Windbg: debugging commands
1. !thread/!process [address] e - on x64 will not show you the meaningless Args to Child information. 2. .frame /c [FrameNumber] - sets context to specificied stack frame. On x64 provides more reliable register information than .trap. 3. kn - Dumps call stack with frame numbers, easier than counting stacks for .frame. 4. .frame /r [FrameNumber] - same as .frame /c, but shows registers without changing context.Note: With .frame /c or /r you can only trust the nonvolatile registers. 5. k=rbp rip FrameCount - Dumps call stack starting at rbp/rip on x64. Useful when the stack is corrupt. 6. .process/.thread /p /r [address] - sets new process context, sets .cache forcedecodeuser, and reloads user symbols. 7. !process [address] 17 - Sets the context for this command, avoids the need for .process to see user stacks. Try !process 0 17 8. ~~[ThreadID]s - Changes threads in user mode. Use Thread ID number from output such as !locks.