First-time users of WinDbg should begin with the Debugger Operation section.
The WinDbg command line uses the following syntax:
windbg [ -server ServerTransport | -remote ClientTransport ] [-lsrcpath ]
[ -premote SmartClientTransport ] [-?] [-ee {masm|c++}]
[-clines lines] [-b] [-d] [-aExtension] [-e Event]
[-failinc] [-g] [-G] [-hd] [-j] [-n] [-noshell] [-o]
[-Q | -QY] [-QS | -QSY] [-robp] [-secure] [-ses] [-sdce]
[-sicv] [-sins] [-snc] [-snul] [-sup] [-sflags 0xNumber]
[-T Title] [-v] [-log{o|a} LogFile] [-noinh]
[-i ImagePath] [-y SymbolPath] [-srcpath SourcePath]
[-k [ConnectType] | -kl | -kx ExdiOptions] [-c "command"]
[-pb] [-pd] [-pe] [-pr] [-pt Seconds] [-pv]
[-W Workspace] [-WF Filename] [-WX] [-zp PageFile]
[ -p PID | -pn Name | -psn ServiceName | -z DumpFile | executable ]
windbg -I[S]
windbg -IU KeyString
windbg -IA[S]
Descriptions of the WinDbg command-line options follow. All command-line options are case-sensitive except for -j. The initial hyphen can be replaced with a forward-slash (/).
If the -remote or -server option is used, it must appear before any other options on the command line. If an executable is specified, it must appear last on the command line; any text after the executable name is passed to the executable program as its own command-line parameters.
Parameters
-b -k com:port=\\.\pipe\com_xp,baud=11520,pipe
-server
ServerTransport
-
Creates a debugging server that can be accessed by other debuggers. For an explanation of the possible
ServerTransport values, see
Activating a Debugging Server. When this parameter is used, it must be the first parameters on the command line.
-remote
ClientTransport
-
Creates a debugging client, and connects to a debugging server that is already running. For an explanation of the possible
ClientTransport values, see
Activating a Debugging Client. When this parameter is used, it must be the first parameters on the command line.
-premote
SmartClientTransport
-
Creates a smart client, and connects to a process server that is already running. For an explanation of the possible
SmartClientTransport values, see
Activating a Smart Client.
-a
Extension
-
Sets the default extension DLL. The default is
kdextx86.dll or
kdexts.dll. There must be no space after the "a", and the
.dll file name extension must not be included. For details, and other methods of setting this default, see
Loading Debugger Extension DLLs.
-b
-
(Kernel mode only) This option has two effects:
1. The debugger will break into the target computer immediately upon connection.
2. After a reboot, the debugger will break into the target computer once the kernel is initialized. See Crashing and Rebooting the Target Computer for details and for other methods of changing this status.
-c "
command
"
-
Specifies the initial debugger command to run at start-up. This command must be enclosed in quotation marks. Multiple commands can be separated with semicolons. (If you have a long command list, it may be easier to put them in a script and then use the
-c option with the
$<, $><, $><, $$>< (Run Script File) command.)
If you are starting a debugging client, this command must be intended for the debugging server. Client-specific commands, such as .lsrcpath, are not allowed.
-clines
lines
-
Sets the approximate number of commands in the command history which can be accessed during remote debugging. For details, and for other ways to change this number, see
Using Debugger Commands.
-d
-
(Kernel mode only) After a reboot, the debugger will break into the target computer as soon as a kernel module is loaded. (This break is
earlier than the break from the
-b option.) See
Crashing and Rebooting the Target Computer for details and for other methods of changing this status.
-e
Event
-
Signals the debugger that the specified event has occurred. This option is only used when starting the debugger programmatically.
-ee {
masm|
c++}
-
Sets the default expression evaluator. If
masm is specified, MASM expression syntax will be used. If
c++ is specified, C++ expression syntax will be used. If the
-ee option is omitted, MASM expression syntax is used as the default. See
Evaluating Expressions for details.
-failinc
-
Causes the debugger to ignore any questionable symbols. When debugging a user-mode or kernel-mode minidump file, this option will also prevent the debugger from loading any modules whose images can't be mapped. For details and for other methods of controlling this, see
SYMOPT_EXACT_SYMBOLS.
-g
-
(User mode only) Ignores the initial breakpoint in target application. This option will cause the target application to continue running after it is started or WinDbg attaches to it, unless another breakpoint has been set. See
Initial Breakpoint for details.
-G
-
(User mode only) Ignores the final breakpoint at process termination. Typically, the debugging session ends during the image run-down process. This option will cause the debugging session to end immediately when the child terminates.
-hd
-
(Windows XP and later, user mode only) Specifies that the debug heap should not be used. See
Behavior of Spawned Processes for details.
-I[
S]
-
Installs WinDbg as the postmortem debugger. For details, see
Enabling Postmortem Debugging. After this action is attempted, a success or failure message is displayed. If
S is included, this procedure is done silently if it is successful; only failure messages are displayed.
The -I parameter must not be used with any other parameters. This command will not actually start WinDbg, although a WinDbg window may appear for a moment.
-IA[
S]
-
Associates WinDbg with the file extensions
.dmp,
.mdmp, and
.wew in the registry. After this action is attempted, a success or failure message is displayed. If
S is included, this procedure is done silently if it is successful; only failure messages are displayed. After this association is made, double-clicking a file with one of these extensions will start WinDbg.
The -IA parameter must not be used with any other parameters. This command will not actually start WinDbg, although a WinDbg window may appear for a moment.
-IU
KeyString
-
Registers debugger remoting as an URL type so that users can auto-launch a debugger remote client with an URL.
KeyString has the format
remdbgeng://RemotingOption.
RemotingOption is a string that defines the transport protocol as defined in the topic
Activating a Debugging Client. If this action succeeds, no message is displayed; if it fails, an error message is displayed.
The -IU parameter must not be used with any other parameters. Although a WinDbg window may appear for a moment, this command will not actually start WinDbg.
-i
ImagePath
-
Specifies the location of the executables that generated the fault. If the path contains spaces, it should be enclosed in quotation marks. For details, and for other ways to change this path, see
Executable Image Path.
-j
-
Allow journaling.
-k [
ConnectType]
-
(Kernel mode only) Starts a kernel debugging session. For details, see
Choosing Kernel Debugging Settings
. If -k is used without any ConnectType options following it, it must be the final entry on the command line.
-kl
-
(Windows XP and later, kernel mode only) Starts a kernel debugging session on the same machine as the debugger. For more details, see
Attaching to a Target Computer (Kernel Mode).
-kx
ExdiOptions
-
(Kernel mode only) Starts a kernel debugging session using an EXDI driver. EXDI drivers are not described in this documentation. If you have an EXDI interface to your hardware probe or hardware simulator, please contact Microsoft for debugging information.
-log{
o|
a}
LogFile
-
Begins logging information to a log file. If the specified log file already exists, it will be overwritten if
-logo is used. If
loga is used, the output will be appended to the file. For more details, see
Keeping a Log File.
-lsrcpath
-
Sets the local source path for a remote client. This option must follow
-remote on the command line.
-n
-
Noisy symbol load: Enables verbose output from symbol handler. For details and for other methods of controlling this, see
SYMOPT_DEBUG.
-noinh
-
(User mode only) Prevents processes created by the debugger from inheriting handles from the debugger. For other methods of controlling this, see
Spawning a New Process (User Mode).
-noprio
-
Prevents any priority change. This parameter will prevent WinDbg from taking priority for CPU time while active.
-noshell
-
Prohibits all
.shell commands. This prohibition will last as long as the debugger is running, even if a new debugging session is begun. For details, and for other ways to disable shell commands, see
Using Shell Commands.
-o
-
(User mode only) Debugs all processes launched by the target application (child processes). By default, processes created by the one you are debugging will run as they normally do. For other methods of controlling this, see
Spawning a New Process (User Mode).
-p
PID
-
Specifies the decimal process ID to be debugged. This is used to debug a process that is already running. For details, see
Attaching to a Running Process (User Mode).
-pb
-
(Windows XP and later, user mode only) Prevents the debugger from requesting an initial break-in when attaching to a target process. This can be useful if the application is already suspended, or if you wish to avoid creating a break-in thread in the target. See
Attaching to a Running Process (User Mode).
-pd
-
(Windows XP and later, user mode only) Causes the target application not to be terminated at the end of the debugging session. See
Ending the Debugging Session for details.
-pe
-
(Windows XP and later, user mode only) Indicates that the target application is already being debugged. See
Re-attaching to the Target Application for details.
-pn
Name
-
Specifies the name of the process to be debugged. (This name must be unique.) This is used to debug a process that is already running. For details, see
Attaching to a Running Process (User Mode).
-pr
-
(Windows XP and later, user mode only) Causes the debugger to start the target process running when it attaches to it. This can be useful if the application is already suspended and you wish it to resume execution. See
Attaching to a Running Process (User Mode).
