This document provides an overview of debugging techniques for x64 and x86 architectures, including key differences and commands. It discusses debugging tools in Windows Vista and Windows Server, architectural changes, and answers the top 10 questions on debugging topics such as breakpoints, scripts, pseudo registers, and more. Recommended resources and related training sessions are also provided.
Introduction in Security given by Bart Van Bos at Nalys.
Topics:
- Buffer overflows in C
- Counter measures
- Life demo of 2 attacks
- Shellcode generation
Introduction in Security given by Bart Van Bos at Nalys.
Topics:
- Buffer overflows in C
- Counter measures
- Life demo of 2 attacks
- Shellcode generation
Experiences from debugging ZFS in production in Illumos and Linux from Delphix. Introduction of the SDB debugger and how it can be used to debug ZFS on Linux.
This Operating System lab manual is designed strictly according to BPUT Syllabus.Any suggestions or comments are well come at neelamani.samal@gmail.com
Kernel Recipes 2019 - Formal modeling made easyAnne Nicolas
Modeling parts of Linux has become a recurring topic. For instance, the memory model, the model for PREEMPT_RT synchronization, and so on. But the term "formal model" causes panic for most of the developers. Mainly because of the complex notations and reasoning that involves formal languages. It seems to be a very theoretical thing, far from our day-by-day reality.
Believe me. Modeling can be more practical than you might guess!
This talk will discuss the challenges and benefits of modeling, based on the experience of developing the PREEMPT_RT model. It will present a methodology for modeling the Linux behavior as Finite-State Machines (automata), using terms that are very known by kernel developers: tracing events! With the particular focus on how to use models for the formal verification of Linux kernel, at runtime, with low overhead, and in many cases, without even modifying Linux kernel!
Daniel Bristot de Oliveira
Learn about Linux on System z debugging with Valgrind, one of the most prominent debugging tools for Linux.For more information, visit http://ibm.co/PNo9Cb.
Slides for my talk at SkyCon'12 in Limerick.
Here I've squeezed four talks into one, covering a lot of ground quickly, so I've included links to more detailed presentations and other resources.
Experiences from debugging ZFS in production in Illumos and Linux from Delphix. Introduction of the SDB debugger and how it can be used to debug ZFS on Linux.
This Operating System lab manual is designed strictly according to BPUT Syllabus.Any suggestions or comments are well come at neelamani.samal@gmail.com
Kernel Recipes 2019 - Formal modeling made easyAnne Nicolas
Modeling parts of Linux has become a recurring topic. For instance, the memory model, the model for PREEMPT_RT synchronization, and so on. But the term "formal model" causes panic for most of the developers. Mainly because of the complex notations and reasoning that involves formal languages. It seems to be a very theoretical thing, far from our day-by-day reality.
Believe me. Modeling can be more practical than you might guess!
This talk will discuss the challenges and benefits of modeling, based on the experience of developing the PREEMPT_RT model. It will present a methodology for modeling the Linux behavior as Finite-State Machines (automata), using terms that are very known by kernel developers: tracing events! With the particular focus on how to use models for the formal verification of Linux kernel, at runtime, with low overhead, and in many cases, without even modifying Linux kernel!
Daniel Bristot de Oliveira
Learn about Linux on System z debugging with Valgrind, one of the most prominent debugging tools for Linux.For more information, visit http://ibm.co/PNo9Cb.
Slides for my talk at SkyCon'12 in Limerick.
Here I've squeezed four talks into one, covering a lot of ground quickly, so I've included links to more detailed presentations and other resources.
Search for Vulnerabilities Using Static Code AnalysisAndrey Karpov
Vulnerabilities are the same things as common errors. Why do we distinguish them? Do this, if you want to earn more money. CWE - Common Weakness Enumeration. CVE - Common Vulnerabilities and Exposures. Now using Valgrind you're searching not for a memory leak, but for a denial of service.
Slides for JavaOne 2015 talk by Brendan Gregg, Netflix (video/audio, of some sort, hopefully pending: follow @brendangregg on twitter for updates). Description: "At Netflix we dreamed of one visualization to show all CPU consumers: Java methods, GC, JVM internals, system libraries, and the kernel. With the help of Oracle this is now possible on x86 systems using system profilers (eg, Linux perf_events) and the new JDK option -XX:+PreserveFramePointer. This lets us create Java mixed-mode CPU flame graphs, exposing all CPU consumers. We can also use system profilers to analyze memory page faults, TCP events, storage I/O, and scheduler events, also with Java method context. This talk describes the background for this work, instructions generating Java mixed-mode flame graphs, and examples from our use at Netflix where Java on x86 is the primary platform for the Netflix cloud."
