Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Python
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
Windows Kernel Debugging
Overview

This debugging and memory dump analysis course is targeted at driver developers and support engineers and covers debugging techniques pertaining to kernel mode drivers. Attendees will learn how to perform fault isolation, analyze and root cause crashes and hangs caused by kernel mode drivers.

Hands-on Labs

Every topic in the course is accompanied by hands-on labs that involve extensive usage of the Debugging Tools for Windows (WinDBG) as well as other tools that ship with the Windows Driver Kit (WDK). These hands-on labs provide attendees with real life experience of debugging kernel mode issues.

Prerequisites

This is an intermediate level course and requires attendees to be able to read C/C++ source code. In addition, attendees are expected to have knowledge of Windows operating system internals, working level knowledge of WinDBG and familiarity with the Windows Device Kit (WDK) APIs.

The Windows Kernel Internals and Windows Debugging & Reversing courses provide most of the pre-requisite knowledge for this course.

Course duration

3 Days

Topics

Crash Dump Analysis

Crash dump analysis or bug-check analysis is a necessary part of device driver development. This section discusses the dump generation process, different types of kernel memory dumps and the techniques used to debug them. Attendees learn about the common causes of system crashes, how to categorize them in order to come up with an analysis strategy followed by specific analysis techniques for bug-checks related to incorrect IRQL usage, invalid memory accesses, pool corruption and failures related to hardware.

Calling Convention and Call Stacks

Windows runs on X86 and X64 CPUs, which have very different calling conventions, parameter passing mechanisms and stack layouts. In this section, attendees learn techniques for retrieving parameters and non-volatile registers from the stacks as well as how to debug issues like stack overflows and stack corruption.

Debugging Deadlocks and Hangs

Deadlocks and hangs are much harder to debug than crashes since there is no well-defined starting point for the fault analysis process. In this section, attendees will learn the basics of debugging system level hangs like identifying deadlocked threads, stuck I/O requests and generally narrowing down the scope of hangs. They will also learn about examining vital system health indicators to find common causes of hangs and attribute them to specific components in the system. Performance analysis tools and their usage in debugging high CPU usage and CPU spikes are also covered.

Advanced Analysis Techniques

This section picks up where the crash dump analysis section left off. Debugging strategy and techniques for root cause analysis are discussed. Using carefully selected examples of real world crashes and hangs, attendees will learn how to start from the information displayed by “!analyze -v" and go all the way to root causing the problem while applying kernel internals knowledge and debugging techniques along the way.

Debugging Tools

A low hanging fruit when debugging drivers is to use the myriad of run-time verification, tracking and debugging capabilities provided by the system to nail down subtle bugs in drivers. This section covers some of these tools and mechanisms available to drivers like driver verifier, GFlags, checked build components, object reference counting, run-time stack capture, pool breakpoints and PTE tracking etc. that help with debugging. Attendees learn about the scenarios under which to use these tools, the debugging features they provide and how to use them to pin-point various classes of problems in drivers.

Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved