SlideShare a Scribd company logo

Windows Crash Dump Analysis

Download as PPTX, PDF
Microsoft TechNet - Belgium and Luxembourg
Microsoft TechNet - Belgium and Luxembourg

This document provides an overview of analyzing Windows crashes. It discusses introducing the Driver Verifier tool to identify code defects in drivers, using kernel debuggers to view crash dumps and perform basic crash analysis, and advanced debugging techniques like attaching a kernel debugger for debugging initialization failures. The document also covers the author's experience of 7 years at Microsoft and 3 years at Digital Equipment Corporation, as well as instructor experience with David Solomon.

1 of 34
Understanding Windows Crashes Analyzing Windows Crashes Introducing Driver Verifier Performing Manual Analysis Advanced Debugging Techniques
7 years working at Microsoft 3 years at Digital Equipment Corporation Instructor with David Solomon
Why analyze a Windows crash?
The result of an unhandled exception A device driver detects an unrecoverable condition The result of a hardware failure
KeBugCheckEx, the Windows kernel API is called
Disables all interrupts Freezes all CPUs and notifies any registered drivers Writes a crash dump to disk and restarts
Documented in the Windows Driver Kit Reference included with the Debugging Tools Viewable using the kernel debugger
Small memory dump Kernel memory dump Complete memory dump
Use any one of the Microsoft kernel debuggers Configure the debugger to point to symbols Troubleshoot symbol loading errors with !sym noisy
The debugger performs basic crash analysis The result of executing the !analyze command Can be disabled if desired
Demo
Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
Demo
Useful for identifying code defects in drivers Included as part of the operating system Required for Windows logo certification
Configurable using the Driver Verifier tool Contains standard settings for common defects Support for using a command line interface
Demo
!analyze doesn’t always offer results Several useful commands and techniques Additional manual analysis techniques
Demo
Support for attaching a kernel debugger The system must be started in debugging mode Required for debugging initialization failures
Possible for systems to become unresponsive Instant system lockup Slow grinding to a halt
Using a PS/2 keyboard Using a built in NMI button Using the kernel debugger
Demo
Windows Internals, 5th Edition Memory Dump, Software Trace, Debugging, Malware and Intelligence Analysis Portal Advanced Windows Debugging and Troubleshooting
Windows Crash Dump Analysis

Recommended

Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
Sam Bowne
 
Virtual Machine Forensics
Virtual Machine ForensicsVirtual Machine Forensics
Virtual Machine Forensics
primeteacher32
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
SumeraHangi
 
Live memory forensics
Live memory forensicsLive memory forensics
Live memory forensics
Mehedi Hasan
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
Sreekanth Narendran
 
Malware forensics
Malware forensicsMalware forensics
Malware forensics
Sameera Amjad
 

Recommended

Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
Sam Bowne
 
Virtual Machine Forensics
Virtual Machine ForensicsVirtual Machine Forensics
Virtual Machine Forensics
primeteacher32
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
SumeraHangi
 
Live memory forensics
Live memory forensicsLive memory forensics
Live memory forensics
Mehedi Hasan
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
Sreekanth Narendran
 
Malware forensics
Malware forensicsMalware forensics
Malware forensics
Sameera Amjad
 
Aircrack
AircrackAircrack
Aircrack
Nithin Sathees
 
Linux System Monitoring
Linux System Monitoring Linux System Monitoring
Linux System Monitoring
PriyaTeli
 
Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts
MD SAQUIB KHAN
 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging
Sam Bowne
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
Introduction to Browser Fuzzing
Introduction to Browser FuzzingIntroduction to Browser Fuzzing
Introduction to Browser Fuzzing
n|u - The Open Security Community
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
Taha İslam YILMAZ
 
Nmap
NmapNmap
Nmap
Megha Sahu
 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Sam Bowne
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
Mohammed Akbar Shariff
 
Snort
SnortSnort
SnortRahul Jain
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
primeteacher32
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensics
Prince Boonlia
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_systemMaceni Muse
 
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Philip Polstra
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LAN
Arpit Suthar
 
CNIT 126 11. Malware Behavior
CNIT 126 11. Malware BehaviorCNIT 126 11. Malware Behavior
CNIT 126 11. Malware Behavior
Sam Bowne
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
ArunJS5
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows Forensics
Dr. Ramchandra Mangrulkar
 
