DRV211 - Windows Driver Debugging and Memory Dump Analysis
An intensive hands-on tutorial on debugging device drivers, via both “live” debugging and analysis of memory dumps. The latter includes techniques for looking at code for which you don't have the source.
Developers of all types of Windows device drivers.
This seminar presents kernel debugging and crash dump analysis tools and methods for Windows, with emphasis on their use to support driver development. We show you how to best set up and use the various available debugging tools, and then show you how the tools are best applied in analyzing and correcting many common driver problems. We review key operating system and driver principles, along with typical driver problems associated with those principles. Finally, we give you coding hints to help make your driver easier to debug, and better yet, to make it less prone to errors in the first place. The seminar includes the use of operating system mechanisms such as the Checked Build and Driver Verifier.
Attendees must have attended one of our device driver seminars (DRV201 or equivalent), or have equivalent experience writing Windows kernel mode drivers. Familiarity with the material of DRV150, Windows Internals for Driver Developers, is also extremely important.
|Operating systems supported:||Windows 2000 through Windows 10/Windows Server 2012 R2|
|Durations and formats:||
4 days with labs
2 days lecture only
We strongly recommend the hands-on labs version of this seminar. As with all of our seminars, we have carefully designed our lab sessions to allow you to immediately apply the material learned. In this seminar we challenge you with both debugging of buggy driver source files and analysis of memory dumps from “unknown” causes. All example source files, memory dump files, etc., together with detailed walkthroughs of the crash dump analyses, will be provided to the attendees on CD-R.
DRV211-1, Windows Driver Debugging Essentials, lecture only, 1 day
The one day version of this seminar covers the most important material from the above outline, with almost all emphasis on “live” debugging rather than on memory dump analysis. Suggested reading and exercises are provided so that the attendees can pursue further study on their own schedule. This format is not recommended if this will be the attendees’ first exposure to debugging!