Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Windows Debugging and Troubleshooting


Published on

More info on

Published in: Technology
  • Be the first to comment

Windows Debugging and Troubleshooting

  1. 1. Introduction to the Debugging Tools for WindowsUnderstanding Windows and x86/x64ArchitecturesUnderstanding Application CrashesIntroducing Application VerifierAdvanced Debugging Techniques
  2. 2. 7 years working at Microsoft3 years at Digital Equipment CorporationInstructor with David Solomon
  3. 3. The Debugging Tools install four debuggersSupport for all architectures supported byWindowsWinDbg is a Windows–based debugging tool
  4. 4. Several ways to select a debugging targetMust know the name or the identifier of the targetSupport for noninvasive debugging
  5. 5. WinDbg supports the use of workspacesSupport included for a command line interfaceAccess to symbols to perform debugging
  6. 6. A collection of symbols contained within a singlefile
  7. 7. Can be challenging to locate the requiredsymbolsSet the system wide environment variableTroubleshoot symbol loading errors with !symnoisy
  8. 8. The most useful information is the Help fileUse the .hh command from within the debuggerDiscovering commands with auto–complete
  9. 9. Demo
  10. 10. Registers, small areas of extremely fast storageUsually measured by the number of bits they holdx86 architecture provides 16 basic programregistersx64 adds an additional 8 general–purposeregisters
  11. 11. Accessible using the r debugger command
  12. 12. Windows provides support for aflat addressed virtualenvironmentLinear address space is dividedinto fixed–size pages
  13. 13. Windows provides support for aflat addressed virtualenvironmentLinear address space is dividedinto fixed–size pages
  14. 14. Accessible using the d debugger commands
  15. 15. Process, an instance of a programThread, a unit of execution within the systemA unique identifier is assigned to both
  16. 16. Using the !teb debugger commandUsing the !peb debugger commandUsing the inbuilt ~ command
  17. 17. A storage location used by threadsUseful to identify the flow of code in anapplicationA unique stack is allocated to each thread
  18. 18. Accessible using the k debugger commands
  19. 19. Demo
  20. 20. The result of an unhandled exceptionWindows uses structured exception handlingUnhandled exceptions are passed to a systemfilter
  21. 21. Dr Watson replaced with WerFault in WindowsVistaA central location is now provided for usersAdditional support for non–critical events
  22. 22. Default configuration is to not take a full dumpAbility to exclude reports on a per applicationbasisDoesn’t affect applications with their own support
  23. 23. Application not terminated until the filter returnsMust know the name or the PID of the applicationAllows a user to create a dump of the application
  24. 24. Demo
  25. 25. A runtime verification tool for native codeAvailable as a separate download from MicrosoftInjects verification DLLs into the application
  26. 26. Configurable using the Application Verifier toolCertain verification layers require a debuggerSupport for using a command line interface
  27. 27. Demo
  28. 28. Possible to force dump creation of an applicationUsing the built in Windows Task ManagerUsing the Debugging Tools for Windows
  29. 29. Support for redirection using a kernel debuggerThe system must be started in debugging modeUseful in several advanced scenarios
  30. 30. Demo
  31. 31. Windows Internals, 5th EditionAdvanced Windows DebuggingWindows via C/C++, 5th Edition
  32. 32. Memory Dump, SoftwareTrace, Debugging, Malware and IntelligenceAnalysis PortalAdvanced Windows Debugging andTroubleshooting