DRV211 - Windows Driver Debugging and Memory Dump Analysis

Developers of all types of Windows device drivers.

This seminar presents kernel debugging and crash dump analysis tools and methods for Windows, with emphasis on their use to support driver development. We show you how to best set up and use the various available debugging tools, and then show you how the tools are best applied in analyzing and correcting many common driver problems. We review key operating system and driver principles, along with typical driver problems associated with those principles. Finally, we give you coding hints to help make your driver easier to debug, and better yet, to make it less prone to errors in the first place. The seminar includes the use of operating system mechanisms such as the Checked Build and Driver Verifier. 

Attendees must have attended one of our device driver seminars (DRV201 or equivalent), or have equivalent experience writing Windows kernel mode drivers. Familiarity with the material of DRV150, Windows Internals for Driver Developers, is also extremely important.

We strongly recommend the hands-on labs version of this seminar. As with all of our seminars, we have carefully designed our lab sessions to allow you to immediately apply the material learned. In this seminar we challenge you with both debugging of buggy driver source files and analysis of memory dumps from “unknown” causes. All example source files, memory dump files, etc., together with detailed walkthroughs of the crash dump analyses, will be provided to the attendees on CD-R.

Short Formats

DRV211-1, Windows Driver Debugging Essentials, lecture only, 1 day

The one day version of this seminar covers the most important material from the above outline, with almost all emphasis on “live” debugging rather than on memory dump analysis. Suggested reading and exercises are provided so that the attendees can pursue further study on their own schedule. This format is not recommended if this will be the attendees’ first exposure to debugging!