SlideShare a Scribd company logo

Windows Crash Dump Analysis

Download as PPTX, PDF
Microsoft TechNet - Belgium and Luxembourg
Microsoft TechNet - Belgium and Luxembourg

More info on http://www.techdays.be.

Technology
1 of 34
Understanding Windows Crashes Analyzing Windows Crashes Introducing Driver Verifier Performing Manual Analysis Advanced Debugging Techniques
7 years working at Microsoft 3 years at Digital Equipment Corporation Instructor with David Solomon
Why analyze a Windows crash?
The result of an unhandled exception A device driver detects an unrecoverable condition The result of a hardware failure
KeBugCheckEx, the Windows kernel API is called
Disables all interrupts Freezes all CPUs and notifies any registered drivers Writes a crash dump to disk and restarts
Documented in the Windows Driver Kit Reference included with the Debugging Tools Viewable using the kernel debugger
Small memory dump Kernel memory dump Complete memory dump
Use any one of the Microsoft kernel debuggers Configure the debugger to point to symbols Troubleshoot symbol loading errors with !sym noisy
The debugger performs basic crash analysis The result of executing the !analyze command Can be disabled if desired
Demo
Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
Demo
Useful for identifying code defects in drivers Included as part of the operating system Required for Windows logo certification
Configurable using the Driver Verifier tool Contains standard settings for common defects Support for using a command line interface
Demo
!analyze doesn’t always offer results Several useful commands and techniques Additional manual analysis techniques
Demo
Support for attaching a kernel debugger The system must be started in debugging mode Required for debugging initialization failures
Possible for systems to become unresponsive Instant system lockup Slow grinding to a halt
Using a PS/2 keyboard Using a built in NMI button Using the kernel debugger
Demo
Windows Internals, 5th Edition Memory Dump, Software Trace, Debugging, Malware and Intelligence Analysis Portal Advanced Windows Debugging and Troubleshooting
Windows Crash Dump Analysis

Recommended

Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharingJames Hsieh
 
Registry Forensics
Registry ForensicsRegistry Forensics
Registry ForensicsSomesh Sawhney
 
Linux Instrumentation
Linux InstrumentationLinux Instrumentation
Linux InstrumentationDarkStarSword
 
Data recovery
Data recoveryData recovery
Data recoverygupta8741
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Data recovery tools
Data recovery toolsData recovery tools
Data recovery toolsuniversity of Gujrat, pakistan
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
User management
User managementUser management
User managementMufaddal Haidermota
 

Recommended

Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharingJames Hsieh
 
Registry Forensics
Registry ForensicsRegistry Forensics
Registry ForensicsSomesh Sawhney
 
Linux Instrumentation
Linux InstrumentationLinux Instrumentation
Linux InstrumentationDarkStarSword
 
Data recovery
Data recoveryData recovery
Data recoverygupta8741
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Data recovery tools
Data recovery toolsData recovery tools
Data recovery toolsuniversity of Gujrat, pakistan
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
User management
User managementUser management
User managementMufaddal Haidermota
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Hard drive partitions
Hard drive partitionsHard drive partitions
Hard drive partitionsGabriela_Technoteacher
 
Process scheduling linux
Process scheduling linuxProcess scheduling linux
Process scheduling linuxDr. C.V. Suresh Babu
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part IEmertxe Information Technologies Pvt Ltd
 
HDD Partition
HDD PartitionHDD Partition
HDD PartitionAMZAD KHAN
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
DATA RECOVERY TECHNIQUES
DATA RECOVERY TECHNIQUESDATA RECOVERY TECHNIQUES
DATA RECOVERY TECHNIQUESVenkatesh Pensalwar
 
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...Shanmuga KS
 
Part 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingPart 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingTushar B Kute
 
Study on Android Emulator
Study on Android EmulatorStudy on Android Emulator
Study on Android EmulatorSamael Wang
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Linux Performance Tunning Memory
Linux Performance Tunning MemoryLinux Performance Tunning Memory
Linux Performance Tunning MemoryShay Cohen
 
Scheduling in Android
Scheduling in AndroidScheduling in Android
Scheduling in AndroidOpersys inc.
 
