How to Use WinDBG (BSWJ)
The Windows Debugger (WinDBG, often pronounced 'Windbag') is an incredibly powerful tool for isolating and eliminating flaws in Windows software. It finds use throughout the fields of software engineering, exploit development, red-teaming, and more.
Teaching Assistants George Mcpherson Vikramajeet Khatri
(Disclaimer: Breaking Stuff with Joe is a Cybrary series that will be running indefinitely. You will not earn CEU/CPE hours by watching any individual 'Breaking Stuff with Joe' episode. However, you can still earn a certificate of completion for each episode completed.)
Using the Windows Debugger
The Windows debugger, also known as WinDBG (pronounced 'Windbag') is a multipurpose debugger designed by Microsoft for the Windows operating system. This debugger is used to find and resolve bugs, or errors, in the computing system. WinDBG can be used to debug device drivers, user mode applications, and the Windows operating system (in kernel mode). It has a graphical user interface (GUI) and it’s used throughout many different fields, including exploit development, software engineering, red-teaming, and others.
Why Use the Windows Debugger?
The Windows debugger is a powerful and versatile tool with many features and benefit. It’s the popular choice of debuggers for developers and system administrators working in investigating Windows crash reports, debugging BSODs (blue screen of death), and other errors.
WinDBG can also be used for various debugging tasks including:
- debugging kernel mode memory dumps that occur after BSODs which happens when a bug check is issued
- post-mortem debugging (debugging user mode crash dumps)
- automatic loading of debugging symbol files from servers using SymSrv by matching specific criteria
The WinDBG utility is easily accessible to users. It can be obtained in three different ways – as part of the Windows Driver Kit (WDK), as a stand-alone tool, or as part of the Windows Software Development Kit (SDK).
In mid-2017, Windows released a revamped version of WinDBG that resolved some previous issues and added advanced features. Included in the revamp was an updated user interface to make navigation of the program simpler for users. Additionally, the newer version has the following features:
- Re-worked file menu
- Familiar source windows
- New Model windows
- Dedicated view of data models
- Improved memory for recent sessions and some settings
- Disassembly window keeps highlighting in the right spot when scrolling
- Dark theme
- Extensible locals and watch windows (via data models)
- Memory window has improved scrolling and highlighting
- Various other improvements
For more information about the Windows debugger, and to learn to use it, check out our How to Use WinDBG tutorial. The class is free, and it provides you with all the information you need to successfully run WinDBG to rid your Windows system of errors.
Complete this entire course to earn a How to Use WinDBG (BSWJ) Certificate of Completion
See the full benefits of our immersive learning experience with interactive courses and guided career paths.
In this course we review some of the most powerful cybersecurity tools available for use ...
TCPDump is one of the best light-weight utilities for performing network traffic capture. It's extremely ...