Windows 2000 Kernel Debugging

Overview

The start-to-finish tutorial and reference for Windows 2000 kernel debugging!

  • The expert guide to Windows 2000 kernel debugging and crash dump analysis
  • Interpreting...
See more details below
Available through our Marketplace sellers.
Other sellers (Hardcover)
  • All (8) from $2.85   
  • New (2) from $59.45   
  • Used (6) from $2.85   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$59.45
Seller since 2014

Feedback rating:

(298)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
Brand New Item.

Ships from: Chatham, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$65.00
Seller since 2014

Feedback rating:

(185)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Sending request ...

Overview

The start-to-finish tutorial and reference for Windows 2000 kernel debugging!

  • The expert guide to Windows 2000 kernel debugging and crash dump analysis
  • Interpreting Windows 2000 stop screens—in depth!
  • Making the most of WinDbg and KD
  • Debugging hardware: ports, BIOS, PCI and SCSI buses, and chipsets
  • Advanced coverage: remote debugging, Debugging Extensions, Driver Verifier, and more
  • Step-by-step crash dump analysis and kernel debugging
  • How to interpret every element of a Windows 2000 stop screen
  • Using WinDbg: configuring options, symbol paths, DLLs, and more
  • Debugging hardware: ports, BIOS, PCI and SCSI buses, chipsets, and more
  • Configuring local and remote kernel debugging environments
  • Includes extensive code samples

This comprehensive guide to Windows 2000 kernel debugging will be invaluable to anyone who must analyze and prevent Windows 2000 system crashes—especially device driver authors and debuggers. Renowned kernel debugging expert Steven McDowell covers every aspect of kernel debugging and crash dump analysis—including advanced hardware debugging and other techniques barely addressed in Microsoft's documentation.

Discover what Microsoft's WinDbg debugger can (and can't) do for you, and how to configure both local and remote kernel debugging environments. Learn to use Windows 2000's crash dump feature, step by step. Learn how to start and stop errant drivers, pause target systems, retrieve system and driver state, and step through source code using breakpoints and source-level debugging.

McDowell demonstratestechniques for taking control of target systems, including finding "lost" memory blocks, setting process and thread contexts, and reviewing I/O system error logs. You'll learn how to use Microsoft's powerful Debugger Extensions to run virtually any command you choose, and master the new Driver Verifier, which can detect common mistakes in driver code with unprecedented speed and accuracy.

Read More Show Less

Editorial Reviews

Booknews
While fifteen years ago, common culture had little idea of what a computer crash was, it has now become a subject of commiseration for most people in most workplaces. This book is for anybody who has to analyze and prevent Windows 2000 crashes, especially device drive authors and debuggers. It takes readers, step-by-step, through crash dump analysis and kernel debugging, including how to interpret every element of a Windows 2000 stop screen. WinDbg, configuring options, symbol paths, and DLLs are explained, as is the debugging hardware such as ports, BIOS, PCI and SCSI buses, chipsets and more. Contains some illustrations and many code samples to allow the advanced user to diagnose, and hopefully repair, the cause of the crash. Annotation c. Book News, Inc., Portland, OR (booknews.com)
Read More Show Less

Product Details

Read an Excerpt

PREFACE:

Audience

There are two primary audiences for this material: support persons and device driver developers. Familiarity with the basic architecture of Windows 2000 is assumed. Those sections that discuss device driver debugging also assume knowledge of device drivers and the C programming language. The book is fundamentally about using the Microsoft tools to debug device drivers and perform post-mortem crash dump analysis of kernel-mode failures.

Book Organization

The approach taken here will lead you on a journey from understanding basic Windows 2000 debugging concepts, through the interpretation of the stop screen, to an overview of the tools. Chapter 2 contains all of the information required to set up the debugging environment. Chapter 3 switches gears and examines the Windows 2000 stop screen. Chapter 4 wraps up the introductory material with a tour of the debuggers.

After presenting this information, we'll spend three chapters actually using these tools to do debugging and to examine hardware-specific state. Chapters 5 focuses on using the debugging tools to perform debugging tasks, and Chapter 6 follows a path that examines a target's hardware with the debugger. Chapter 7 will have us momentarily switch gears and talk about extending the debugger with our own custom extensions.