C++ Production Debugging
C++ Production DebuggingC++ Production Debugging
C++ Production Debugging
Sasha Goldshtein
 
VS Debugging Tricks
VS Debugging TricksVS Debugging Tricks
VS Debugging Tricks
Sasha Goldshtein
 

More Related Content

What's hot

Aircrack
AircrackAircrack
Aircrack
Nithin Sathees
 
Linux System Monitoring
Linux System Monitoring Linux System Monitoring
Linux System Monitoring
PriyaTeli
 
Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts
MD SAQUIB KHAN
 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging
Sam Bowne
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
Introduction to Browser Fuzzing
Introduction to Browser FuzzingIntroduction to Browser Fuzzing
Introduction to Browser Fuzzing
n|u - The Open Security Community
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
Taha İslam YILMAZ
 
Nmap
NmapNmap
Nmap
Megha Sahu
 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Sam Bowne
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
Mohammed Akbar Shariff
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
primeteacher32
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensics
Prince Boonlia
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_systemMaceni Muse
 
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Philip Polstra
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LAN
Arpit Suthar
 
CNIT 126 11. Malware Behavior
CNIT 126 11. Malware BehaviorCNIT 126 11. Malware Behavior
CNIT 126 11. Malware Behavior
Sam Bowne
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
ArunJS5
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows Forensics
Dr. Ramchandra Mangrulkar
 

What's hot (20)

Aircrack
AircrackAircrack
Aircrack
 
Linux System Monitoring
Linux System Monitoring Linux System Monitoring
Linux System Monitoring
 
Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts Windows Registry Forensics - Artifacts
Windows Registry Forensics - Artifacts
 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Introduction to Browser Fuzzing
Introduction to Browser FuzzingIntroduction to Browser Fuzzing
Introduction to Browser Fuzzing
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
 
Nmap
NmapNmap
Nmap
 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
 
Snort
SnortSnort
Snort
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensics
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_system
 
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LAN
 
CNIT 126 11. Malware Behavior
CNIT 126 11. Malware BehaviorCNIT 126 11. Malware Behavior
CNIT 126 11. Malware Behavior
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows Forensics
 

Viewers also liked

C++ Production Debugging
C++ Production DebuggingC++ Production Debugging
C++ Production Debugging
Sasha Goldshtein
 
VS Debugging Tricks
VS Debugging TricksVS Debugging Tricks
VS Debugging Tricks
Sasha Goldshtein
 
Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debugging
chrisortman
 
Who’s afraid of WinDbg
Who’s afraid of WinDbgWho’s afraid of WinDbg
Who’s afraid of WinDbg
Dror Helper
 
Debugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherDebugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir Dresher
Tamir Dresher
 
Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOS
Sasha Goldshtein
 
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Shanmuga KS
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbg
Arno Huetter
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharingJames Hsieh
 
Location Shoot
Location ShootLocation Shoot
Location Shootloousmith
 
Discover Great Reasons to move to ConfigMgr 2012 SP1
Discover Great Reasons to move to ConfigMgr 2012 SP1Discover Great Reasons to move to ConfigMgr 2012 SP1
Discover Great Reasons to move to ConfigMgr 2012 SP1
Microsoft TechNet - Belgium and Luxembourg
 
02 allocative efficiency
02 allocative efficiency02 allocative efficiency
02 allocative efficiency
Travis Klein
 
Trends 2012
Trends 2012Trends 2012
Trends 2012
Microsoft TechNet - Belgium and Luxembourg
 

Viewers also liked (14)

C++ Production Debugging
C++ Production DebuggingC++ Production Debugging
C++ Production Debugging
 
VS Debugging Tricks
VS Debugging TricksVS Debugging Tricks
VS Debugging Tricks
 
Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debugging
 
Who’s afraid of WinDbg
Who’s afraid of WinDbgWho’s afraid of WinDbg
Who’s afraid of WinDbg
 
Debugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherDebugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir Dresher
 
Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOS
 
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbg
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharing
 
Location Shoot
Location ShootLocation Shoot
Location Shoot
 
Discover Great Reasons to move to ConfigMgr 2012 SP1
Discover Great Reasons to move to ConfigMgr 2012 SP1Discover Great Reasons to move to ConfigMgr 2012 SP1
Discover Great Reasons to move to ConfigMgr 2012 SP1
 
