|
 |
Overview
|
When Windows detects an inconsistency within the operating system that's too big to ignore, it crashes and
displays the infamous Blue Screen of Death. Optionally, the system also writes the contents of memory at the
time of the crash to a crash dump file.
The successful analysis of a crash dump requires a good background in Windows internals and data structures.
But it also lends itself to a rigorous, methodical approach. Crash analysis is a skill that can be taught and
learned. And that's precisely what we do in this intensive 3-day lecture seminar.
Note: Materials updated through Windows Vista.
The seminar consists of fast-paced lecture sessions, and with time available for questions and answers. For students who want to be able to immediately put what
they learn into practice, a complete set of lab exercises including crash dumps, assignments, and solutions are provided to take home.
Important note: No registrations will be allowed the day of the seminar. You must pre-register to attend.
|
|
Target Audience
|
This seminar is intended for driver developers who need to understand how to set up for, use, and analyze
OS crash dumps. Support personnel who need to know how to debug Windows system crashes in the lab or at customer
sites, in situ or post mortem.
|
Prerequisites
|
This is an intermediate-level seminar offering for active practitioners. This is not a class for beginners.
All attendees are expected to understand operating system concepts in general, and the basic concepts of the
Windows operating system.
|
|
Seminar Outline
(Outline is subject to change without notice)
|
1. Principles of Debugging
Debugging is something we do in everyday life - it is
nothing more than problem solving, working to "figure it out". The techniques
we use with other aspects of life also apply to debugging with Computer Systems.
We look at the fundamental precepts as well as the specific environment in which
we will be operating.
2. Introduction to WinDBG
WinDBG is the Windows debugger, used primarily for kernel
mode debugging although it also can be used to debug applications. This initial
section describes the basics of the tool and provides some focused discussions on
how to use it for kernel debugging. Note: the goal is not to provide a comprehensive
overview of the tool. Students are referred to the WinDBG documentation for a thorough
description of the abilities of this tool.
3. Overview of the x86 Processor
Most of the current "real world" debugging is done based upon x86 platforms.
In this section we discuss some basic characteristics of the processor architecture as well as how
the specific characteristics of the processor architecture are used within Windows, framed in the
context of our interest in debugging.
4. Overview of 64-bit Processors
This section describes the basics of the ia64 and amd64 processor architectures.
Unlike the x86 architecture, their use of the system is far more "structured" and this simplifies
the debugging process.
5. Calling Conventions
One of the most important aspects of debugging is the ability to find the origin of data.
This module describes the commonly used calling conventions (with the primary focus on x86) that are normally
used by the Windows OS compilers. In addition, we will describe the process of structured exception handling
and show code examples of how 'C' code is converted into assembly.
|
|
6. Fault Isolation
Discussion of the process of isolating faults and attempting to find the "root cause".
This is a short section striving to "tie together" the concepts from previous modules as students continue
to hone their debugging skills via "hands on" interactions.
7. Handling Deadlock and Livelock
Defining deadlock and livelock and examining their causes. Discussion of common deadlock causes,
such as file system reentrancy and worker thread exhaustion. Techniques for determining what is causing deadlock are
discussed.
8. Moving Beyond the Debugger
Discussion of kernel debugger extension libraries, how they are used and how they are constructed.
9. Windows Data Structures
This section ties together specific Windows OS data structures together, providing students with a
better understanding of how Windows works and then tying those data structures into the process the debugger uses for
extracting information. The ultimate goal of this discussion is to further ground students so they can further hone
their understanding and skills with the kernel debugger.
Demonstration (based upon time available):
Students are invited to bring their own post-mortem or live system crashes for demonstrative analysis.
If no student crashes are available, the instructor will have some post-mortem crashes to use for further
demonstration.
|
|
Cost
Debug Quick Start
3 days, lecture style (with take home labs)
Cost: For US locations $2150 when paid 4 weeks in advance ($2350 otherwise)
For Foreign locations: $2750 when paid 4 weeks in advance ($2950 otherwise)
OSR also teaches private on-site seminars
all over the world.
As with all of our seminar offerings, our Terms and Conditions and Bottom Line Guarantee apply.
Seminars Outside North America
Please contact OSR at +1.603.595.6500 for seminars held outside
of the United States and Canada. Prices vary by location.
All courses are taught in English. At some international locations,
translation services will be provided. Please contact OSR
for more information.
|
|
|
|
