Command

Variants/Params

Description/Examples

.sympath

.sympath

.sympath+

Display or set symbol search path

Append directories to previous symbol path

.symfix

.symfix

.symfix+ DownstreamStore

Display or set symbol search path

Append directories to previous symbol path

.reload

.reload

.reload [/f | /v]

.reload [/f | /v] Module

Reload symbol information for all modules**

f = force immediate symbol load (overrides lazy loading); v = verbose mode

Module = for Module only

**Note: The .reload command does not actually cause symbol information to be read. It just lets the debugger know that the symbol files may have changed, or that a new module should be added to the module list. To force actual symbol loading to occur use the /f option, or the ld (Load Symbols) command.

Command

Variants/Params

Description/Examples

bp

bp [Addr]

bp [Addr] [“CmdString”]

[~Thrd] bp[#] [Options] [Addr] [Passes] [“CmdString”]

Set breakpoint at address

CmdString = Cmd1; Cmd2; .. Executed every time the BP is hit.

~Thrd == thread that the bp applies too.

# = Breakpoint ID

Passes = Activate breakpoint after #Passes (it is ignored before)

Command

Variants/Params

Description/Examples

d*

d[a| u| b| w| W| d| c| q| f| D] [/c #] [Addr]

Display memory [#columns to display]

a = ascii chars

u = Unicode chars

b = byte + ascii

w = word (2b)

W = word (2b) + ascii

d = dword (4b)

c = dword (4b) + ascii

q = qword (8b)

f = floating point (single precision – 4b)

D = floating point (double precision – 8b)

dy*

dy[b | d] ..

Display memory [#columns to display]

b = binary + byte

d = binary + dword

d*s

dds [/c #] [Addr]

dqs [/c #] [Addr]

Display words and symbols (memory at Addr is assumed to be a series of addresses in the symbol table)

dds = dwords (4b)

dqs = qwords (8b)

Command

Variants/Params

Description/Examples

k

k [n] [f] [L] [#Frames]

kb …

kp …

kP …

kv …

dump stack; n = with frame #; f = distance between adjacent frames; L = omit source lines; number of stack frames to display

first 3 params

all params: param type + name + value

all params formatted (new line)

FPO info, calling convention

Command

Variants/Params

Description/Examples

r

r

r Reg1, Reg2

r Reg=Value

r Reg:Type

r Reg:[Num]Type

~Thread r [Reg:[Num]Type]

Dump all registers

Dump only specified registers (i.e.: r eax, edx)

Value to assign to the register (i.e.: r eax=5, edx=6)

Type = data format in which to display the register (i.e.: r eax:uw)

ib = Signed byte

ub = Unsigned byte

iw = Signed word (2b)

uw = Unsigned word (2b)

id = Signed dword (4b)

ud = Unsigned dword (4b)

iq = Signed qword (8b)

uq = Unsigned qword (8b)

f = 32-bit floating-point

d = 64-bit floating-point

Num = number of elements to display (i.e.: r eax:1uw)

Default is full register length, thus r eax:uw would display two values as EAX is a 32-bit register.

Thread = thread from which the registers are to be read (i.e.: ~1 r eax)

Command

Variants/Params

Description/Examples

.ecxr

displays exception context record (registers) associated with the current exception

Command

Variants/Params

Description/Examples

.srcpath

.srcpath

.srcpath+ DIR

Display or set source search path

Append directory to the searched source path