd address

Displays the contents of address as double-word values (4 bytes).

du address

Displays the contents of address as unicode characters.

dt

Displays information about a local variable, global variable, or data type, including structures and unions.

poi(address)

Returns pointer-sized data from the specified address. Depending on the architecture the pointer size is 32 bits or 64 bits.

r

Lists registers and their contents.

kb

Prints a backtrace of all stack frames.

u address

Dumps a range of memory around address as machine instructions.

!analyze -v

This debugger extension displays a lot of useful information about an exception or bug check.

!drvobj DRIVER_OBJECT

This debugger extension displays detailed information about a DRIVER_OBJECT.

.sympath

This command changes the default path of the debugger for symbol search.

.reload

This command deletes all symbol information and reloads these symbols as needed.