The Windows Debugger (WinDbg) can be used to debug kernel-mode and user-mode code, to analyze crash dumps, and to examine the CPU registers while the code executes. Online Help From the File menu, select the Attach to a Process command. The following table shows frequently used WinDbg meta commands. The debugger documentation is also available on line in Debugging Tools for Windows. In Windbg, at the bottom of the Command window, in the command bar, execute this command: !process 0 0 You see a long list of all processes, as shown below.
It’s common to reverse malware (or any type of software) that creates multiple processes or loads drivers, and it is useful to be able to debug the new created processes or loaded drivers from entry point.
To use windbg, you have to install the Windows Debugging Tools. Online Help Manual kernel mode analysis with WinDbg
Since I prefer my kernel debugging with plain WinDbg (and not the IDA-integrated WinDbg), I'd like WinDbg to recognize the names IDA (and me While Windbg is generally held as a kernel debugger, it has a copious amount of other functions that makes it extremely versatile beyond that simple definition.