Linux file system
Linux file systemLinux file system
Linux file systemBurhan Abbasi
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Utilisation de dkms
Utilisation de dkmsUtilisation de dkms
Utilisation de dkmsThierry Gayet
 
Windows Registry
Windows RegistryWindows Registry
Windows Registryprimeteacher32
 
Introduction to char device driver
Introduction to char device driverIntroduction to char device driver
Introduction to char device driverVandana Salve
 
Android forensics (Manish Chasta)
Android forensics (Manish Chasta)Android forensics (Manish Chasta)
Android forensics (Manish Chasta)ClubHack
 
C++ Production Debugging
C++ Production DebuggingC++ Production Debugging
C++ Production DebuggingSasha Goldshtein
 
VS Debugging Tricks
VS Debugging TricksVS Debugging Tricks
VS Debugging TricksSasha Goldshtein
 

More Related Content

What's hot

Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...Shanmuga KS
 
Part 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingPart 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingTushar B Kute
 
Study on Android Emulator
Study on Android EmulatorStudy on Android Emulator
Study on Android EmulatorSamael Wang
 
Linux Performance Tunning Memory
Linux Performance Tunning MemoryLinux Performance Tunning Memory
Linux Performance Tunning MemoryShay Cohen
 
Scheduling in Android
Scheduling in AndroidScheduling in Android
Scheduling in AndroidOpersys inc.
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Introduction to char device driver
Introduction to char device driverIntroduction to char device driver
Introduction to char device driverVandana Salve
 
Android forensics (Manish Chasta)
Android forensics (Manish Chasta)Android forensics (Manish Chasta)
Android forensics (Manish Chasta)ClubHack
 

What's hot (20)

Memory forensics
Memory forensicsMemory forensics
Memory forensics
 
Hard drive partitions
Hard drive partitionsHard drive partitions
Hard drive partitions
 
Process scheduling linux
Process scheduling linuxProcess scheduling linux
Process scheduling linux
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part I
 
HDD Partition
HDD PartitionHDD Partition
HDD Partition
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101
 
DATA RECOVERY TECHNIQUES
DATA RECOVERY TECHNIQUESDATA RECOVERY TECHNIQUES
DATA RECOVERY TECHNIQUES
 
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
 
Part 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingPart 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module Programming
 
Study on Android Emulator
Study on Android EmulatorStudy on Android Emulator
Study on Android Emulator
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
 
Linux Performance Tunning Memory
Linux Performance Tunning MemoryLinux Performance Tunning Memory
Linux Performance Tunning Memory
 
Scheduling in Android
Scheduling in AndroidScheduling in Android
Scheduling in Android
 
Linux file system
Linux file systemLinux file system
Linux file system
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
Utilisation de dkms
Utilisation de dkmsUtilisation de dkms
Utilisation de dkms
 
Windows Registry
Windows RegistryWindows Registry
Windows Registry
 
Introduction to char device driver
Introduction to char device driverIntroduction to char device driver
Introduction to char device driver
 
Android forensics (Manish Chasta)
Android forensics (Manish Chasta)Android forensics (Manish Chasta)
Android forensics (Manish Chasta)
 

Viewers also liked

Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debuggingchrisortman
 
Who’s afraid of WinDbg
Who’s afraid of WinDbgWho’s afraid of WinDbg
Who’s afraid of WinDbgDror Helper
 
Debugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherDebugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherTamir Dresher
 
Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSSasha Goldshtein
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbgArno Huetter
 
Location Shoot
Location ShootLocation Shoot
Location Shootloousmith
 
02 allocative efficiency
02 allocative efficiency02 allocative efficiency
02 allocative efficiencyTravis Klein
 

Viewers also liked (12)

C++ Production Debugging
C++ Production DebuggingC++ Production Debugging
C++ Production Debugging
 
VS Debugging Tricks
VS Debugging TricksVS Debugging Tricks
VS Debugging Tricks
 
Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debugging
 
Who’s afraid of WinDbg
Who’s afraid of WinDbgWho’s afraid of WinDbg
Who’s afraid of WinDbg
 
Debugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherDebugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir Dresher
 
Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOS
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbg
 
Location Shoot
Location ShootLocation Shoot
Location Shoot
 
Discover Great Reasons to move to ConfigMgr 2012 SP1
Discover Great Reasons to move to ConfigMgr 2012 SP1Discover Great Reasons to move to ConfigMgr 2012 SP1
Discover Great Reasons to move to ConfigMgr 2012 SP1
 
02 allocative efficiency
02 allocative efficiency02 allocative efficiency
02 allocative efficiency
 
Trends 2012
Trends 2012Trends 2012
Trends 2012
 
Carmen y. benavides deber
Carmen y. benavides deberCarmen y. benavides deber
Carmen y. benavides deber
 

Similar to Windows Crash Dump Analysis

Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Camilo Alvarez Rivera
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging TechniquesBala Subra
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and TechniquesBala Subra
 
Build your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed MisbahBuild your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed MisbahSAYYED AHAMMED MISBAH
 
Diagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg DebuggerDiagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg DebuggerDmitry Vostokov
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexityasimkadav
 
Advanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copyAdvanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copyBurlacu Sergiu
 
Process control daemon
Process control daemonProcess control daemon
Process control daemonhaish
 
Compilers and interpreters
Compilers and interpretersCompilers and interpreters
Compilers and interpretersRAJU KATHI
 
Software development windows nutshell
Software development windows nutshellSoftware development windows nutshell
Software development windows nutshellHimanshu Pareek
 