The Java Memory Model describes how threads in the Java programming language interact through memory. Together with the description of single-threaded execution of code, the memory model provides the semantics of the Java programming language.
It is crucial for a programmer to know how, according to Java Language Specification, write correctly synchronized, race free programs.
Review unknown code with static analysis - bredaphpDamien Seguy
Code quality is not just for christmas, it is a daily part of the job. So, what do you do when you're handed with a five feet long pole a million lines of code that must be vetted ? You call static analysis to the rescue. During one hour, we'll be reviewing totally unknown code code : no name, no usage, not a clue. We'll apply a wide range of tools, reaching for anything that helps us understand the code and form an opinion on it. Can we break this mystery and learn how everyone else is looking at our code ?
Smash the Stack: Writing a Buffer Overflow Exploit (Win32)Elvin Gentiles
Slides from my ROOTCON12 training. This material contains an introduction to stack-based buffer overflow. This is also helpful for those who are doing OSCP and wanted to learn exploit development.
Debugging Tools & Techniques for Persistent Memory ProgrammingIntel® Software
Learn about pmempool, a Persistent Memory Development Kit tool that helps you prevent, diagnose, and recover from data corruption. The session also covers other debugging tools for persistent memory programming.
Session - Debugging memory stomps and other atrocities - Stefan Reinalter - T...Expert Insight
Stefan has spent many nights debugging hard-to-find bugs. Memory overwrites leading to random crashes, well-hidden stack overflows and other atrocities that will eventually give each programmer nightmares. In this talk, Stefan shares tips and tricks how to identify the root cause of such problems and how to debug them with little or no help from a debugger. He will also go into detail about which memory management techniques can be applied in order to prevent some of those bugs in the first place.
Readers will learn techniques that help with finding and identifying problems that are due to the low-level access granted by C++ and the sometimes careless use of pointers. The presented techniques are applicable to the PC as well as console platforms.
Serverless architectures: APIs, Serverless Functions, Microservices - How to ...Bala Subra
Do you have the next best idea? How will you quickly migrate a legacy feature to new world for almost free? This talk will give you how to architect and implement your scenario for a cloud-oriented solution. We will share the best practices for storing your state in database; ways to decouple by events and suggested patterns for serverless. You will be equipped with taking advantage of low-cost serverless computing in a secure way and how to minimize operational costs. It will mostly focus AWS offerings like Serverless Aurora, API Gateway and Lambda functions for solutions blueprint
How do you improve the Config Model? Where to use Windows Server AppFabric? How to provide a RoutingService in the Framework? How to enable dynamic apps with Discovery?
How to find out production issues? Where to look for errors when application crashes in live environment? How to Visual Studio 2010 for replicating post mortem scenarios in difficult to reproduce errors? Using Source server, PDB symbols in old fashioned way for new age WCF services.
Basics & Intro to SQL Server Reporting Services: Sql Server Ssrs 2008 R2Bala Subra
How to use SQL Server 2008 R2 reporting services instead of ASP.NET for every data presentation problems? Where SSRS is superior to raw SQL? How it helps QA to automate their test cases?
Denny Lee\'s Data Camp v1.0 talk on SSRS Best Practices for ITBala Subra
Building and Deploying Large Scale SQL Server Reporting Services Environments Technical Note:
* Report Catalog sizing
* The benefits of File System snapshots for SSRS 2005
* Why File System snapshots may not help for SSRS 2008
* Using Cache Execution
* Load Balancing your Network
* Isolate your workloads
* Report Data Performance Considerations
BizTalk 2010 with Appfabric Hosting in the Cloud: WCF Services vs BT2010Bala Subra
How do you decide which Appfabric offering to use? When to prefer WCF services vs BizTalk solution? How to get the best performance with horizontal scaling in SOA?
How to ace your .NET technical interview :: .Net Technical Check TuneupBala Subra
This session is just not a brain dump of a technical interview on Microsoft technologies. It will be refresher on various pieces of the .NET, Database, OO, Process world. It will serve as a caution for interviewers to red flag their questions which are circulated on the webdom. For all the inquisitive and MCP certified brains, this will serve as a ‘whodunnit’ challenge. It will be a useful reference for the rest of us. The talk is divided into four sections. We will cover the typical BrainBench type questions to start with. Then we will attack the common problems encountered on the field and ideal solution paths to each of them. Third part will be about architectural trade-offs and ‘it depends’ scenarios. Finally, there will be discussion on best practices, books needed for interview preparation and open Q&A among the participants.
