Windows 2000 Kernel Debugging, The start-to-finish tutorial and r

Book Categories

Authors

Preface XV

Audience xv

Book Organization xv

A Word about Versions xvi

This Book Isn't Endorsed... xvi

Book's Web Site xvii

Acknowledgements xvii

1 Introduction 1

Why Debug? 2

When Not to Debug 2

When to Debug 4

Goals for the Debugging Session 5

Summary 6

2 Preparing for Kernel Debugging 7

Debugging Overview 8

Failure Modes 8

Kernel-Mode Failures 8

User-Mode Failures 9

Types of Debugging 9

On-Line Debugging 9

Post-Mortem Debugging 10

Debugging Tools 11

The KD Debugger 11

WinDbg 12

NuMega SoftICE 12

Concepts and Terminology 13

Stop Screen 13

Symbols and Builds 14

Checked Build 15

Free Build 16

Debug Machines 18

Target Computer 18

Host Computer 19

Proxy Computer 20

Preparing the Machines 20

The Physical Connection 20

Target Configuration 21

Preparing the Host 26

Setting Up the Symbol Tree 27

Customizing Symbols 28

Debugger Files 29

Summary 30

3 The Stop Screen 31

Bug Checks 32

Configuring Bug Check Behavior 34

Anatomy of a Stop Screen 38

Port Status Indicators 40

Stop Code Data 41

System Information 42

Loaded Driver List 43

Call Stack 45

Message Area 45

Stop Screen Debugging Strategies 46

Summary 47

4 Overview of WinDbg and KD 49

WinDbg vs. KD 50

Configuring WinDbg 51

The .opt Command 52

Configuring for Kernel Debugging 54

Setting the Symbol Path 56

Configuring KD 57

Startup Environment Variables 58

Navigation Keys 58

A Tour of the WinDbg Windows 60

Understanding the Windows 61

Command Window 61

Watch Window 62

Memory Window 62

Call Stack Window 62

Locals Window 62

Register Window 63

Floating-Point Window 63

Disassembly Window 63

Source Window 64

Using the WinDbg Command Window and KD Prompt 64

Command Types 64

Built-In Commands 65

Dot Commands 66

Debugger Extensions 67

Kernel Debugging Extensions 68

Custom Debugger Extensions 68

Summary 68

5 Kernel Debugging 69

Approaching Debugging 70

Controlling the Target 71

Telling the Debugger to GO 71

Breaking into the Target 72

Stopping from the Debugger 72

The Attention Key Sequence 72

The Dump Switch 72

Verifying the Target's Version 73

Handling WinDbg Hangs 73

Working with Symbols 73

Loading and Verifying 74

Understanding Symbol Formats 75

Kernel Function Prefixes 75

Basic Debugging Procedures 76

Verifying Device Drivers 76

Looking at the Bugcheck Information 78

Examining the Stack 78

What Is a Stack? 78

Trap Frames 80

Finding the Stack with Context and Exception Records 81

Examining Memory 81

Virtual Memory Usage 82

Lookaside Lists 82

Processes and Threads 83

Summary 85

6 Debugging the Hardware 87

Can I Do This with WinDbg/KD? 88

Accessing I/O Ports 88

Reading/Writing Memory-Mapped Registers 89

Working with the PCI Bus 90

Mapping the Bus 90

Drilling into the Device Extension 91

Examining the Devices 92

Looking at HAL Bus Handler Information 93

The MPS Table 94

The !mps Command 95

Version Information 95

Processor Entry Fields 96

Bus Entry Fields 96

I/O APIC Entry Field 97

Interrupt Entry Fields 97

Address Space Mapping Entry Fields 98

Bus Hierarchy Description Entry 98

Compatibility Bus Address Space Modifier Entry 99

Peering into Interrupt Controllers (PIC and APIC) 99

The !apic Command 99

The !pic Command 100

Examining Power Management Structures 101

Power Management Capabilities 101

Power Management Policies 102

Power Management IRPs 102

Examining SCSI Requests 103

Summary 103

7 Working with Memory Dumps 105

Crash Dump Management 106

Setting Crash Dump Policies 106

