Table of Contents Contents                                                                                                                                          





About the Authors.



Part I Introduction


1. Introduction to the Tools

    [Mario Hewardt]
      Introduces the tools used throughout the book including basic usage
      scenarios and download locations. The following tools are covered:


    Debugging Tools for Windows

    Microsoft Application Verifier

    Global Flags

    Process Explorer

    Windows DDK


    Debug Diagnostics


2. Introduction to the Debuggers

    [Daniel Pravat] 

Introduces the fundamentals of the Windows Debuggers including coverage of the different types of debuggers (user mode vs. kernel mode), debugger setup, symbols, crash dumps and much more. The second part of the chapter details the basic and most commonly used debugger commands.



3. Debugger Uncovered

    [Daniel Pravat]  

Chapter 3 continues the examination of the debuggers in greater detail. Coverage includes topics such as the inner workings of a debugger (miniature debugger implementation) and a detailed description of the exceptions dispatching mechanism.


4. Managing Symbols and Sources

    [Daniel Pravat]  

Without proper symbols debugging is a very hard and sometimes impossible proposition. This chapter covers the important topic of symbol and source management. Topics such as creating private and public symbol packages, setting up a symbol and source server are covered in detail.



Part II Applied Debugging


5. Memory Corruptions Part I: Stacks

    [Mario Hewardt]  

Corrupting the stack is a common programming mistake that can be extremely difficult to debug. Without the proper knowledge of how Windows manages thread stacks as well as the tools available to make debugging stack problems easier developers can spend countless hours navigating a stack corruption. The chapter begins with an overview of Windows stack management followed by a set of scenarios that illustrate common stack problems and how to debug them.



6. Memory Corruptions Part II: Heaps

    [Mario Hewardt]  

This chapter continues the study of memory corruptions and focuses on heap related corruptions. The chapter begins with a detailed discussion of the Windows Heap Manager and covers topics such as the front end allocator, back end allocator, look aside lists and free lists. Several scenarios are also included and serve to illustrate some of the most common forms of heap corruptions. A detailed root cause analysis using the debuggers and tools is also included for each scenario.


7. Security

    [Daniel Pravat]  

Every so often a developer is faced with an ACCESS DENIED error code without any clues as to why the error was returned. The task of navigating complex security and access denied problems is a covered in this chapter. The primary focus of this chapter is on the Windows native security model and covers the access control constructs available as well as how the debuggers can be used to maximize efficiency when analyzing security problems.


8. Interprocess Communication

    [Daniel Pravat]  

Processes typically dont live in isolation rather rely on auxiliary processes to complete processing. This chapter details the intricacies of debugging across processes using RPC. Topics covered include identity tracking (who is calling what), RPC debugger commands and extensions as well as an explanation of a powerful freeware tool called Ethereal that can be used to track interprocess calls that cross machine boundaries.


9. Resource Leaks

    [Mario Hewardt]  

Resource leaks are common programming mistakes that can wreak havoc in your application. This chapter studies the most common form of resource leaks (such as memory and handle leaks) and shows how the debuggers and associated tools can be utilized when tracking down resource leaks.


10. Synchronization

      [Mario Hewardt]  

A multithreaded environment allows for a great amount of flexibility and efficiency. With this flexibility comes a lot of complexity in the form of thread management. Threads must be made to properly work in tandem without interfering with each other. This chapter introduces the synchronization primitives available in Windows and discusses how the debuggers and tools can be used to debug common thread synchronization problems. Scenarios such as deadlocks, lock contention (lock convoys), indirect deadlocks (such as loader lock) and management of critical sections are discussed in detail.



Part III Advanced Topics


11. Writing Custom Debugger Extensions

      [Mario Hewardt]  

Even though the debuggers include a ton of powerful commands out of the box it is sometimes necessary to extend the core functionality. This can be achieved by writing your own debugger extensions. This provides an in depth discussion of how to develop a custom debugger extension. It will guide you through the overall extensibility mechanism and includes a step by step guide on how to implement a sample debugger extension.


12. 64bit Debugging

      [Daniel Pravat]  

With the advent of 64bit architectures, the need to understand how these architectures work and how they can be debugged is critical. This chapter outlines the fundamentals of 64bit debugging. The chapter looks at each topic discussed in the book and details the various differences between 32 and 64 bit debugging. The primary architecture covered is the x64 architecture.


13. Postmortem Debugging

      [Mario Hewardt]  

Quite often, its not feasible to expect to have full access to a failing machine so that a problem can be debugged. Bugs that surface on production machines on customer sites are rarely available for debugging. This chapter outlines the mechanisms available for debugging a problem without access to the physical machine. Topics discussed include the basics of crash dumps, generating crash dumps, analyzing crash dumps, signing up for Windows Error Reporting and using Corporate Error Reporting to maximize postmortem debugging efficiency.


14. Power Tools

       [Mario Hewardt]  

This chapter discusses two extremely important tools that can automate much of the debugging process. The DebugDiag is a powerful tool that can help analyze resource leaks, crashes and hangs. It is scripting enabled and allows for a powerful extension model. The second tool discussed is the analyze debugger command which performs a preliminary analysis of the process in question and can automate a lot of the investigative work typically done on a failing process.


15. Windows Vista Fundamentals

      [Mario Hewardt/Daniel Pravat]  

Windows Vista introduces a slew of new features and many of those new features come in the form of kernel enhancements. This chapter gives an overview of the most important changes such as the low fragmentation heap, new interprocess communication, new security model and much more.



Copyright Mario Hewardt marioh@advancedwindowsdebugging.com  
and Daniel Pravat




Home | Authors | Table of Contents | Sample Chapter | Reviews | Endorsements | Errata | Downloads | Contact Us

Copyright Advanced Windows Debugging. | designed by A. Hewardt @ Easy Web Launch