SlideShare a Scribd company logo

Windows guest debugging presentation from KVM Forum 2012

Yan Vugenfirer
Yan Vugenfirer
Yan VugenfirerCEO at Daynix Computing LTD

This presentation will show how to debug Windows virtual machine running on top of open source hypervisor KVM.

Windows guest debugging presentation from KVM Forum 2012

1 of 82
Windows Guest Debugging
Yan Vugenfirer, yan@daynix.com
Daynix Computing LTD
Agenda
Device manager
Logging and DebugView
Introduction to BSOD
Crash dumps
Crash on demand
Driver verifier
WinDbg
Installation and
configuration
Postmortem
debugging
!ndiskd
Configuring guests
Live debugging
Device manager
Device Manager
Run ->
devmgmt.msc
Devices and drivers
management and
installation
Scan for HW
changes
Effective tool to
check resource
allocations of the
devices, drivers
versions and different
drivers settings.
Device Manager - Views
Change the
views of
device
manager
Show non
PNP devices
Device Manager - Views
View ->
Devices by
connection
This view
can be used
to check
buses and
devices
relations
Ad

Recommended

Android Binder IPC for Linux
Android Binder IPC for LinuxAndroid Binder IPC for Linux
Android Binder IPC for LinuxYu-Hsin Hung
 
Introduction to JADE (Java Agent DEvelopment) Framework
Introduction to JADE (Java Agent DEvelopment) FrameworkIntroduction to JADE (Java Agent DEvelopment) Framework
Introduction to JADE (Java Agent DEvelopment) FrameworkAhmed Gad
 
Networking in Docker
Networking in DockerNetworking in Docker
Networking in DockerKnoldus Inc.
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101LorisPack Project
 
Running Kubernetes in Production: A Million Ways to Crash Your Cluster - DevO...
Running Kubernetes in Production: A Million Ways to Crash Your Cluster - DevO...Running Kubernetes in Production: A Million Ways to Crash Your Cluster - DevO...
Running Kubernetes in Production: A Million Ways to Crash Your Cluster - DevO...Henning Jacobs
 

More Related Content

What's hot

[232] 성능어디까지쥐어짜봤니 송태웅
[232] 성능어디까지쥐어짜봤니 송태웅[232] 성능어디까지쥐어짜봤니 송태웅
[232] 성능어디까지쥐어짜봤니 송태웅NAVER D2
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Single Responsibility Principle
Single Responsibility PrincipleSingle Responsibility Principle
Single Responsibility PrincipleEyal Golan
 
Booting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesBooting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesChris Simmonds
 
Android Penetration testing - Day 2
 Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2Mohammed Adam
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depthChris Simmonds
 
Android HAL Introduction: libhardware and its legacy
Android HAL Introduction: libhardware and its legacyAndroid HAL Introduction: libhardware and its legacy
Android HAL Introduction: libhardware and its legacyJollen Chen
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Opersys inc.
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Opersys inc.
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionRobert Reiz
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
From Android NDK To AOSP
From Android NDK To AOSPFrom Android NDK To AOSP
From Android NDK To AOSPMin-Yih Hsu
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealitySally Feller
 

What's hot (20)

[232] 성능어디까지쥐어짜봤니 송태웅
[232] 성능어디까지쥐어짜봤니 송태웅[232] 성능어디까지쥐어짜봤니 송태웅
[232] 성능어디까지쥐어짜봤니 송태웅
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
Single Responsibility Principle
Single Responsibility PrincipleSingle Responsibility Principle
Single Responsibility Principle
 
Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)
 
Booting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesBooting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot images
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Android Penetration testing - Day 2
 Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depth
 
Android HAL Introduction: libhardware and its legacy
Android HAL Introduction: libhardware and its legacyAndroid HAL Introduction: libhardware and its legacy
Android HAL Introduction: libhardware and its legacy
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Embedded Android : System Development - Part I
Embedded Android : System Development - Part IEmbedded Android : System Development - Part I
Embedded Android : System Development - Part I
 
