Windbg: debugging commands
1. !thread/!process [address] e - on x64 will not show you the meaningless Args to Child information. 2. .frame /c [FrameNumber] - sets context to specificied stack frame. On x64 provides more reliable register information than .trap. 3. kn - Dumps call stack with frame numbers, easier than counting stacks for .frame. 4. .frame /r [FrameNumber] - same as .frame /c, but shows registers without changing context.Note: With .frame /c or /r you can only trust the nonvolatile registers. 5. k=rbp rip FrameCount - Dumps call stack starting at rbp/rip on x64. Useful when the stack is corrupt. 6. .process/.thread /p /r [address] - sets new process context, sets .cache forcedecodeuser, and reloads user symbols. 7. !process [address] 17 - Sets the context for this command, avoids the need for .process...