SlideShare a Scribd company logo

Windows Crash Dump Analysis

Download as PPTX, PDF
Microsoft TechNet - Belgium and Luxembourg
Microsoft TechNet - Belgium and Luxembourg

More info on http://www.techdays.be.

Technology
1 of 34
Understanding Windows Crashes Analyzing Windows Crashes Introducing Driver Verifier Performing Manual Analysis Advanced Debugging Techniques
7 years working at Microsoft 3 years at Digital Equipment Corporation Instructor with David Solomon
Why analyze a Windows crash?
The result of an unhandled exception A device driver detects an unrecoverable condition The result of a hardware failure
KeBugCheckEx, the Windows kernel API is called
Disables all interrupts Freezes all CPUs and notifies any registered drivers Writes a crash dump to disk and restarts
Documented in the Windows Driver Kit Reference included with the Debugging Tools Viewable using the kernel debugger
Small memory dump Kernel memory dump Complete memory dump
Use any one of the Microsoft kernel debuggers Configure the debugger to point to symbols Troubleshoot symbol loading errors with !sym noisy
The debugger performs basic crash analysis The result of executing the !analyze command Can be disabled if desired
Demo
Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
Demo
Useful for identifying code defects in drivers Included as part of the operating system Required for Windows logo certification
Configurable using the Driver Verifier tool Contains standard settings for common defects Support for using a command line interface
Demo
!analyze doesn’t always offer results Several useful commands and techniques Additional manual analysis techniques
Demo
Support for attaching a kernel debugger The system must be started in debugging mode Required for debugging initialization failures
Possible for systems to become unresponsive Instant system lockup Slow grinding to a halt
Using a PS/2 keyboard Using a built in NMI button Using the kernel debugger
Demo
Windows Internals, 5th Edition Memory Dump, Software Trace, Debugging, Malware and Intelligence Analysis Portal Advanced Windows Debugging and Troubleshooting
Windows Crash Dump Analysis

Recommended

What Happens When You Press that Button?
What Happens When You Press that Button?What Happens When You Press that Button?
What Happens When You Press that Button?
Cellebrite
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
Chetanmalviya8
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Oldsun
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
Farouk2nd
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
Santosh Khadsare
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharing
James Hsieh
 
Windows forensic
Windows forensicWindows forensic
Windows forensic
MD SAQUIB KHAN
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
Taha İslam YILMAZ
 

Recommended

What Happens When You Press that Button?
What Happens When You Press that Button?What Happens When You Press that Button?
What Happens When You Press that Button?
Cellebrite
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
Chetanmalviya8
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Oldsun
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
Farouk2nd
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
Santosh Khadsare
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharing
James Hsieh
 
Windows forensic
Windows forensicWindows forensic
Windows forensic
MD SAQUIB KHAN
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
Taha İslam YILMAZ
 
malware analysis
malware analysismalware analysis
malware analysis
20CS201AkashR
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
n|u - The Open Security Community
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
Brent Muir
 
PE File Format
PE File FormatPE File Format
PE File Format
n|u - The Open Security Community
 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Sam Bowne
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
Santosh Khadsare
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifacts
n|u - The Open Security Community
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
Sam Bowne
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
Memory forensics
Memory forensicsMemory forensics
Memory forensics
Sunil Kumar
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
Yansi Keim
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
 
Forensic artifacts in modern linux systems
Forensic artifacts in modern linux systemsForensic artifacts in modern linux systems
Forensic artifacts in modern linux systems
Gol D Roger
 
Computer Forensics: First Responder Training - Eric Vanderburg - JurInnov
Computer Forensics: First Responder Training - Eric Vanderburg - JurInnovComputer Forensics: First Responder Training - Eric Vanderburg - JurInnov
Computer Forensics: First Responder Training - Eric Vanderburg - JurInnov
Eric Vanderburg
 
Sqlmap
SqlmapSqlmap
Sqlmap
Institute of Information Security (IIS)
 