Enabling Dump File Creation 106

Overwriting Previous Files 107

Kernel Address-Only Dumps 107

Where's the Information? 107

Triggering Dumps: The Dump Switch 107

Enabling Dump Switch Support 108

Where to Get the Dump Switch 108

Validating the Dump File with dumpchk 109

Usage 109

Output 109

Version Information 109

Bug Check Data 110

Exception Information 111

Dump Validation Detail 111

Examining the Dump with dumpexam 113

Usage 114

Output 114

Dump Header 115

Symbol File Loading 116

Loaded Drivers Listing 116

Lock Resources 118

Memory Usage Statistics 118

Error Log 121

Process and Thread Information 121

Per-Processor Information 122

Summary 126

8 Remote Debugging 127

What Is Remote Debugging? 128

Debugging over a Modem 128

Preparing the Target Modem 129

Connecting the Host Debugger 130

Debugging over a Network (or RAS) Link 131

Remote WinDbg 133

Remote KD 134

Remote Dump Analysis 135

Summary 135

9 Debugger Extensions 137

Using Debugger Extensions 138

Loading and Unloading Extensions 138

Implicit Loading 138

Explicit Loading and Unloading 139

Executing Extension Commands 139

Writing a Debugger Extension 140

Requirements of a Debugger Extension 140

WinDbgExtensionDllInitO 141

ExtensionApiVersionO 141

CheckVersionO 142

Declaring Your Commands in the DLL 142

Helper Functions 142

A Sample Debugger Extension 144

Global Variables 144

Initializing the Extension 144

Validating the Version 145

Implementing a Command 146

Summary 147

10 Driver Verifier 149

What Is the Driver Verifier? 149

Detecting Buffer Underruns and Overruns 150

Unmapping Memory before Raising the IRQL 152

Fault Injection to Simulate Low Memory Conditions 152

Pool Tracking to Detect Memory Leaks 152

I/O Verification to Validate IRP Processing 153

Enforcing Read-Only Memory Protection 153

Configuring the Driver Verifier 153

Verifier Stop Codes 155

Driver Verifier Debugger Extension Command 158

Summary 158

11 Debugging Resources 159

Web Sites 160

Microsoft Corporation 160

System Internals 160

Open Systems Research 160

x86.org 161

Intel Corporation 161

Knowledge Base Articles 161

Training 162

Microsoft 163

Open Systems Research 163

USENIX Association 163

Newsgroups and Mailing Lists 163

USENET Newsgroups 163

NTDEV and NTFSD Mailing Lists 164

Books and Newsletters 164

Summary 165

Appendix A WinDbg Reference 167

WinDbg Command Line Options 167

Built-In Commands 168

Dot Commands 180

Built-In Extension Commands 185

Kernel Debugging Extension Commands 187

Appendix B Windows Stop Codes 215

Appendix C Windows Status Codes 261

Index 295

Title: Windows 2000 Kernel Debugging

Manufacturer:

Prentice Hall

Item Number: 9780130406378

Number: 1

Product Description: Windows 2000 Kernel Debugging

Universal Product Code (UPC): 9780130406378

WonderClub Stock Keeping Unit (WSKU): 9780130406378

Rating: 4/5 based on 1 Reviews

Image Location: https://wonderclub.com/images/covers/63/78/9780130406378.jpg

Category: Media >> Books

Weight: 0.200 kg (0.44 lbs)

Width: 7.290 cm (2.87 inches)

Heigh : 9.590 cm (3.78 inches)

Depth: 1.060 cm (0.42 inches)

Date Added: August 25, 2020, Added By: Ross

Date Last Edited: August 25, 2020, Edited By: Ross

Price	Condition	Delivery	Seller	Action
$99.99	Digital	Arrives between Apr 16 - May 16 Login to your account for a direct download. Some files are emailed from Dropbox. Continent $0.00 - World $0.00	WonderClub (9292 total ratings)

Question Concerning Windows 2000 Kernel Debugging

Ask a Question about Windows 2000 Kernel Debugging

No Question found!