Chapter 8 discusses the interesting and little-understood topic of remote-kernel debugging-that's debugging across a modem line or a network. Chapter 9 builds on the knowledge gleaned from the first eight chapters and talks about applying the techniques to examining memory dump files (as well as everything else you could want to know about dumpfiles and the utilities to examine them). This is followed in Chapter 10 with a discussion of other tools provided by Microsoft to aid those debugging Windows 2000 device drivers. The book is concluded with a chapter devoted to debugging resources.

The appendixes attempt to bring into one place useful information that is normally scattered between header files, knowledge base articles, and the newsgroup archives. Appendix A is a complete reference of the options and commands available in the Microsoft Kernel Debuggers. Appendix B provides a listing of the bug check codes generated by Windows 2000, along with their often-undocumented parameters, and common causes. Appendix C enumerates the NT status codes, simply because they are not referenced in any other available hard-copy documentation, and they're invaluable when reading a stop screen.

A Word about Versions

Microsoft is revising the tools described in this book at an amazing clip, with each revision generally improving on the last. At the same time, prerelease builds of Windows Whistler and related versions of debugging tools are arriving almost weekly at times. Amid this flurry of activity, it is impossible to write a book on a specific version of any one tool. The approach taken here is to capture what is common and most current when discussing the tools and their various features. Except where noted, what is stated about the tools is true across versions. What are ignored are the idiosyncrasies of the specific versions of each of these tools. Once the debugging tools stabilize, as Microsoft heads from Windows 2000 into Windows Whistler and Windows NT 4.0 becomes a memory, it is hoped that this book will be revised to reflect the specifics of the shipping version of the tools and the operating system.

This Book Isn't Endorsed...

Although parties within Microsoft were aware that this book was being written over the past year, it is not endorsed by Microsoft, nor was Microsoft's cooperation solicited or offered during its writing. Likewise, as I wrote the majority of this text, I was a member of the Windows NT Engineering Team at NCR Corporation and the System Software Team at Network Engines. Both NCR and Network Engines kindly encouraged and supported the effort, but no one at either company officially reviewed or endorsed this work. The contents of this book are the responsibility of the author alone. No materials that would be considered confidential or proprietary by any of these companies were used in the preparation of this work.

Book's Web Site

This book has a web site at ...

