Place PDB file where image itself is (VS does this by default)
or place in a repo and point debugger to it
Goto Settings -> Debugging Settings
Add your symbols to Symbol Paths preceded by ;
For WIndows Binaries
Connect to Microsoft Symbol Server using the _NT_SYMBOL_PATH enviroment variable
Set _NT_SYMBOL_PATH to srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Force Reload Symbols
.reload /f user32.dll
Enable dml
.prefer_dml 1
Commands
Threads
# list loaded moduleslm
# List threads in process~
# Convert Hex to Decimal? 1ab4
# Convert Decimal to Hex? 0n6836
# Examine current active thread TEB!teb
# Examine TEB, What windows thinks is most important!teb 00000066`f1dac000
# Examie struct definition dt _teb
# Examine struct definition with module followed by structure namedt ntdll!_teb
# Examine Teb Values dt ntdll!_teb 00000070`b46ed000
# switch to different thread, thread 0~0s
# Examine PEB!peb
# Exame PEB using DTdt ntdll!_peb 00000070b46ea000
# Set break point at symbolbp kernel32!createfilew
# List breakpointbl
# disable breakpointbd0
# clear breakpointbc0
# continue executiong
# examine rcx registerr rcx
# change rcx register valuer rcx=00000000000c033e
# Display with the format of bytedb 00000000000c033e
# display with the format of Unicodedu 0000029f864d84f0
# display with the format of Unicode from register directlydu @rcx
# display with double word format[4 bytes] starting this addressdd 000000b5`6092ea88+28
# display with double word format[4 bytes] starting this address with range 1dd 000000b5`6092ea88+28 L1