# LiveKd - Sysinternals | Microsoft Learn

Title: LiveKd v5.63 — Summary

Authors: Mark Russinovich and Ken Johnson\
Published: April 28, 2020

Brief overview

* LiveKD is a utility (originally from the Inside Windows 2000 CD) that lets you run Microsoft kernel debuggers (Kd and WinDbg) locally against a live system, enabling you to execute the same debugger commands used on crash dumps to inspect a running Windows instance.
* It provides capabilities beyond the built-in live kernel debugging on newer Windows (Vista/Server 2008+), for example enabling commands such as !thread to view thread stacks.
* Download: <https://download.sysinternals.com/files/LiveKD.zip> (700 KB)

Installation

* Requires the Debugging Tools for Windows package to be installed first: <https://msdn.microsoft.com/library/windows/hardware/ff551063(v=vs.85).aspx>
* If the Debugging Tools are installed to their default folder (Program Files\Microsoft\Debugging Tools for Windows), LiveKD can be run from any directory; otherwise copy LiveKD into the tools directory.
* If system symbols are not installed, LiveKD can auto-configure the Microsoft symbol server.
* Note: The debugger will report missing symbols for LIVEKDD.SYS (symbols are not provided); this does not affect debugger behavior.

Key usage and features

* LiveKd launches kd.exe by default (use -w to run WinDbg instead).
* It supports creating mirror dumps (consistent views of kernel memory) and saving memory.dmp to disk.
* Hyper-V support: specify a VM by name or GUID for debugging, list running VMs, optionally pause the VM while active, and include hypervisor pages on supported systems.
* Mirror dumps (-m) capture kernel-only memory and may require significant available physical RAM; a flags mask can refine which regions to include (default 0x18F8). Mirror dumps require Windows Vista/Server 2008 or later.
* Native live dump generation (-ml) is available on Windows 8.1 and later.
* -o saves a dump to disk instead of launching the debugger.
* -vsym shows verbose symbol load information.
* Use Ctrl-Break to terminate and restart the debugger if it hangs.
* All other options are passed through to the underlying debugger.

Platform support

* Client: Windows Vista and higher
* Server: Windows Server 2008 and higher

Additional notes and resources

* The Debugging Tools for Windows documentation and related books cover how to explore systems with kernel debuggers.
* Training/resource link referenced: <https://learn.microsoft.com/en-us/training/modules/dotnet-debug-visual-studio/?source=recommendations>

Last updated: 03/23/2021

Download again: <https://download.sysinternals.com/files/LiveKD.zip>