Read More Show Less

Table of Contents

Preface XV
Audience xv
Book Organization xv
A Word about Versions xvi
This Book Isn't Endorsed... xvi
Book's Web Site xvii
Acknowledgements xvii
1 Introduction 1
Why Debug? 2
When Not to Debug 2
When to Debug 4
Goals for the Debugging Session 5
Summary 6
2 Preparing for Kernel Debugging 7
Debugging Overview 8
Failure Modes 8
Kernel-Mode Failures 8
User-Mode Failures 9
Types of Debugging 9
On-Line Debugging 9
Post-Mortem Debugging 10
Debugging Tools 11
The KD Debugger 11
WinDbg 12
NuMega SoftICE 12
Concepts and Terminology 13
Stop Screen 13
Symbols and Builds 14
Checked Build 15
Free Build 16
Debug Machines 18
Target Computer 18
Host Computer 19
Proxy Computer 20
Preparing the Machines 20
The Physical Connection 20
Target Configuration 21
Preparing the Host 26
Setting Up the Symbol Tree 27
Customizing Symbols 28
Debugger Files 29
Summary 30
3 The Stop Screen 31
Bug Checks 32
Configuring Bug Check Behavior 34
Anatomy of a Stop Screen 38
Port Status Indicators 40
Stop Code Data 41
System Information 42
Loaded Driver List 43
Call Stack 45
Message Area 45
Stop Screen Debugging Strategies 46
Summary 47
4 Overview of WinDbg and KD 49
WinDbg vs. KD 50
Configuring WinDbg 51
The .opt Command 52
Configuring for Kernel Debugging 54
Setting the Symbol Path 56
Configuring KD 57
Startup Environment Variables 58
Navigation Keys 58
A Tour of the WinDbg Windows 60
Understanding the Windows 61
Command Window 61
Watch Window 62
Memory Window 62
Call Stack Window 62
Locals Window 62
Register Window 63
Floating-Point Window 63
Disassembly Window 63
Source Window 64
Using the WinDbg Command Window and KD Prompt 64
Command Types 64
Built-In Commands 65
Dot Commands 66
Debugger Extensions 67
Kernel Debugging Extensions 68
Custom Debugger Extensions 68
Summary 68
5 Kernel Debugging 69
Approaching Debugging 70
Controlling the Target 71
Telling the Debugger to GO 71
Breaking into the Target 72
Stopping from the Debugger 72
The Attention Key Sequence 72
The Dump Switch 72
Verifying the Target's Version 73
Handling WinDbg Hangs 73
Working with Symbols 73
Loading and Verifying 74
Understanding Symbol Formats 75
Kernel Function Prefixes 75
Basic Debugging Procedures 76
Verifying Device Drivers 76
Looking at the Bugcheck Information 78
Examining the Stack 78
What Is a Stack? 78
Trap Frames 80
Finding the Stack with Context and Exception Records 81
Examining Memory 81
Virtual Memory Usage 82
Lookaside Lists 82
Processes and Threads 83
Summary 85
6 Debugging the Hardware 87
Can I Do This with WinDbg/KD? 88
Accessing I/O Ports 88
Reading/Writing Memory-Mapped Registers 89
Working with the PCI Bus 90
Mapping the Bus 90
Drilling into the Device Extension 91
Examining the Devices 92
Looking at HAL Bus Handler Information 93
The MPS Table 94
The !mps Command 95
Version Information 95
Processor Entry Fields 96
Bus Entry Fields 96
I/O APIC Entry Field 97
Interrupt Entry Fields 97
Address Space Mapping Entry Fields 98
Bus Hierarchy Description Entry 98
Compatibility Bus Address Space Modifier Entry 99
Peering into Interrupt Controllers (PIC and APIC) 99
The !apic Command 99
The !pic Command 100
Examining Power Management Structures 101
Power Management Capabilities 101
Power Management Policies 102
Power Management IRPs 102
Examining SCSI Requests 103
Summary 103
7 Working with Memory Dumps 105
Crash Dump Management 106
Setting Crash Dump Policies 106
Enabling Dump File Creation 106
Overwriting Previous Files 107
Kernel Address-Only Dumps 107
Where's the Information? 107
Triggering Dumps: The Dump Switch 107
Enabling Dump Switch Support 108
Where to Get the Dump Switch 108
Validating the Dump File with dumpchk 109
Usage 109
Output 109
Version Information 109
Bug Check Data 110
Exception Information 111
Dump Validation Detail 111
Examining the Dump with dumpexam 113
Usage 114
Output 114
Dump Header 115
Symbol File Loading 116
Loaded Drivers Listing 116
Lock Resources 118
Memory Usage Statistics 118
Error Log 121
Process and Thread Information 121
Per-Processor Information 122
Summary 126
8 Remote Debugging 127
What Is Remote Debugging? 128
Debugging over a Modem 128
Preparing the Target Modem 129
Connecting the Host Debugger 130
Debugging over a Network (or RAS) Link 131
Remote WinDbg 133
Remote KD 134
Remote Dump Analysis 135
Summary 135
9 Debugger Extensions 137
Using Debugger Extensions 138
Loading and Unloading Extensions 138
Implicit Loading 138
Explicit Loading and Unloading 139
Executing Extension Commands 139
Writing a Debugger Extension 140
Requirements of a Debugger Extension 140
WinDbgExtensionDllInitO 141
ExtensionApiVersionO 141
CheckVersionO 142
Declaring Your Commands in the DLL 142
Helper Functions 142
A Sample Debugger Extension 144
Global Variables 144
Initializing the Extension 144
Validating the Version 145
Implementing a Command 146
Summary 147
10 Driver Verifier 149
What Is the Driver Verifier? 149
Detecting Buffer Underruns and Overruns 150
Unmapping Memory before Raising the IRQL 152
Fault Injection to Simulate Low Memory Conditions 152
Pool Tracking to Detect Memory Leaks 152
I/O Verification to Validate IRP Processing 153
Enforcing Read-Only Memory Protection 153
Configuring the Driver Verifier 153
Verifier Stop Codes 155
Driver Verifier Debugger Extension Command 158
Summary 158
11 Debugging Resources 159
Web Sites 160
Microsoft Corporation 160
System Internals 160
Open Systems Research 160
x86.org 161
Intel Corporation 161
Knowledge Base Articles 161
Training 162
Microsoft 163
Open Systems Research 163
USENIX Association 163
Newsgroups and Mailing Lists 163
USENET Newsgroups 163
NTDEV and NTFSD Mailing Lists 164
Books and Newsletters 164
Summary 165
Appendix A WinDbg Reference 167
WinDbg Command Line Options 167
Built-In Commands 168
Dot Commands 180
Built-In Extension Commands 185
Kernel Debugging Extension Commands 187
Appendix B Windows Stop Codes 215
Appendix C Windows Status Codes 261
Index 295
Read More Show Less