Video Drivers
Video DriversVideo Drivers
Video Drivers
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
From Android NDK To AOSP
From Android NDK To AOSPFrom Android NDK To AOSP
From Android NDK To AOSP
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and Reality
 
Android Things : Building Embedded Devices
Android Things : Building Embedded DevicesAndroid Things : Building Embedded Devices
Android Things : Building Embedded Devices
 
Deep Dive into the AOSP
Deep Dive into the AOSPDeep Dive into the AOSP
Deep Dive into the AOSP
 
Android IPC Mechanism
Android IPC MechanismAndroid IPC Mechanism
Android IPC Mechanism
 

Similar to Windows guest debugging presentation from KVM Forum 2012

VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...
VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...
VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...VMworld
 
Malware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual MachinesMalware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual Machinesintertelinvestigations
 
Windows Attacks AT is the new black
Windows Attacks   AT is the new blackWindows Attacks   AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
Chapter02 Managing Hardware Devices
Chapter02      Managing  Hardware  DevicesChapter02      Managing  Hardware  Devices
Chapter02 Managing Hardware DevicesRaja Waseem Akhtar
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administrationConcentrated Technology
 
Powervc upgrade from_1.3.0.2_to_1.3.2.0
Powervc upgrade from_1.3.0.2_to_1.3.2.0Powervc upgrade from_1.3.0.2_to_1.3.2.0
Powervc upgrade from_1.3.0.2_to_1.3.2.0Gobinath Panchavarnam
 
System Client Details
System Client DetailsSystem Client Details
System Client DetailsSyAM Software
 
My old security advisories on HMI/SCADA and industrial software released betw...
My old security advisories on HMI/SCADA and industrial software released betw...My old security advisories on HMI/SCADA and industrial software released betw...
My old security advisories on HMI/SCADA and industrial software released betw...Luigi Auriemma
 
[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程
[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程
[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程Jimmy Chang
 
Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Louis Göhl
 
Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)
Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)
Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)Dina Goldshtein
 
Windows Server Core
Windows Server CoreWindows Server Core
Windows Server CoreMark Wilson
 
TechMentor 2012: Deploying Windows Server 2012 Server Core
TechMentor 2012: Deploying Windows Server 2012 Server CoreTechMentor 2012: Deploying Windows Server 2012 Server Core
TechMentor 2012: Deploying Windows Server 2012 Server CoreHarold Wong
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3David Pasek
 
Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3ManageEngine, Zoho Corporation
 

Similar to Windows guest debugging presentation from KVM Forum 2012 (20)

VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...
VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...
VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...
 
WinCE
WinCEWinCE
WinCE
 
Malware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual MachinesMalware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual Machines
 
Windows Attacks AT is the new black
Windows Attacks   AT is the new blackWindows Attacks   AT is the new black
Windows Attacks AT is the new black
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
 
Chapter02 Managing Hardware Devices
Chapter02      Managing  Hardware  DevicesChapter02      Managing  Hardware  Devices
Chapter02 Managing Hardware Devices
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administration
 
Powervc upgrade from_1.3.0.2_to_1.3.2.0
Powervc upgrade from_1.3.0.2_to_1.3.2.0Powervc upgrade from_1.3.0.2_to_1.3.2.0
Powervc upgrade from_1.3.0.2_to_1.3.2.0
 
System Client Details
System Client DetailsSystem Client Details
System Client Details
 
My old security advisories on HMI/SCADA and industrial software released betw...
My old security advisories on HMI/SCADA and industrial software released betw...My old security advisories on HMI/SCADA and industrial software released betw...
My old security advisories on HMI/SCADA and industrial software released betw...
 
