DBG320 - Mastering Windows Debugging
NEW! Go beyond the basics of debugging with this intensive seminar.
Level: | Advanced |
---|---|
Audience: | Applications developers; systems software developers; device driver developers; system administrators; system integrators; hardware OEMs; platform engineers; I.T. support personnel |
Description: | This seminar provides a detailed and thorough tutorial on the art of debugging with the Windows Debugging Tools, primarily for purposes of crash dump (blue screen) analysis, but also for live debugging and analysis of failures in user mode programs. Additional tools such as Windows Performance Analyzer (for monitoring ETW events, used by drivers and the OS for tracing) are presented. The seminar begins with a quick introduction to the debugger, followed by a walkthrough of the analysis of a fairly straightforward memory dump file. This will present an example of a common class of easy-to-analyze problem, and will be used as a foundation for deeper study. The seminar will present a number of debugging techniques, each followed by a lab period in which students will analyzie a memory dump for which the technique is useful. Each such analysis period will be followed by detailed discussion. Most Windows crashes are caused by code that violates a key Windows internals principle, and many of the dumps are selected to highlight the most common of these cases. During the discussion period, each such principle will be described along with the typical code fixes. In most cases, suggestions as to how the problem could have been detected during testing (for example, using the Checked Build of the OS, or Driver Verifier, or ETW tracing) are offered. Someone skilled in kernel mode debugging is often asked to help out with user mode problems as well, and the seminar does include the use of WinDbg for analysis of user mode dumps and for debugging running programs. Debugging of Windows service processes and of early startup processes is covered. The debugger is of course also useful for live debugging of kernel mode code, and some of the debugger's capabilites that are particularly suited for that environment will be presented and used in labs.
|
Topics: |
NOTE: This is a preliminary topic list and as such is subject to revision. This does not necessarily reflect the order of presentation. Many of the subtopics listed here will be presented in a much more "interwoven" form than is suggested by this list.
|
Prerequisites: | All attendees must have attended one of our Windows Internals seminars, or have equivalent experience. This seminar builds on, and does not repeat, material presented in our Windows Internals (INT201) seminar. Some previous experience with the Windows Debugging Tools is not required, but would of course be helpful. |
Operating systems supported: | This seminar primarily addresses Windows 7 through Windows 10 and Windows Server 2012 R2. Most of the material is applicable to earlier versions of Windows. Earlier versions can be specifically addressed upon request. |
Durations and formats: | 5 days with labs |
Labs: | This seminar is only offered with labs. |