Sandboxing
SandboxingSandboxing
Sandboxing
Lan & Wan Solutions
 
Mac Forensics
Mac ForensicsMac Forensics
Mac Forensics
CTIN
 
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Sam Bowne
 
C++ Production Debugging
C++ Production DebuggingC++ Production Debugging
C++ Production Debugging
Sasha Goldshtein
 
VS Debugging Tricks
VS Debugging TricksVS Debugging Tricks
VS Debugging Tricks
Sasha Goldshtein
 

More Related Content

What's hot

Memory forensics
Memory forensicsMemory forensics
Memory forensics
Sunil Kumar
 
Mac Forensics
Mac ForensicsMac Forensics
Mac Forensics
CTIN
 

What's hot (20)

malware analysis
malware analysismalware analysis
malware analysis
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
 
PE File Format
PE File FormatPE File Format
PE File Format
 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifacts
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Malware
MalwareMalware
Malware
 
Memory forensics
Memory forensicsMemory forensics
Memory forensics
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
 
Forensic artifacts in modern linux systems
Forensic artifacts in modern linux systemsForensic artifacts in modern linux systems
Forensic artifacts in modern linux systems
 
Computer Forensics: First Responder Training - Eric Vanderburg - JurInnov
Computer Forensics: First Responder Training - Eric Vanderburg - JurInnovComputer Forensics: First Responder Training - Eric Vanderburg - JurInnov
Computer Forensics: First Responder Training - Eric Vanderburg - JurInnov
 
Sqlmap
SqlmapSqlmap
Sqlmap
 
Sandboxing
SandboxingSandboxing
Sandboxing
 
Mac Forensics
Mac ForensicsMac Forensics
Mac Forensics
 
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
 

Viewers also liked

Location Shoot
Location ShootLocation Shoot
Location Shoot
loousmith
 
02 allocative efficiency
02 allocative efficiency02 allocative efficiency
02 allocative efficiency
Travis Klein
 

Viewers also liked (13)

C++ Production Debugging
C++ Production DebuggingC++ Production Debugging
C++ Production Debugging
 
VS Debugging Tricks
VS Debugging TricksVS Debugging Tricks
VS Debugging Tricks
 
Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debugging
 
Who’s afraid of WinDbg
Who’s afraid of WinDbgWho’s afraid of WinDbg
Who’s afraid of WinDbg
 
Debugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherDebugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir Dresher
 
Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOS
 
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbg
 
Location Shoot
Location ShootLocation Shoot
Location Shoot
 
Discover Great Reasons to move to ConfigMgr 2012 SP1
Discover Great Reasons to move to ConfigMgr 2012 SP1Discover Great Reasons to move to ConfigMgr 2012 SP1
Discover Great Reasons to move to ConfigMgr 2012 SP1
 
02 allocative efficiency
02 allocative efficiency02 allocative efficiency
02 allocative efficiency
 
Trends 2012
Trends 2012Trends 2012
Trends 2012
 
Carmen y. benavides deber
Carmen y. benavides deberCarmen y. benavides deber
Carmen y. benavides deber
 

Similar to Windows Crash Dump Analysis

Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Camilo Alvarez Rivera
 
Advanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copyAdvanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copy
Burlacu Sergiu
 
Process control daemon
Process control daemonProcess control daemon
Process control daemon
haish
 
Compilers and interpreters
Compilers and interpretersCompilers and interpreters
Compilers and interpreters
RAJU KATHI
 
Software development windows nutshell
Software development windows nutshellSoftware development windows nutshell
Software development windows nutshell
Himanshu Pareek
 
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
blusmurfydot1
 

Similar to Windows Crash Dump Analysis (20)

Memory Dump
Memory DumpMemory Dump
Memory Dump
 
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
 
Troubleshooting
TroubleshootingTroubleshooting
Troubleshooting
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
 
Windows Debugging and Troubleshooting
Windows Debugging and TroubleshootingWindows Debugging and Troubleshooting
Windows Debugging and Troubleshooting
 
Build your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed MisbahBuild your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed Misbah
 
Diagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg DebuggerDiagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg Debugger
 