[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程
[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程
[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程
 
Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]
 
Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)
Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)
Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)
 
Windows Server Core
Windows Server CoreWindows Server Core
Windows Server Core
 
Blackfin Device Drivers
Blackfin Device DriversBlackfin Device Drivers
Blackfin Device Drivers
 
Load Runner
Load RunnerLoad Runner
Load Runner
 
TechMentor 2012: Deploying Windows Server 2012 Server Core
TechMentor 2012: Deploying Windows Server 2012 Server CoreTechMentor 2012: Deploying Windows Server 2012 Server Core
TechMentor 2012: Deploying Windows Server 2012 Server Core
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3
 
Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3
 
Vcp6.7 episode 1
Vcp6.7 episode 1Vcp6.7 episode 1
Vcp6.7 episode 1
 

More from Yan Vugenfirer

HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...Yan Vugenfirer
 
Receive side scaling (RSS) with eBPF in QEMU and virtio-net
Receive side scaling (RSS) with eBPF in QEMU and virtio-netReceive side scaling (RSS) with eBPF in QEMU and virtio-net
Receive side scaling (RSS) with eBPF in QEMU and virtio-netYan Vugenfirer
 
Implementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationImplementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationYan Vugenfirer
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototypingYan Vugenfirer
 
Windows network teaming
Windows network teamingWindows network teaming
Windows network teamingYan Vugenfirer
 
Rebuild presentation - IoT Israel MeetUp
Rebuild presentation - IoT Israel MeetUpRebuild presentation - IoT Israel MeetUp
Rebuild presentation - IoT Israel MeetUpYan Vugenfirer
 
Rebuild presentation during Docker's Birthday party
Rebuild presentation during Docker's Birthday partyRebuild presentation during Docker's Birthday party
Rebuild presentation during Docker's Birthday partyYan Vugenfirer
 
Contributing to open source using Git
Contributing to open source using GitContributing to open source using Git
Contributing to open source using GitYan Vugenfirer
 
Microsoft Hardware Certification Kit (HCK) setup
Microsoft Hardware Certification Kit (HCK) setupMicrosoft Hardware Certification Kit (HCK) setup
Microsoft Hardware Certification Kit (HCK) setupYan Vugenfirer
 
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...Yan Vugenfirer
 
Advanced NDISTest options
Advanced NDISTest optionsAdvanced NDISTest options
Advanced NDISTest optionsYan Vugenfirer
 
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...Yan Vugenfirer
 

More from Yan Vugenfirer (14)

HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
 
Receive side scaling (RSS) with eBPF in QEMU and virtio-net
Receive side scaling (RSS) with eBPF in QEMU and virtio-netReceive side scaling (RSS) with eBPF in QEMU and virtio-net
Receive side scaling (RSS) with eBPF in QEMU and virtio-net
 
Implementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationImplementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migration
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototyping
 
Windows network teaming
Windows network teamingWindows network teaming
Windows network teaming
 
Rebuild presentation - IoT Israel MeetUp
Rebuild presentation - IoT Israel MeetUpRebuild presentation - IoT Israel MeetUp
Rebuild presentation - IoT Israel MeetUp
 
Rebuild presentation during Docker's Birthday party
Rebuild presentation during Docker's Birthday partyRebuild presentation during Docker's Birthday party
Rebuild presentation during Docker's Birthday party
 
Contributing to open source using Git
Contributing to open source using GitContributing to open source using Git
Contributing to open source using Git
 
Introduction to Git
Introduction to GitIntroduction to Git
Introduction to Git
 
Microsoft Hardware Certification Kit (HCK) setup
Microsoft Hardware Certification Kit (HCK) setupMicrosoft Hardware Certification Kit (HCK) setup
Microsoft Hardware Certification Kit (HCK) setup
 
UsbDk at a Glance 
UsbDk at a Glance UsbDk at a Glance 
UsbDk at a Glance 
 
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
 
Advanced NDISTest options
Advanced NDISTest optionsAdvanced NDISTest options
Advanced NDISTest options
 