-psn
ServiceName
-
Specifies the name of a service contained in the process to be debugged. This is used to debug a process that is already running. For details, see
Attaching to a Running Process (User Mode).
-pt
Seconds
-
Specifies the break timeout, in seconds. The default is 30. See
Controlling the Target for details.
-pv
-
(User mode only) Specifies that the debugger should attach to the target process noninvasively. For details, see
Noninvasive Debugging (User Mode).
-Q
-
Suppresses the "Save Workspace?" dialog box. Workspaces are not automatically saved. See
Using Workspaces for details.
-QS
-
Suppresses the "Reload Source?" dialog box. Source files are not automatically reloaded.
-QSY
-
Suppresses the "Reload Source?" dialog box and automatically reloads source files.
-QY
-
Suppresses the "Save Workspace?" dialog box and automatically saves workspaces. See
Using Workspaces for details.
-robp
-
This allows CDB to set a breakpoint on a read-only memory page. (The default is for such an operation to fail.)
-sdce
-
Causes the debugger to display
File access error messages during symbol load. For details and for other methods of controlling this, see
SYMOPT_FAIL_CRITICAL_ERRORS.
-secure
-
Activates
Secure Mode.
-ses
-
Causes the debugger to perform a strict evaluation of all symbol files and ignore any questionable symbols. For details and for other methods of controlling this, see
SYMOPT_EXACT_SYMBOLS.
-sflags 0x
Number
-
Sets all the symbol handler options at once.
Number should be a hexadecimal number prefixed with
0x — a decimal without the
0x is permitted, but the symbol options are binary flags and therefore hexadecimal is recommended. This option should be used with care, since it will override all the symbol handler defaults. For details, see
Setting Symbol Options.
-sicv
-
Causes the symbol handler to ignore the CV record. For details and for other methods of controlling this, see
SYMOPT_IGNORE_CVREC.
-sins
-
Causes the debugger to ignore the symbol path and executable image path environment variables. For details, see
SYMOPT_IGNORE_NT_SYMPATH.
-snc
-
Causes the debugger to turn off C++ translation. For details and for other methods of controlling this, see
SYMOPT_NO_CPP.
-snul
-
Disables automatic symbol loading for unqualified names. For details and for other methods of controlling this, see
SYMOPT_NO_UNQUALIFIED_LOADS.
-srcpath
SourcePath
-
Specifies the source file search path. Separate multiple paths with a semicolon (
;). If the path contains spaces, it should be enclosed in quotation marks. For details, and for other ways to change this path, see
Source Path.
-sup
-
Causes the symbol handler to search the public symbol table during every symbol search. For details and for other methods of controlling this, see
SYMOPT_AUTO_PUBLICS.
-T
Title
-
Sets WinDbg window title.
-v
-
Enables verbose output from debugger.
-W
Workspace
-
Loads the given named workspace. If the workspace name contains spaces, enclose it in quotation marks. If no workspace of this name exists, you will be given the option of creating a new workspace with this name or abandoning the load attempt. For details, see
Using Workspaces.
-WF
Filename
-
Loads the workspace from the given file.
Filename should include the file and the extension (usually
.wew). If the workspace name contains spaces, enclose it in quotation marks. If no workspace file with this name exists, you will be given the option of creating a new workspace file with this name or abandoning the load attempt. For details, see
Using Workspaces.
-WX
-
Disables automatic workspace loading. For details, see
Using Workspaces.
-y
SymbolPath
-
Specifies the symbol search path. Separate multiple paths with a semicolon (
;). If the path contains spaces, it should be enclosed in quotation marks. For details, and for other ways to change this path, see
Symbol Path.
-z
DumpFile
-
Specifies the name of a crash dump file to debug. If the path and file name contain spaces, this must be surrounded by quotation marks. It is possible to open several dump files at once by including multiple
-z options, each followed by a different
DumpFile value. For details, see
Analyzing a User-Mode Dump File with WinDbg or
Analyzing a Kernel-Mode Dump File with WinDbg.
-zp
PageFile
-
Specifies the name of a modified page file. This is useful if you are debugging a dump file and want to use the
.pagein (Page In Memory) command. You cannot use
-zp with a standard Windows page file — only specially-modified page files can be used.
executable
-
Specifies the command line of an executable process. This is used to launch a new process and debug it. This has to be the final item on the command line. All text after the executable name is passed to the executable as its argument string. For details, see
Spawning a New Process (User Mode).
-?
-
Pops up this HTML Help window.
When you are running the debugger from the command line, specify arguments for the target application after application's file name. For instance:
windbg myexe
arg1 arg2
