How to Use WinDBG (BSWJ)

Cybrary
Course

Engineers, administrators, developers, and red-teamers can all benefit from this “How to Use WinDBG (BSWJ)” course. Often pronounced “Windbag,” the Windows Debugger (WinDBG) is a very powerful tool for eliminating flaws in Windows software. Join Joe Perry in this “Breaking Stuff with Joe” session to learn more about it.

Time
20 minutes
Difficulty
Intermediate
4.7
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

This Course is part of a Career Path: Become a SOC Analyst - Level 3
Course Content
Module 1: BSWJ: WinDBG

LEARN MORE. ACHIEVE MORE.

Follow A Path

Deciphering the essentials to enter a new career is hard, so we did it for you!

Focus on building your skills and take this course in a guided Career Path.

Course Description

Teaching Assistants George Mcpherson Vikramajeet Khatri

(Disclaimer: Breaking Stuff with Joe is a Cybrary series that will be running indefinitely. You will not earn CEU/CPE hours by watching any individual 'Breaking Stuff with Joe' episode. However, you can still earn a certificate of completion for each episode completed.)

Using the Windows Debugger

The Windows debugger, also known as WinDBG (pronounced 'Windbag') is a multipurpose debugger designed by Microsoft for the Windows operating system. This debugger is used to find and resolve bugs, or errors, in the computing system. WinDBG can be used to debug device drivers, user mode applications, and the Windows operating system (in kernel mode). It has a graphical user interface (GUI) and it’s used throughout many different fields, including exploit development, software engineering, red-teaming, and others.

Why Use the Windows Debugger?

The Windows debugger is a powerful and versatile tool with many features and benefit. It’s the popular choice of debuggers for developers and system administrators working in investigating Windows crash reports, debugging BSODs (blue screen of death), and other errors.

WinDBG can also be used for various debugging tasks including:

  • debugging kernel mode memory dumps that occur after BSODs which happens when a bug check is issued
  • post-mortem debugging (debugging user mode crash dumps)
  • automatic loading of debugging symbol files from servers using SymSrv by matching specific criteria

The WinDBG utility is easily accessible to users. It can be obtained in three different ways – as part of the Windows Driver Kit (WDK), as a stand-alone tool, or as part of the Windows Software Development Kit (SDK).

In mid-2017, Windows released a revamped version of WinDBG that resolved some previous issues and added advanced features. Included in the revamp was an updated user interface to make navigation of the program simpler for users. Additionally, the newer version has the following features:

  • Re-worked file menu
  • Familiar source windows
  • New Model windows
  • Dedicated view of data models
  • Improved memory for recent sessions and some settings
  • Disassembly window keeps highlighting in the right spot when scrolling
  • Dark theme
  • Extensible locals and watch windows (via data models)
  • Built-in scripting environment (JavaScript and NatVis)
  • Memory window has improved scrolling and highlighting
  • Various other improvements

For more information about the Windows debugger, and to learn to use it, check out our How to Use WinDBG tutorial. The class is free, and it provides you with all the information you need to successfully run WinDBG to rid your Windows system of errors.

Instructed By
Joe Perry
Joe Perry
Senior Technical Instructor at FireEye, Inc
Instructor
Provider
Cybrary
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a How to Use WinDBG (BSWJ) Certificate of Completion

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.