3.1 teams and processes
3.1 teams and processes3.1 teams and processes
3.1 teams and processesSayed Ahmed
 
Big Java Chapter 1
Big Java Chapter 1Big Java Chapter 1
Big Java Chapter 1Maria Joslin
 
Guide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGuide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGene Carboni
 
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11blusmurfydot1
 

Similar to Windows Crash Dump Analysis (20)

Memory Dump
Memory DumpMemory Dump
Memory Dump
 
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
 
Troubleshooting
TroubleshootingTroubleshooting
Troubleshooting
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
 
Windows Debugging and Troubleshooting
Windows Debugging and TroubleshootingWindows Debugging and Troubleshooting
Windows Debugging and Troubleshooting
 
Build your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed MisbahBuild your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed Misbah
 
Diagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg DebuggerDiagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg Debugger
 
CISY 105 Chapter 1
CISY 105 Chapter 1CISY 105 Chapter 1
CISY 105 Chapter 1
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexity
 
Advanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copyAdvanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copy
 
Process control daemon
Process control daemonProcess control daemon
Process control daemon
 
Compilers and interpreters
Compilers and interpretersCompilers and interpreters
Compilers and interpreters
 
Software development windows nutshell
Software development windows nutshellSoftware development windows nutshell
Software development windows nutshell
 
3.1 teams and processes
3.1 teams and processes3.1 teams and processes
3.1 teams and processes
 
Big Java Chapter 1
Big Java Chapter 1Big Java Chapter 1
Big Java Chapter 1
 
Guide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGuide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System Utilities
 
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
 
Spug pt session2 - debuggingl
Spug pt session2 - debugginglSpug pt session2 - debuggingl
Spug pt session2 - debuggingl
 
Chapter1a
Chapter1aChapter1a
Chapter1a
 

More from Microsoft TechNet - Belgium and Luxembourg

More from Microsoft TechNet - Belgium and Luxembourg (20)

Windows 10: all you need to know!
Windows 10: all you need to know!Windows 10: all you need to know!
Windows 10: all you need to know!
 
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de KeukelaereConfiguration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
 
Windows 8.1 a closer look
Windows 8.1 a closer lookWindows 8.1 a closer look
Windows 8.1 a closer look
 
So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
Deploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr ClientsDeploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr Clients
 
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
 
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware UpdatingHands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
 
Jump start your application monitoring with APM
Jump start your application monitoring with APMJump start your application monitoring with APM
Jump start your application monitoring with APM
 
What’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent ChatWhat’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent Chat
 
What's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & DevicesWhat's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & Devices
 
Office 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and managementOffice 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and management
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options
 
SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options
 
The application model in real life
The application model in real lifeThe application model in real life
The application model in real life
 
Microsoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solutionMicrosoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solution
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management
 
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
 

Recently uploaded

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Recently uploaded (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Windows Crash Dump Analysis

  • 1.
  • 2. Understanding Windows Crashes Analyzing Windows Crashes Introducing Driver Verifier Performing Manual Analysis Advanced Debugging Techniques
  • 3. 7 years working at Microsoft 3 years at Digital Equipment Corporation Instructor with David Solomon
  • 5.
  • 6. The result of an unhandled exception A device driver detects an unrecoverable condition The result of a hardware failure
  • 7.
  • 8. KeBugCheckEx, the Windows kernel API is called
  • 9. Disables all interrupts Freezes all CPUs and notifies any registered drivers Writes a crash dump to disk and restarts
  • 10.
  • 11.
  • 12. Documented in the Windows Driver Kit Reference included with the Debugging Tools Viewable using the kernel debugger
  • 13. Small memory dump Kernel memory dump Complete memory dump
  • 14.
  • 15. Use any one of the Microsoft kernel debuggers Configure the debugger to point to symbols Troubleshoot symbol loading errors with !sym noisy
  • 16. The debugger performs basic crash analysis The result of executing the !analyze command Can be disabled if desired
  • 17. Demo
  • 18. Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
  • 19. Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
  • 20. Demo
  • 21.
  • 22. Useful for identifying code defects in drivers Included as part of the operating system Required for Windows logo certification
  • 23. Configurable using the Driver Verifier tool Contains standard settings for common defects Support for using a command line interface
  • 24. Demo
  • 25.
  • 26. !analyze doesn’t always offer results Several useful commands and techniques Additional manual analysis techniques
  • 27. Demo
  • 28.
  • 29. Support for attaching a kernel debugger The system must be started in debugging mode Required for debugging initialization failures
  • 30. Possible for systems to become unresponsive Instant system lockup Slow grinding to a halt
  • 31. Using a PS/2 keyboard Using a built in NMI button Using the kernel debugger
  • 32. Demo
  • 33. Windows Internals, 5th Edition Memory Dump, Software Trace, Debugging, Malware and Intelligence Analysis Portal Advanced Windows Debugging and Troubleshooting