Windows 2000 Kernel Debugging |
Duration: 3 days |
|
|
This course is intended for system software engineers who develop Windows device drivers or other system-level code
and support personnel who support system-level products. |
|
- Programming experience required with specific knowledge of C and C++ very helpful.
- Some labs are performed using Microsoft Visual Studio, so some experience with this development tool is preferred.
|
|
|
Description |
This course gives experienced device driver developers the knowledge to debug
kernel mode code using WinDbg. |
|
Objectives |
After completing this course, participants will be able to:
- Understand the tools supplied by Microsoft to debug Windows applications
- Explain the role of symbol and map files in debugging
- Effectively use Microsoft WinDbg to trace and debug kernel-mode code
- Perform stack tracing and debugging
- Analyze Windows 2000 "Blue Screen of Death" (BSOD) and the resulting dump files using WinDbg
- Perform hardware debugging using WinDbg
- Perform remote debugging
- Write custom debugger extension commands
- Use Driver Verifier to stress device driver code
|
|
Course Outline |
Kernel Debugging - Basics
- The Windows 2000 Family of Debuggers
- The PE File Format
- Symbol Files
- Map Files
- Debug & Release Builds
WinDbg
- Features of WinDbg
- WinDbg Interface
- Debug windows
- Symbol file specification
- Source file specification
- Setting breakpoints
- Controlling code execution
Kernel Debugging
- Kernel debug methodology
- Configuring the environment
- Basic WinDbg kernel commands
Stack Debugging
- The Windows on Intel stack structure
- User mode vs. Kernel mode stacks
- FPO
- OMAP
- Stack corruption
- Stack "repair"
Crash & Dump Files
- Configuring a system for crash dumps
- Forcing crash dumps from the keyboard
- Validating a crash dump file
- Using dumpchk for analysis
- Using WinDbg to analyze a crash dump
- Windows 2000 Stop Screens
|
|
Hardware Debugging
- Probing the hardware
- Accessing IO ports
- Reading/Writing Device memory
- Viewing the bus(as)
- Examining devices
- Multiprocessor information
- Interrupt information
- Power management information
- SCSI Help
Remote Debugging
- When remote debugging is necessary
- Using a modem
- Using a network (RAS)
- REMOTE.exe
- KD - An alternative
Debugger Extensions
- How WinDbg extensions work
- Initialization & Version-Checking functions
- Extension commands
- WinDbg helper functions
- Building a WinDbg extension
KD
- What is KD
- When to use KD
- Configuring KD
- KD commands
- Dot commands
- Command extensions
Driver Verifier
- What is Driver Verifier
- Types of tests performed by Verifier
- Configuring Driver Verifier
- Verifier Stop Codes
|
|