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
 

Recently uploaded

Enhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersEnhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersThousandEyes
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaISPMAIndia
 
Q1 Memory Fabric Forum: Memory Processor Interface 2023, Focus on CXL
Q1 Memory Fabric Forum: Memory Processor Interface 2023, Focus on CXLQ1 Memory Fabric Forum: Memory Processor Interface 2023, Focus on CXL
Q1 Memory Fabric Forum: Memory Processor Interface 2023, Focus on CXLMemory Fabric Forum
 
OTel Orientation_ How to Train Teams (OTel in Practice).pdf
OTel Orientation_ How to Train Teams (OTel in Practice).pdfOTel Orientation_ How to Train Teams (OTel in Practice).pdf
OTel Orientation_ How to Train Teams (OTel in Practice).pdfPaige Cruz
 
Q1 Memory Fabric Forum: XConn CXL Switches for AI
Q1 Memory Fabric Forum: XConn CXL Switches for AIQ1 Memory Fabric Forum: XConn CXL Switches for AI
Q1 Memory Fabric Forum: XConn CXL Switches for AIMemory Fabric Forum
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolProduct School
 
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxVotarikari Shravan
 
Artificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdfArtificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdfIsidro Navarro
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfSafe Software
 
Zi-Stick UBS Dongle ZIgbee from Aeotec manual
Zi-Stick UBS Dongle ZIgbee from  Aeotec manualZi-Stick UBS Dongle ZIgbee from  Aeotec manual
Zi-Stick UBS Dongle ZIgbee from Aeotec manualDomotica daVinci
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringMassimo Talia
 
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...ISPMAIndia
 
Breaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologyBreaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologySafe Software
 
Curtain Module Manual Zigbee Neo CS01-1C.pdf
Curtain Module Manual Zigbee Neo CS01-1C.pdfCurtain Module Manual Zigbee Neo CS01-1C.pdf
Curtain Module Manual Zigbee Neo CS01-1C.pdfDomotica daVinci
 
Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)
Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)
Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)Memory Fabric Forum
 
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre..."Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...shaiyuvasv
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stackSummit
 
Q1 Memory Fabric Forum: SMART CXL Product Lineup
Q1 Memory Fabric Forum: SMART CXL Product LineupQ1 Memory Fabric Forum: SMART CXL Product Lineup
Q1 Memory Fabric Forum: SMART CXL Product LineupMemory Fabric Forum
 

Recently uploaded (20)

Enhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersEnhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for Partners
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
 
Q1 Memory Fabric Forum: Memory Processor Interface 2023, Focus on CXL
Q1 Memory Fabric Forum: Memory Processor Interface 2023, Focus on CXLQ1 Memory Fabric Forum: Memory Processor Interface 2023, Focus on CXL
Q1 Memory Fabric Forum: Memory Processor Interface 2023, Focus on CXL
 
OTel Orientation_ How to Train Teams (OTel in Practice).pdf
OTel Orientation_ How to Train Teams (OTel in Practice).pdfOTel Orientation_ How to Train Teams (OTel in Practice).pdf
OTel Orientation_ How to Train Teams (OTel in Practice).pdf
 
Q1 Memory Fabric Forum: XConn CXL Switches for AI
Q1 Memory Fabric Forum: XConn CXL Switches for AIQ1 Memory Fabric Forum: XConn CXL Switches for AI
Q1 Memory Fabric Forum: XConn CXL Switches for AI
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product School
 
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
 
Artificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdfArtificial-Intelligence-in-Marketing-Data.pdf
Artificial-Intelligence-in-Marketing-Data.pdf
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
 
Zi-Stick UBS Dongle ZIgbee from Aeotec manual
Zi-Stick UBS Dongle ZIgbee from  Aeotec manualZi-Stick UBS Dongle ZIgbee from  Aeotec manual
Zi-Stick UBS Dongle ZIgbee from Aeotec manual
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
5 Tech Trend to Notice in ESG Landscape- 47Billion
5 Tech Trend to Notice in ESG Landscape- 47Billion5 Tech Trend to Notice in ESG Landscape- 47Billion
5 Tech Trend to Notice in ESG Landscape- 47Billion
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineering
 
