Quote Originally Posted by blabberer View Post
no absolutely not if you open notepad.exe on the same computer running windbg and if it breaks on ntdll!Kixxxstartyyy you are doing plain usermode debugging as if you are debugging it in ollydbg / x64dbg / whatever debug including visual-studio f5
Thanks blabbs, I did get my feet wet, somewhat. I traced from the ntdll point where notepad stops well into ntdll and k32. I realize that is still user mode code.

What would happen if I hit an entry point from ntdll into the kernel? Would it just stall, or kick me back to ntdll code after the kernel processes completed?

Along the way, I experimented with the windows you suggested, changing the colours and fonts to suit. I had the code window setup with custom colours and the register window open.

Takes a bit of getting used to with the 64-bit registers. I wondered if the leading zeros can be dumped when not in use.

Could not find a flags register for imminent jumps. Have not looked hard yet.

I wish the register windows could be arranged more horizontally than vertically. Maybe there's a way. Anyway, I began to feel quite comfortable stepping through the code with F8 and F10.