Preface

PREFACE:

Audience

There are two primary audiences for this material: support persons and device driver developers. Familiarity with the basic architecture of Windows 2000 is assumed. Those sections that discuss device driver debugging also assume knowledge of device drivers and the C programming language. The book is fundamentally about using the Microsoft tools to debug device drivers and perform post-mortem crash dump analysis of kernel-mode failures.

Book Organization

The approach taken here will lead you on a journey from understanding basic Windows 2000 debugging concepts, through the interpretation of the stop screen, to an overview of the tools. Chapter 2 contains all of the information required to set up the debugging environment. Chapter 3 switches gears and examines the Windows 2000 stop screen. Chapter 4 wraps up the introductory material with a tour of the debuggers.

After presenting this information, we'll spend three chapters actually using these tools to do debugging and to examine hardware-specific state. Chapters 5 focuses on using the debugging tools to perform debugging tasks, and Chapter 6 follows a path that examines a target's hardware with the debugger. Chapter 7 will have us momentarily switch gears and talk about extending the debugger with our own custom extensions.

Chapter 8 discusses the interesting and little-understood topic of remote-kernel debugging-that's debugging across a modem line or a network. Chapter 9 builds on the knowledge gleaned from the first eight chapters and talks about applying the techniques to examining memory dump files (as well as everything else you could want to know aboutdumpfiles and the utilities to examine them). This is followed in Chapter 10 with a discussion of other tools provided by Microsoft to aid those debugging Windows 2000 device drivers. The book is concluded with a chapter devoted to debugging resources.

The appendixes attempt to bring into one place useful information that is normally scattered between header files, knowledge base articles, and the newsgroup archives. Appendix A is a complete reference of the options and commands available in the Microsoft Kernel Debuggers. Appendix B provides a listing of the bug check codes generated by Windows 2000, along with their often-undocumented parameters, and common causes. Appendix C enumerates the NT status codes, simply because they are not referenced in any other available hard-copy documentation, and they're invaluable when reading a stop screen.

A Word about Versions

Microsoft is revising the tools described in this book at an amazing clip, with each revision generally improving on the last. At the same time, prerelease builds of Windows Whistler and related versions of debugging tools are arriving almost weekly at times. Amid this flurry of activity, it is impossible to write a book on a specific version of any one tool. The approach taken here is to capture what is common and most current when discussing the tools and their various features. Except where noted, what is stated about the tools is true across versions. What are ignored are the idiosyncrasies of the specific versions of each of these tools. Once the debugging tools stabilize, as Microsoft heads from Windows 2000 into Windows Whistler and Windows NT 4.0 becomes a memory, it is hoped that this book will be revised to reflect the specifics of the shipping version of the tools and the operating system.

This Book Isn't Endorsed...

Although parties within Microsoft were aware that this book was being written over the past year, it is not endorsed by Microsoft, nor was Microsoft's cooperation solicited or offered during its writing. Likewise, as I wrote the majority of this text, I was a member of the Windows NT Engineering Team at NCR Corporation and the System Software Team at Network Engines. Both NCR and Network Engines kindly encouraged and supported the effort, but no one at either company officially reviewed or endorsed this work. The contents of this book are the responsibility of the author alone. No materials that would be considered confidential or proprietary by any of these companies were used in the preparation of this work.

Book's Web Site

This book has a web site at ...

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)