This session is for you if you want to learn tips and techniques that are used to optimize database development with special emphasis on SQL Server 2005. If you write lot of stored procedures and want to learn the tools of a DBA, this is the session for you. If you are new to SQL Server development environment, you will learn how the various constructs compare to each other and better performance can be produced every time with a brief introduction to understanding Execution Plans.
Generate reports with SSRS - SQL Server Reporting Services: This session will be a cornucopia of three sub-sessions. The first part will be to convince the skeptics. Why does every organization should consider SQL Server Reporting as part of its front-end solution? What will SSRS do better than a typical web application/site or a client-server application? The second portion will be a quick demo of the possibility and will be the shortest. The final part will talk about the best practices, tips from the field and will cover the implementation techniques.
2. Debug 01100101 (Debug 101)
x64 versus x86 Differences
Essential Command Reference
Windows Vista and
Windows Server code name “Longhorn”
Architectural Changes
Debugging Techniques
Top 10 Questions
3. What is a debugger
State
Debugger view
Breakpoints and scripts
10. Useful Pseudo Registers
$teb,$peb,$p,$ea,$proc,$thread,$tid,$tpid,
$mod,$base,$addr,$imagename
$ea2 – for instructions that have 2
effective addresses
$callret
$dbgtime – debugger’s current time
$scopeip – returns the instruction pointer
for the currently set scope
$bp – last hit break point
11. $bphit – user ID of breakpoint just hit
$frame – current frame number
$! – prefixing a symbol with $! will cause
only the current scope to be searched
$exentry – address of the entry point for
the first executable of the current process
$t0 - $t9 – actual pseudo registers used
for temporary values
12. $ip – The current instruction pointer
$eventip - The IP at the time of the current event.
This can be different from $ip if you switch
threads or manually change the IP register
$previp - The $eventip value from the last event.
The last event for a user means the last prompt.
If there wasn't a last event it'll be an error
$relip - Any related IP value for the current event.
When you are branch tracing it'll be the branch
source, otherwise it'll be an error.
$retreg = eax (x86) , ret0 (ia64),rax (x64)
$CurrentDumpPath
16. Useful Breakpoints
Self clearing call returning –
bp func "bp /1 @$ra "r$retreg";g“
Set a bp on a yet to be defined module –
bu /1 wmain "ba w4 g_Var "j (
@@(g_Var==%1) ) '.echo broken
because g_Var is %1'; 'gc' ";g“
bu notepad!winmain ".printf
"notepad!winmain entered with hInstance
= %pn", poi(hInstance);g"
17. Script Examples
Search for kernel trap frames.
Demonstrates arbitrary processing
on each hit
.foreach ($addr { s-[1]d 80000000 l?7fffffff
23 23 }) { ? $addr ; .trap $addr - 0n52 ; kv
}!vm
18. Script Examples continued
Display full callstack for all threads
r? $t0 = &nt!PsActiveProcessHead
.for (r $t1 = poi(@$t0); (@$t1 != 0) & (@$t1 != @$t0); r $t1 =
poi(@$t1))
{
r? $t2 = #CONTAINING_RECORD(@$t1,
nt!_EPROCESS, ActiveProcessLinks);
.process /p /r $t2
!process $t2 7
}
21. Debugging Relevant
Debug 32-bit processes
with the 32-bit debugger
UMDH issues with x64
From the debugger – access CPU
registers with @
Issues encountered building the
Keyboard filter driver for x64
Virtual memory translation
Practice inspection with quad words (dq)
22. Trap Frames
Nonvolative registers (rbx, rsi, rdi, etc.)
not preserved for perf reasons
Must dig them out of the callee stacks
44. Debugging effectively requires
understanding your target code, debugger
theory and Operating System (OS)
theory. This presentation has been an
introduction to operating system and
debugger theory with an emphasis on
debugger capabilities and commands.
The related lab gives hands on
experience with driver and OS theory
using the debugger as the enabler
45. Understand the system state,
not just your driver
Virtual Memory
Interrupts
Timeslice/Dispatch
Go beyond Call Stacks and Exceptions
Know more of the essential commands
Debugging Well is Very Rewarding
46. Web Resources
Debugging Tools for Windows:
http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx
Training, message boards, etc:
http://www.microsoft.com/whdc/devtools/debugging/resources.mspx
Related Sessions
DVR-T410 Driver Debugging Basics
DVR-C478 Debugging Drivers: Discussion
DVR-C408 Driver Verifier: Internals Discussion
DVR-H409 Debugging Bugs Exposed by Driver Verifier: Workshop
DVR-H481 64-bit Driver Debugging Basics: Workshop (2 sessions)
Help: Create a support incident: DDK Developer Support
Feedback: Send suggestions or bug reports:
Windbgfb @ microsoft.com