Read Reviews for Windows 2000 Kernel Debugging Write review

No review found!

Windows 2000 Kernel Debugging Book

Be the First to Review this Item at Wonderclub

Book Categories

Authors

Prentice Hall

Question Concerning Windows 2000 Kernel Debugging

Read Reviews for Windows 2000 Kernel Debugging Write review

Login

Complaints

Blog

Games

Digital Media

Souls

Obituary

Contact Us

FAQ

You must be logged in to add to Wishlist

This item is in your Wish List

This item is in your Collection

This Item is in Your Inventory

You must be logged in to review the products

	Preface	XV
	Audience	xv
	Book Organization	xv
	A Word about Versions	xvi
	This Book Isn't Endorsed...	xvi
	Book's Web Site	xvii
	Acknowledgements	xvii
1	Introduction	1
	Why Debug?	2
	When Not to Debug	2
	When to Debug	4
	Goals for the Debugging Session	5
	Summary	6
2	Preparing for Kernel Debugging	7
	Debugging Overview	8
	Failure Modes	8
	Kernel-Mode Failures	8
	User-Mode Failures	9
	Types of Debugging	9
	On-Line Debugging	9
	Post-Mortem Debugging	10
	Debugging Tools	11
	The KD Debugger	11
	WinDbg	12
	NuMega SoftICE	12
	Concepts and Terminology	13
	Stop Screen	13
	Symbols and Builds	14
	Checked Build	15
	Free Build	16
	Debug Machines	18
	Target Computer	18
	Host Computer	19
	Proxy Computer	20
	Preparing the Machines	20
	The Physical Connection	20
	Target Configuration	21
	Preparing the Host	26
	Setting Up the Symbol Tree	27
	Customizing Symbols	28
	Debugger Files	29
	Summary	30
3	The Stop Screen	31
	Bug Checks	32
	Configuring Bug Check Behavior	34
	Anatomy of a Stop Screen	38
	Port Status Indicators	40
	Stop Code Data	41
	System Information	42
	Loaded Driver List	43
	Call Stack	45
	Message Area	45
	Stop Screen Debugging Strategies	46
	Summary	47
4	Overview of WinDbg and KD	49
	WinDbg vs. KD	50
	Configuring WinDbg	51
	The .opt Command	52
	Configuring for Kernel Debugging	54
	Setting the Symbol Path	56
	Configuring KD	57
	Startup Environment Variables	58
	Navigation Keys	58
	A Tour of the WinDbg Windows	60
	Understanding the Windows	61
	Command Window	61
	Watch Window	62
	Memory Window	62
	Call Stack Window	62
	Locals Window	62
	Register Window	63
	Floating-Point Window	63
	Disassembly Window	63
	Source Window	64
	Using the WinDbg Command Window and KD Prompt	64
	Command Types	64
	Built-In Commands	65
	Dot Commands	66
	Debugger Extensions	67
	Kernel Debugging Extensions	68
	Custom Debugger Extensions	68
	Summary	68
5	Kernel Debugging	69
	Approaching Debugging	70
	Controlling the Target	71
	Telling the Debugger to GO	71
	Breaking into the Target	72
	Stopping from the Debugger	72
	The Attention Key Sequence	72
	The Dump Switch	72
	Verifying the Target's Version	73
	Handling WinDbg Hangs	73
	Working with Symbols	73
	Loading and Verifying	74
	Understanding Symbol Formats	75
	Kernel Function Prefixes	75
	Basic Debugging Procedures	76
	Verifying Device Drivers	76
	Looking at the Bugcheck Information	78
	Examining the Stack	78
	What Is a Stack?	78
	Trap Frames	80
	Finding the Stack with Context and Exception Records	81
	Examining Memory	81
	Virtual Memory Usage	82
	Lookaside Lists	82
	Processes and Threads	83
	Summary	85
6	Debugging the Hardware	87
	Can I Do This with WinDbg/KD?	88
	Accessing I/O Ports	88
	Reading/Writing Memory-Mapped Registers	89
	Working with the PCI Bus	90
	Mapping the Bus	90
	Drilling into the Device Extension	91
