WinDBG Cheat Sheet
Last modified: 2024-02-18
Reverse Engineering
Common
# Get PEB (Process Environment Block)
!peb
# Display stack backtrace
kv
dt (Display Type)
Display fields and values.
# TEB (Thread Environment Block)
dt _teb
# PEB (Process Environment Block)
dt _peb
# @$peb: Refer to the PEB of the current process.
dt _peb @$peb
# LDR
dt _PEB_LDR_DATA
# poi: Dereference
dt _PEB_LDR_DATA poi(@$peb+0x123)
dt _LDR_DATA_TABLE_ENTRY
dt _LDR_DATA_TABLE_ENTRY 0x123
? (Evaluate Expression)
? poi(@$peb+0x123)