02 allocative efficiency
02 allocative efficiency02 allocative efficiency
02 allocative efficiency
 
Trends 2012
Trends 2012Trends 2012
Trends 2012
 
Carmen y. benavides deber
Carmen y. benavides deberCarmen y. benavides deber
Carmen y. benavides deber
 

Similar to Windows Crash Dump Analysis

Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Camilo Alvarez Rivera
 
Troubleshooting
TroubleshootingTroubleshooting
Troubleshooting
Sonnie Bars
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
Bala Subra
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
Bala Subra
 
Windows Debugging and Troubleshooting
Windows Debugging and TroubleshootingWindows Debugging and Troubleshooting
Windows Debugging and Troubleshooting
Microsoft TechNet - Belgium and Luxembourg
 
Build your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed MisbahBuild your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed Misbah
SAYYED AHAMMED MISBAH
 
Diagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg DebuggerDiagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg Debugger
Dmitry Vostokov
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexity
asimkadav
 
Advanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copyAdvanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copyBurlacu Sergiu
 
Process control daemon
Process control daemonProcess control daemon
Process control daemonhaish
 
Compilers and interpreters
Compilers and interpretersCompilers and interpreters
Compilers and interpretersRAJU KATHI
 
Software development windows nutshell
Software development windows nutshellSoftware development windows nutshell
Software development windows nutshellHimanshu Pareek
 
3.1 teams and processes
3.1 teams and processes3.1 teams and processes
3.1 teams and processes
Sayed Ahmed
 
Big Java Chapter 1
Big Java Chapter 1Big Java Chapter 1
Big Java Chapter 1
Maria Joslin
 
Guide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGuide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System Utilities
Gene Carboni
 
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11blusmurfydot1
 
Spug pt session2 - debuggingl
Spug pt session2 - debugginglSpug pt session2 - debuggingl
Spug pt session2 - debuggingl
Comunidade Portuguesa de SharePoiint
 

Similar to Windows Crash Dump Analysis (20)

Memory Dump
Memory DumpMemory Dump
Memory Dump
 
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
 
Troubleshooting
TroubleshootingTroubleshooting
Troubleshooting
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
 
Windows Debugging and Troubleshooting
Windows Debugging and TroubleshootingWindows Debugging and Troubleshooting
Windows Debugging and Troubleshooting
 
Build your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed MisbahBuild your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed Misbah
 
Diagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg DebuggerDiagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg Debugger
 
CISY 105 Chapter 1
CISY 105 Chapter 1CISY 105 Chapter 1
CISY 105 Chapter 1
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexity
 
Advanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copyAdvanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copy
 
Process control daemon
Process control daemonProcess control daemon
Process control daemon
 
Compilers and interpreters
Compilers and interpretersCompilers and interpreters
Compilers and interpreters
 
Software development windows nutshell
Software development windows nutshellSoftware development windows nutshell
Software development windows nutshell
 
3.1 teams and processes
3.1 teams and processes3.1 teams and processes
3.1 teams and processes
 
Big Java Chapter 1
Big Java Chapter 1Big Java Chapter 1
Big Java Chapter 1
 
Guide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGuide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System Utilities
 
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
 
Spug pt session2 - debuggingl
Spug pt session2 - debugginglSpug pt session2 - debuggingl
Spug pt session2 - debuggingl
 
Chapter1a
Chapter1aChapter1a
Chapter1a
 

More from Microsoft TechNet - Belgium and Luxembourg

Windows 10: all you need to know!
Windows 10: all you need to know!Windows 10: all you need to know!
Windows 10: all you need to know!
Microsoft TechNet - Belgium and Luxembourg
 
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de KeukelaereConfiguration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Microsoft TechNet - Belgium and Luxembourg
 
Windows 8.1 a closer look
Windows 8.1 a closer lookWindows 8.1 a closer look
Windows 8.1 a closer look
Microsoft TechNet - Belgium and Luxembourg
 
So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.
Microsoft TechNet - Belgium and Luxembourg
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
Microsoft TechNet - Belgium and Luxembourg
 
Deploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr ClientsDeploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr Clients
Microsoft TechNet - Belgium and Luxembourg
 
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Microsoft TechNet - Belgium and Luxembourg
 