CISY 105 Chapter 1
CISY 105 Chapter 1CISY 105 Chapter 1
CISY 105 Chapter 1
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexity
 
Advanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copyAdvanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copy
 
Process control daemon
Process control daemonProcess control daemon
Process control daemon
 
Compilers and interpreters
Compilers and interpretersCompilers and interpreters
Compilers and interpreters
 
Software development windows nutshell
Software development windows nutshellSoftware development windows nutshell
Software development windows nutshell
 
3.1 teams and processes
3.1 teams and processes3.1 teams and processes
3.1 teams and processes
 
Big Java Chapter 1
Big Java Chapter 1Big Java Chapter 1
Big Java Chapter 1
 
Guide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGuide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System Utilities
 
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
 
Spug pt session2 - debuggingl
Spug pt session2 - debugginglSpug pt session2 - debuggingl
Spug pt session2 - debuggingl
 
Chapter1a
Chapter1aChapter1a
Chapter1a
 

More from Microsoft TechNet - Belgium and Luxembourg

More from Microsoft TechNet - Belgium and Luxembourg (20)

Windows 10: all you need to know!
Windows 10: all you need to know!Windows 10: all you need to know!
Windows 10: all you need to know!
 
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de KeukelaereConfiguration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
 
Windows 8.1 a closer look
Windows 8.1 a closer lookWindows 8.1 a closer look
Windows 8.1 a closer look
 
So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
Deploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr ClientsDeploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr Clients
 
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
 
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware UpdatingHands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
 
Jump start your application monitoring with APM
Jump start your application monitoring with APMJump start your application monitoring with APM
Jump start your application monitoring with APM
 
What’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent ChatWhat’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent Chat
 
What's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & DevicesWhat's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & Devices
 
Office 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and managementOffice 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and management
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options
 
SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options
 
The application model in real life
The application model in real lifeThe application model in real life
The application model in real life
 
Microsoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solutionMicrosoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solution
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management
 
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
 

Recently uploaded

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
DianaGray10
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 

Recently uploaded (20)

Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi Daparthi
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 

Windows Crash Dump Analysis

  • 1.
  • 2. Understanding Windows Crashes Analyzing Windows Crashes Introducing Driver Verifier Performing Manual Analysis Advanced Debugging Techniques
  • 3. 7 years working at Microsoft 3 years at Digital Equipment Corporation Instructor with David Solomon
  • 5.
  • 6. The result of an unhandled exception A device driver detects an unrecoverable condition The result of a hardware failure
  • 7.
  • 8. KeBugCheckEx, the Windows kernel API is called
  • 9. Disables all interrupts Freezes all CPUs and notifies any registered drivers Writes a crash dump to disk and restarts
  • 10.
  • 11.
  • 12. Documented in the Windows Driver Kit Reference included with the Debugging Tools Viewable using the kernel debugger
  • 13. Small memory dump Kernel memory dump Complete memory dump
  • 14.
  • 15. Use any one of the Microsoft kernel debuggers Configure the debugger to point to symbols Troubleshoot symbol loading errors with !sym noisy
  • 16. The debugger performs basic crash analysis The result of executing the !analyze command Can be disabled if desired
  • 17. Demo
  • 18. Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
  • 19. Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
  • 20. Demo
  • 21.
  • 22. Useful for identifying code defects in drivers Included as part of the operating system Required for Windows logo certification
  • 23. Configurable using the Driver Verifier tool Contains standard settings for common defects Support for using a command line interface
  • 24. Demo
  • 25.
  • 26. !analyze doesn’t always offer results Several useful commands and techniques Additional manual analysis techniques
  • 27. Demo
  • 28.
  • 29. Support for attaching a kernel debugger The system must be started in debugging mode Required for debugging initialization failures
  • 30. Possible for systems to become unresponsive Instant system lockup Slow grinding to a halt
  • 31. Using a PS/2 keyboard Using a built in NMI button Using the kernel debugger
  • 32. Demo
  • 33. Windows Internals, 5th Edition Memory Dump, Software Trace, Debugging, Malware and Intelligence Analysis Portal Advanced Windows Debugging and Troubleshooting