	Examining the Devices	92
	Looking at HAL Bus Handler Information	93
	The MPS Table	94
	The !mps Command	95
	Version Information	95
	Processor Entry Fields	96
	Bus Entry Fields	96
	I/O APIC Entry Field	97
	Interrupt Entry Fields	97
	Address Space Mapping Entry Fields	98
	Bus Hierarchy Description Entry	98
	Compatibility Bus Address Space Modifier Entry	99
	Peering into Interrupt Controllers (PIC and APIC)	99
	The !apic Command	99
	The !pic Command	100
	Examining Power Management Structures	101
	Power Management Capabilities	101
	Power Management Policies	102
	Power Management IRPs	102
	Examining SCSI Requests	103
	Summary	103
7	Working with Memory Dumps	105
	Crash Dump Management	106
	Setting Crash Dump Policies	106
	Enabling Dump File Creation	106
	Overwriting Previous Files	107
	Kernel Address-Only Dumps	107
	Where's the Information?	107
	Triggering Dumps: The Dump Switch	107
	Enabling Dump Switch Support	108
	Where to Get the Dump Switch	108
	Validating the Dump File with dumpchk	109
	Usage	109
	Output	109
	Version Information	109
	Bug Check Data	110
	Exception Information	111
	Dump Validation Detail	111
	Examining the Dump with dumpexam	113
	Usage	114
	Output	114
	Dump Header	115
	Symbol File Loading	116
	Loaded Drivers Listing	116
	Lock Resources	118
	Memory Usage Statistics	118
	Error Log	121
	Process and Thread Information	121
	Per-Processor Information	122
	Summary	126
8	Remote Debugging	127
	What Is Remote Debugging?	128
	Debugging over a Modem	128
	Preparing the Target Modem	129
	Connecting the Host Debugger	130
	Debugging over a Network (or RAS) Link	131
	Remote WinDbg	133
	Remote KD	134
	Remote Dump Analysis	135
	Summary	135
9	Debugger Extensions	137
	Using Debugger Extensions	138
	Loading and Unloading Extensions	138
	Implicit Loading	138
	Explicit Loading and Unloading	139
	Executing Extension Commands	139
	Writing a Debugger Extension	140
	Requirements of a Debugger Extension	140
	WinDbgExtensionDllInitO	141
	ExtensionApiVersionO	141
	CheckVersionO	142
	Declaring Your Commands in the DLL	142
	Helper Functions	142
	A Sample Debugger Extension	144
	Global Variables	144
	Initializing the Extension	144
	Validating the Version	145
	Implementing a Command	146
	Summary	147
10	Driver Verifier	149
	What Is the Driver Verifier?	149
	Detecting Buffer Underruns and Overruns	150
	Unmapping Memory before Raising the IRQL	152
	Fault Injection to Simulate Low Memory Conditions	152
	Pool Tracking to Detect Memory Leaks	152
	I/O Verification to Validate IRP Processing	153
	Enforcing Read-Only Memory Protection	153
	Configuring the Driver Verifier	153
	Verifier Stop Codes	155
	Driver Verifier Debugger Extension Command	158
	Summary	158
11	Debugging Resources	159
	Web Sites	160
	Microsoft Corporation	160
	System Internals	160
	Open Systems Research	160
	x86.org	161
	Intel Corporation	161
	Knowledge Base Articles	161
	Training	162
	Microsoft	163
	Open Systems Research	163
	USENIX Association	163
	Newsgroups and Mailing Lists	163
	USENET Newsgroups	163
	NTDEV and NTFSD Mailing Lists	164
	Books and Newsletters	164
	Summary	165
Appendix A	WinDbg Reference	167
	WinDbg Command Line Options	167
	Built-In Commands	168
	Dot Commands	180
	Built-In Extension Commands	185
	Kernel Debugging Extension Commands	187
Appendix B	Windows Stop Codes	215
Appendix C	Windows Status Codes	261
	Index	295