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
 
Breaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologyBreaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI Technology
 
Curtain Module Manual Zigbee Neo CS01-1C.pdf
Curtain Module Manual Zigbee Neo CS01-1C.pdfCurtain Module Manual Zigbee Neo CS01-1C.pdf
Curtain Module Manual Zigbee Neo CS01-1C.pdf
 
Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)
Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)
Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)
 
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre..."Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stack
 
Q1 Memory Fabric Forum: SMART CXL Product Lineup
Q1 Memory Fabric Forum: SMART CXL Product LineupQ1 Memory Fabric Forum: SMART CXL Product Lineup
Q1 Memory Fabric Forum: SMART CXL Product Lineup
 

Windows guest debugging presentation from KVM Forum 2012

  • 1. Windows Guest Debugging Yan Vugenfirer, yan@daynix.com Daynix Computing LTD
  • 2. Agenda Device manager Logging and DebugView Introduction to BSOD Crash dumps Crash on demand Driver verifier WinDbg Installation and configuration Postmortem debugging !ndiskd Configuring guests Live debugging
  • 4. Device Manager Run -> devmgmt.msc Devices and drivers management and installation Scan for HW changes Effective tool to check resource allocations of the devices, drivers versions and different drivers settings.
  • 5. Device Manager - Views Change the views of device manager Show non PNP devices
  • 6. Device Manager - Views View -> Devices by connection This view can be used to check buses and devices relations
  • 7. Device Manager - Views View -> Resources by type Effective to check IRQ sharing On OSes below Vista virtio devices will use legacy PCI interrupts Virtio-serial and ballon use legacy interrupts also on newer OSes.
  • 8. Device Manager - Views View -> Resources by connection IO and memory address space with relations between buses and the devices
  • 9. Device Manager - Show non- present devices Show devices drivers that are installed but the device is curently not present in the system Very useful for removing crashing drivers from the system From command line: SET devmgr_show_nonpresent_devices=1 START devmgmt.msc
  • 10. Device manager - properties Double click on the device Click on “General” tab You can view device location on the bus If the driver is not started you can see the reason in status text-box. For example - no digital signature on x64 OS from Vista and up
  • 11. Installing self signed drivers Drivers need to be at least self signed starting from Vista x64 bit To enable test signing: Bcdedit.exe –set TESTSIGNING ON Disable test signing Bcdedit.exe –set TESTSIGNING OFF Install test certificate on the guest Reboot needed after enabling and disabling test siging commands More information on test signing: http://msdn.microsoft.com/en-us/library/bb530195.aspx
  • 12. Device Manager - resources Double click on the device Click on “Resources” tab Shows device resources (IRQs, IO and memory ranges)
  • 13. Device manager - driver tab Double click on the device Click on “Driver” tab Get driver version View the driver binaries View the versions of driver binaires
  • 14. Device manager - details Double click on the device Click on “Details” tab A lot of additional details like: PNP ID of the device, PM policy, location of different device keys in registry and etc
  • 15. VirtIO - NetKVM parameters Advanced tab in device manager Change logging levels Enable packet statistics printout Other parameters starting with “TestOnly” prefix Full list: http://www.linux-kvm.org/ page/ Internals_of_NDIS_driver_for_VirtIO _based_network_adapter#List_of_ configurable_parameters
