Windows Debugging Training
Advanced Kernel Debugging
Introduction
This extension to the basics of Kernel Debugging course provides
“hands on” practical debugging experience with WinDbg, Crash Dump files,
and Device Driver “anomalies”.
At Course Completion
At the end of the course, students will be able to:
• Understand the architecture of device drivers for Windows 2000
• Perform “real” crash dump analysis
• Work with and without source for device drivers
• Use map files to locate code (routines)
• Understand the role of Symbol Server
• Be innovative in stressing driver code
Prerequisites
•Basics of Kernel Debugging Course
•WinDbg Experience
•Some Intel assembly knowledge
Course Topics
Windows 2000 / XP Device Driver Architecture
•Context of code running in kernel mode - traps, interrupts, and kernel
threads
•The Windows 2000 interrupt abstraction
•Deferred procedure calls
•User buffer access
•Structure of a kernel-mode driver
•The I/O processing sequence
Extended Crash Dump Analysis
•Exception Context(s)
•When you have source…
•When you don’t have source…
•Working with maps
Symbol Management
•The need for symbols
•Symbol Server
Ways to Stress a Suspected Driver
•Beyond Driver Verifier
•Opening timing windows
Debugger Extensions
•How WinDbg extensions work
•Initialization & Version-Checking functions
•Extension commands
•WinDbg helper functions
•Building a WinDbg extension
Return to Windows Debugging Training
|
