Windows Debugging Training
The Windows XP Debugging Course
Introduction
This course gives developers and support engineers the knowledge to locate and
isolate Windows XP kernel and user mode bugs.
At Course Completion
At the end of the course, students should be able to:
• Understand the Windows XP family of debuggers and tools
• Understand the role of the Portable Executable file format for executables
• Use symbol files in PDB or DBG format
• Use and understand DEBUG and RELEASE builds
• Use link map files
• Using the Visual Studio debugger, perform source level tracing
• Set up advanced breakpoints
• Use the full set of Visual Studio debugging facilities
• Manage the multiple threads during debugging
• Use the debug output window
• Use the NTSD debugger for source-level debugging
• Perform remote debugging using Remote and CDB
• Understand the structure of the Intel & Windows XP stack
• Perform stack traces
• Recovering information from a torn stack
• Use WinDbg to perform source level debugging of a kernel-mode device
driver
• Perform a kernel mode crash dump analysis
• Collect and analyze data from a user mode crash using Dr. Watson and
WinDbg
Prerequisites
Before taking this course, students should have the following skills:
• C Programming Language competency
• Experience with Windows programming
Course Outline
1. An Overview of the Win32 Debuggers & Environment
• The Windows XP Debuggers
• The Portable Executable (PE) File Format
• Symbol Files
• Map Files
• Debug & Release Builds
2. Visual Studio Debugger
• Source File Debugging
• Setting Breakpoints
• The Debug Windows
• Thread Management
• Exception Management
• Remote Debugging
3. DLL Architecture & Debugging
• The Windows XP DLL Architecture
• Types of DLL Linkage
• DLL Base Address
• Binding
• Debugging a DLL
4. Command Line Debugging using NTSD
• NTSD Overview
• Symbolic & Source Debugging
• CDB
• Remote debugging using CDB
5. Stack Debugging
• Structure of the Intel Stack
• Stack Optimizations
• Stack Traces
• Stack Corruption
• Stack Recovery
6. WinDbg
• Features of WinDbg
• WinDbg Interface
• Debug windows
• Symbol file specification
• Source file specification
• Setting breakpoints
• Controlling code execution
7. Windows 2000 / XP Device Driver Architecture
• Context of code running in kernel mode - traps, interrupts, and kernel
threads
• The Windows XP interrupt abstraction
• Deferred procedure calls
• User buffer access
• Structure of a kernel-mode driver
• The I/O processing sequence
8. Kernel Device Driver Debugging
• Overview of kernel debuggers
• Kernel mode debugging environment
• Host configuration
• Target configuration
• Symbol files
• Using WinDbg on the Host
9. Crashes & Dump Files
• Why Windows XP crashes
• Memory Dump Options
• Analyzing a Crash Dump with WinDbg
• User mode dump files
• An Overview of Dr. Watson
• Building an application for use with Dr. Watson
• Capturing and analyzing a user mode crash
10. Hardware Debugging
• Probing the hardware
• Accessing IO ports
• Reading/Writing Device memory
• Viewing the bus(as)
• Examining devices
• Multiprocessor information
• Interrupt information
• Power management information
• SCSI Help
11. Extended Crash Dump Analysis
• Exception Context(s)
• When you have source…
• When you don’t have source…
• Working with maps
12. Symbol Management
• The need for symbols
• Symbol Server
13. Ways to Stress a Suspected Driver
• Beyond Driver Verifier
• Opening timing windows
Return to Windows Debugging Training
|