  • 16. NetKVM - log levels 0 - Basic configuration and unload trace. Critical errors. 1 - Warnings, corner cases 2 - Network packet trace 3 - More verbose trace of packets 4 - Virtio library, DPC 5 - ISR trace 6 - Registers readwrite.
  • 17. NetKVM parameters from command line Part of WHQL requirements to supply command line utility for drivers that expose parameters through “advanced” tab readme.doc - supplied with driver package explains the usage. Integrated with “netsh” Windows networking tool To register (before the first use): rundll32 netkvmco.dll,RegisterNetKVMNetShHelper Unregistration (removal) rundll32 netkvmco.dll,UnregisterNetKVMNetShHelper
  • 18. NetKVM parameters from command line Description Command line Output List devices netsh netkvm show devices Names and index for each device Restart device netsh netkvm restart [idx] Should be done after parameters are changed Show parameters netsh netkvm show parameters [idx] List the names of the parameters Show detailed information about parameter netsh netkvm show paraminfo [idx] [param] Current value of the parameter Change parameter value netsh netkvm setparam [idx] [param] [value]
  • 19. Debug view and tracing
  • 20. DebugView Shows debug space of Windows (kind of dmesg). Can extract debug trace from crash dump if it was running before the crash Can log debug trace during boot. Download from - http://technet.microsoft.com/en-us/ sysinternals/bb896647.aspx
  • 21. DebugView - enable output to debug space To enable debug space outputs from Vista and up: Through registry (using regedit): Add “Default” value of the type DWORD equal to 0xFFFFFFFF under “HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ControlSession ManagerDebug Print Filter” Reboot During live debugging ed nt!Kd_DEFAULT_MASK 0xFFFFFFFF
  • 22. Debug view - capture kernel Capturing kernel output disabled by default To enable: Capture -> Capture Kernel
  • 23. Debug view - log boot Run DebugView Enable boot logging Run DebugView after reboot to collect the logs
  • 24. Debug view - crash dump Run DebugView before crash dump creation After crash and reboot - point DebugView to crash location for processing
  • 25. Virtio debugging with serial port Uncomment “ENABLE_COM_DEBUG=1” in SOURCES file. Comment out “ENABLE_PRINT_DEBUG” Rebuild the driver On the host side -serial tcp::<port>,server,nowait nc localhost <port>
  • 27. Bug check System crash called “Bug check” Blue screen Crash dump will be saved Ability to debug the bug check if debugger is connected
  • 28. Blue screen inside Bug check code Bug check parameters - specific to each bug check Additional information - can be located also below bug check code and parameters Crash dump saving counter
  • 29. Common bug checks Bug Check 0xA: IRQL_NOT_LESS_OR_EQUAL Bug Check 0x8E: KERNEL_MODE_EXCEPTION_NOT_HANDLED Bug Check 0xD1: DRIVER_IRQL_NOT_LESS_OR_EQUAL Bug Check 0x9F: DRIVER_POWER_STATE_FAILURE Bug Check 0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION Bug check codes reference: http://msdn.microsoft.com/en-us/ library/hh994433(v=vs.85).aspx
  • 31. Crash dump creation During blue screen Windows will save crash dump Minidumps are not always useful Also - remove the option to reboot on crash Right click on “My computer” -> “Properties”->”Advanced system settings”->”Startup and Recovery” -> “Settings” Chose “Kernel memory dump” Remove “Automatically restart” The windows on different OSes can be different but the menu names are the same
  • 33. Crash dump locations After the crash search in: %windir%memory.dmp %windir%MinidumpMinidump<timestamp>.dmp When you have Windows error message after reboot - do not close it. Check minidump path and copy it.
  • 34. Crash dumps From Windows 7 and up - OS will auto-delete large crash dumps To keep crash dumps: Key: HKLMSystemCurrentControlSetControl CrashControl Value: “AlwaysKeepMemoryDump”:DWORD set to 1