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware UpdatingHands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Microsoft TechNet - Belgium and Luxembourg
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
Microsoft TechNet - Belgium and Luxembourg
 
Jump start your application monitoring with APM
Jump start your application monitoring with APMJump start your application monitoring with APM
Jump start your application monitoring with APM
Microsoft TechNet - Belgium and Luxembourg
 
What’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent ChatWhat’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent Chat
Microsoft TechNet - Belgium and Luxembourg
 
What's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & DevicesWhat's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & Devices
Microsoft TechNet - Belgium and Luxembourg
 
Office 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and managementOffice 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and management
Microsoft TechNet - Belgium and Luxembourg
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options
Microsoft TechNet - Belgium and Luxembourg
 
SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options
Microsoft TechNet - Belgium and Luxembourg
 
The application model in real life
The application model in real lifeThe application model in real life
The application model in real life
Microsoft TechNet - Belgium and Luxembourg
 
Microsoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solutionMicrosoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft TechNet - Belgium and Luxembourg
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
Microsoft TechNet - Belgium and Luxembourg
 
Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management
Microsoft TechNet - Belgium and Luxembourg
 
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
Microsoft TechNet - Belgium and Luxembourg
 

More from Microsoft TechNet - Belgium and Luxembourg (20)

Windows 10: all you need to know!
Windows 10: all you need to know!Windows 10: all you need to know!
Windows 10: all you need to know!
 
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de KeukelaereConfiguration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
 
Windows 8.1 a closer look
Windows 8.1 a closer lookWindows 8.1 a closer look
Windows 8.1 a closer look
 
So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
Deploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr ClientsDeploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr Clients
 
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
 
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware UpdatingHands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
 
Jump start your application monitoring with APM
Jump start your application monitoring with APMJump start your application monitoring with APM
Jump start your application monitoring with APM
 
What’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent ChatWhat’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent Chat
 
What's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & DevicesWhat's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & Devices
 
Office 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and managementOffice 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and management
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options
 
SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options
 
The application model in real life
The application model in real lifeThe application model in real life
The application model in real life
 
Microsoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solutionMicrosoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solution
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management
 
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
 

Recently uploaded

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 

Recently uploaded (20)

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 

Windows Crash Dump Analysis

  • 1.
  • 2. Understanding Windows Crashes Analyzing Windows Crashes Introducing Driver Verifier Performing Manual Analysis Advanced Debugging Techniques
  • 3. 7 years working at Microsoft 3 years at Digital Equipment Corporation Instructor with David Solomon
  • 5.
  • 6. The result of an unhandled exception A device driver detects an unrecoverable condition The result of a hardware failure
  • 7.
  • 8. KeBugCheckEx, the Windows kernel API is called
  • 9. Disables all interrupts Freezes all CPUs and notifies any registered drivers Writes a crash dump to disk and restarts
  • 10.
  • 11.
  • 12. Documented in the Windows Driver Kit Reference included with the Debugging Tools Viewable using the kernel debugger
  • 13. Small memory dump Kernel memory dump Complete memory dump
  • 14.
  • 15. Use any one of the Microsoft kernel debuggers Configure the debugger to point to symbols Troubleshoot symbol loading errors with !sym noisy
  • 16. The debugger performs basic crash analysis The result of executing the !analyze command Can be disabled if desired
  • 17. Demo
  • 18. Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
  • 19. Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
  • 20. Demo
  • 21.
  • 22. Useful for identifying code defects in drivers Included as part of the operating system Required for Windows logo certification
  • 23. Configurable using the Driver Verifier tool Contains standard settings for common defects Support for using a command line interface
  • 24. Demo
  • 25.
  • 26. !analyze doesn’t always offer results Several useful commands and techniques Additional manual analysis techniques
  • 27. Demo
  • 28.
  • 29. Support for attaching a kernel debugger The system must be started in debugging mode Required for debugging initialization failures
  • 30. Possible for systems to become unresponsive Instant system lockup Slow grinding to a halt
  • 31. Using a PS/2 keyboard Using a built in NMI button Using the kernel debugger
  • 32. Demo
  • 33. Windows Internals, 5th Edition Memory Dump, Software Trace, Debugging, Malware and Intelligence Analysis Portal Advanced Windows Debugging and Troubleshooting