Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS4540 Operating System Local/Remote Windows Kernel Debugging Davion Teh | Kelvin Yeap Dillon Burton | Rodney Dulin.

Similar presentations


Presentation on theme: "CS4540 Operating System Local/Remote Windows Kernel Debugging Davion Teh | Kelvin Yeap Dillon Burton | Rodney Dulin."— Presentation transcript:

1 CS4540 Operating System Local/Remote Windows Kernel Debugging Davion Teh | Kelvin Yeap Dillon Burton | Rodney Dulin

2 Local Debugging Not possible to do live local kernel debugging in windows 7 “You can’t dissect yourself while you’re conscious” - True facts

3 LiveKD Local Debugging Gets a “snapshot” dump file of the local kernel memory (does not stop kernel) Debug the “snapshot” dump file with windbg/kd

4

5 Remote Debugging Possible to achieve live kernel debugging (downside - requires 2+ machines) Able to get NEWEST logs from crashes

6 Useful when developing an application running on a web server or client with different environment than the host Significantly shortens time spent to find faults Get to have fun crashing debuggee manually (hint: “.crash”) Remote Debugging -2

7 Breakpoints bp (set breakpoint) Bu (set unresolved breakpoint) Bm (set symbol breakpoint) Bl (list breakpoints) Bc [id] (clear breakpoint)

8 1)Run VM 2)Immediately run the command below: Windbg –b –k com:port=\\.\pipe\,pipe 3)Enter “g” in Windbg (and press enter,thanks) 4)Once window loads, open notmyfault.exe 5)do HighIRQL crash 6)!analyze –v 7) Copy those info (from notmyfault to end)

9 Links related to windbgdebugging us/library/windows/hardware/hh439390(v=vs.85).as px us/library/windows/hardware/hh439387(v=vs.85).as px Windbg standard debugging guide Windbg specialize debugging guide (related to cs4540)


Download ppt "CS4540 Operating System Local/Remote Windows Kernel Debugging Davion Teh | Kelvin Yeap Dillon Burton | Rodney Dulin."

Similar presentations


Ads by Google