The document provides an overview of the Debugging Tools for Windows, including: - It installs four debuggers to support all Windows architectures. The main debugger is WinDbg. - WinDbg supports noninvasive debugging using workspaces and includes a command line interface. - Symbols are required to perform debugging and are contained in files that can be challenging to locate. - The most useful information is in the Help file, accessed with the .hh command in WinDbg.

2. Introduction to the Debugging Tools for Windows
Understanding Windows and x86/x64
Architectures
Understanding Application Crashes
Introducing Application Verifier
Advanced Debugging Techniques

3. 7 years working at Microsoft
3 years at Digital Equipment Corporation
Instructor with David Solomon

5. The Debugging Tools install four debuggers
Support for all architectures supported by
Windows
WinDbg is a Windows–based debugging tool

6. Several ways to select a debugging target
Must know the name or the identifier of the target
Support for noninvasive debugging

7. WinDbg supports the use of workspaces
Support included for a command line interface
Access to symbols to perform debugging

8. A collection of symbols contained within a single
file

9. Can be challenging to locate the required
symbols
Set the system wide environment variable
Troubleshoot symbol loading errors with !sym
noisy

10. The most useful information is the Help file
Use the .hh command from within the debugger
Discovering commands with auto–complete

11. Demo

13. Registers, small areas of extremely fast storage
Usually measured by the number of bits they hold
x86 architecture provides 16 basic program
registers
x64 adds an additional 8 general–purpose
registers

14. Accessible using the r debugger command

15. Windows provides support for a
flat addressed virtual
environment
Linear address space is divided
into fixed–size pages

16. Windows provides support for a
flat addressed virtual
environment
Linear address space is divided
into fixed–size pages

17. Accessible using the d debugger commands

18. Process, an instance of a program
Thread, a unit of execution within the system
A unique identifier is assigned to both

19. Using the !teb debugger command
Using the !peb debugger command
Using the inbuilt ~ command

20. A storage location used by threads
Useful to identify the flow of code in an
application
A unique stack is allocated to each thread

21. Accessible using the k debugger commands

22. Demo

24. The result of an unhandled exception
Windows uses structured exception handling
Unhandled exceptions are passed to a system
filter

25. Dr Watson replaced with WerFault in Windows
Vista
A central location is now provided for users
Additional support for non–critical events

26. Default configuration is to not take a full dump
Ability to exclude reports on a per application
basis
Doesn’t affect applications with their own support

27. Application not terminated until the filter returns
Must know the name or the PID of the application
Allows a user to create a dump of the application

28. Demo

30. A runtime verification tool for native code
Available as a separate download from Microsoft
Injects verification DLLs into the application

31. Configurable using the Application Verifier tool
Certain verification layers require a debugger
Support for using a command line interface

32. Demo

34. Possible to force dump creation of an application
Using the built in Windows Task Manager
Using the Debugging Tools for Windows

35. Support for redirection using a kernel debugger
The system must be started in debugging mode
Useful in several advanced scenarios

36. Demo

37. Windows Internals, 5th Edition
Advanced Windows Debugging
Windows via C/C++, 5th Edition

38. Memory Dump, Software
Trace, Debugging, Malware and Intelligence
Analysis Portal
Advanced Windows Debugging and
Troubleshooting