  • 35. Crash dumps on demand Crash Windows on demand to examine driver status Configure through registry: Key: HKEY_LOCAL_MACHINESystem CurrentControlSetServicesi8042prtParameters, Value: CrashOnCtrlScroll, equal to a REG_DWORD value of 0x01 Key: HKEY_LOCAL_MACHINESystem CurrentControlSetServiceskbdhidParameters, value: CrashOnCtrlScroll, equal to a REG_DWORD value of 0x01
  • 36. Crash dumps on demand Press Ctrl+ScrollLock+ScrollLock You will get MANUALLY_INITIATED_CRASH (0x000000E2) bug check. Read more (also how to redefine the shortcuts): http:// msdn.microsoft.com/en-us/library/ff545499.aspx
  • 37. Crash dumps on demand (2) Issue NMI from QEMU monitor Setup guest: HKLM/System/CurrentControlSet/Control/CrashControl, DWORD value NMICrashDump 1 Restart Enter QEMU monitor (Alt+Ctrl+2, to go back Alt+Ctrl+1) Issue “NMI” command
  • 39. Driver verifier Built-in into OS (substitutes OS functions with own layer). To activate run “verifier.exe” from command line Need a reboot after the settings are changed Effective in finding deadlocks, memory leaks, memory corruptions and incorrect parameters to OS functions.
  • 40. Driver verifier - activation Run from command line: verifier.exe Select “Create custom settings”
  • 41. Driver verifier - activation
  • 42. Driver verifier - activation Change selection to “Select driver names from a list”
  • 43. Driver verifier - activation Select loaded driver from the list Or select driver from its location on files system After clicking finish - reboot is needed to activate the settings.
  • 44. Driver verifier - bug checks 0x000000C4 Some can be ignored if debugger is connected Provide additional information for debugging
  • 45. Driver verifier - current settings Run verifier.exe Click on “Display existing settings” radio button Click on “Next” button
  • 46. Driver verifier - current settings
  • 47. Driver verifier - removal Don’t forget to reboot
  • 49. WinDbg We can examine crash dumps with WinDbg Remote live kernel debugging Limited live kernel debugging using one guest only User mode debugging including remote debugging
  • 50. Installation Install as part of the WDK http://msdn.microsoft.com/en-US/windows/ hardware/hh852362 Install as part of the SDK http://msdn.microsoft.com/en-US/windows/ hardware/hh852363 Download symbols for different Windows OSes http://msdn.microsoft.com/en-us/windows/ hardware/gg463028
  • 51. Symbols configuration View OS functions and variable names Set Microsoft symbol server and local paths Set environment variable: “_NT_SYMBOL_PATH” Sample symbol path: C:symbolslocal;SRV*C: symbolswebsymbols*http:// msdl.microsoft.com/ download/symbols
  • 52. Symbol configuration Another way to set the symbols path is through WinDbg menu File ->”Symbol File Path...” You can instruct WinDbg to reload the symbols Also using windbg command: .reload
  • 53. Post mortem debugging Run WinDbg.exe Load dump file through: File -> “Open Crash Dump...” Might be slow first time
  • 54. Loading crash dump Information about loaded symbols OS information Hint to use “!analyze -v” Bug check code and parameters
  • 55. Magic wand - !analyze -v
  • 56. !analyze -v First command that you should run (or click) Bug check and its parameters explanation Hints for the next steps and how those parameters can be used for further debugging Module name that probably caused the crash Stack trace
  • 57. WinDbg - help Help -> Contents Switch to “Index” tab for specific command help
  • 59. WinDbg - Views View To display window From command line Memory Alt+5 d <address> Call stack Alt+6 kb Disassembly Alt+7 u <address> Registers Alt+4 r Watch Alt+2
  • 60. WinDbg - View memory Menu: View -> Memory Command (different variation of “d”): db <address>
  • 62. WinDbg - View disassembly
  • 63. Windbg - Reference symbols <modulename>!<symbol_name> Example: netkvm!DriverEntry
  • 65. Useful command Command Description !scsikd Scsi related commands. Use !scsikd.help to find more .reload Reload symbols lm List loaded modules ~<cpu number> Switch between CPUs. For example ~0 !irpfind Search for IO request packets !irp Display information regarding specific IRP .reboot Restart remote during live debugging
  • 66. !ndiskd - NDIS debug extensions !ndiskd.ndis Show ndis.sys build information !ndiskd.help Show help !ndiskd.miniports Show NDIS miniports !ndiskd.miniport <addr> Show info about specific mimiport !ndiskd.nbl Show NET_BUFFER_LIST info !ndiskd.oid Show pending OID requests
  • 69. From !ndiskd to NetKVM
  • 70. Configuring live debugging Host side Run debugget host VM with : “-serial tcp::<port_number>,server,nowait” For example: “-serial tcp::4445,server,nowait” Run target VM with: “-serial tcp: 127.0.0.1:<port_number>”
  • 71. Configuring live debugging (2) Host side (new format) Run debugget host VM with : “-chardev socket,id=serial0,path=/tmp/debug- serial0,server,nowait -device isa- serial,chardev=serial0,id=serial0 ” Run target VM with: “-chardev socket,id=serial0,path=/tmp/debug-serial0 - device isa-serial,chardev=serial0,id=serial0”
  • 72. Configuring live debugging Guest side - Windows XP and Windows 2003 Edit c:boot.ini Duplicate the default boot line and add: “/debug /debugport=COM1 /baudrate=115200” Reboot
  • 73. Configuring live debugging Guest side - Vista and up Use bcdedit.exe bcdedit /dbgsettings SERIAL DEBUGPORT:1 BAUDRATE:115200 bcdedit /debug ON Reboot Read more: http://www.linux-kvm.org/page/ WindowsGuestDrivers/GuestDebugging
  • 74. WinDbg - Connecting to target VM File -> Kernel Debug... Select previously specified serial port and baud rate
  • 75. WinDbg - Breaking into target VM Ctrl+C Ctrl+Break Press pause button in the toolbar
  • 76. WinDbg - break points Command Description bl List breakpoints bp Set breakpoint bu Unresolved breakpoints (will persist between module reloads) ba Breakpoint on access bc Clear breakpoint Read more: http://msdn.microsoft.com/en-us/library/ windows/hardware/ff552204(v=vs.85).aspx
  • 77. WinDbg - stepping through the code Command Description g Start executing the given process or thread t Trace - executes single instruction or source line p Step - executes single instruction or source line. Subroutines are treated as single step. Check different variation and parameters of the above commands
  • 78. Saving the dump file Sometimes the system doesn’t save dump file. What to do? Connect WinDbg Use “.dump /f <local_file_name>” to save dump file Wait for it. It will take a long time
  • 79. Live debugging on same VM File -> Kernel Debug...
  • 80. More links More on debugging - http://msdn.microsoft.com/en-us/library/windows/hardware/ hh406283(v=vs.85).aspx Use the Microsoft Symbol Server to obtain debug symbol files - http:// support.microsoft.com/kb/311503 Setting break points with WinDbg - http://msdn.microsoft.com/en-us/library/windows/ hardware/ff552204(v=vs.85).aspx Working with source files - http://msdn.microsoft.com/en-us/library/windows/hardware/ ff556911(v=vs.85).aspx Live kernel debugging - http://msdn.microsoft.com/en-us/library/windows/hardware/ hh451166(v=vs.85).aspx Debugging techniques - http://msdn.microsoft.com/en-us/library/windows/hardware/ ff541398(v=vs.85).aspx Enabling NDIS debug tracing - http://msdn.microsoft.com/en-us/library/windows/ hardware/ff542961%28v=vs.85%29.aspx
  • 81. More tools and links regedit.exe (just in case) Sysinternls tools (home of DbgView) - http:// technet.microsoft.com/en-US/sysinternals Wireshark - http://www.wireshark.org/download.html Extra debugging tools - http://msdn.microsoft.com/en- us/library/windows/hardware/ff543998(v=vs.85).aspx
  • 82. Q&A