Debugging Techniques in Windows
Duration: 3 days

Back to course list Home
Synopsis

In many cases, debugging a program does not involve using a full-fledged debugger - tools such as process monitor can often be successfully used to pinpoint and resolve problems. In some cases, however, a debugger is mandatory. These cases are the ones we cover in this course.

This course is designed for experienced developers wishing to understand the internals of their programs - and what *really* happens after the program is compiled. Going back to basics (assembly) the course focuses on the lowest level of program operations, at the primitive level of the CPU, cache lines and registers. It then focuses on the Microsoft Windows Debugger, WinDBG, demonstrating powerful techniques to trace through and bypass program logic.

Target Audience Windows C and C++ developers who wish to obtain insights into using the Windows Debugging Tools. Reverse-Engineering enthusiasts will also find this course highly useful.
Prerequisites
  • Solid C/C++ development background
  • Familiarity with the Windows (Win32 or Win64) API
  • Recommended: familiarity with x86 or x64 architecture
Objectives
  • Understand the internals of user-mode applications
  • Effectively use profiling tools
  • Effectively use debuggers in the Windows environment
  • Quickly locate common bugs - overflows, memory corruptions, locks and race conditions
  • Quickly and accurately diagnose application crash dumps
  • Quickly and accurately diagnose system crash dumps
  • Provide first-response to Kernel related crashes
Exercises The course is a debugging workshop - specifically, this means that it is mostly hands on, with theory taking up about 40% of the allotted time, with the rest of the time having the participants poring over crash damps, figuring out "who-dun-it" - what caused the crash, and how to fix the bug.
Modules
Day 1
1. The Basics
2 hours
This module, dealing with the basic hardware and software architectures of Intel-compatible x86 and x64, serves as an introduction and sets the baseline for the debugging workshop.
  • Computer Architecture
    • The OS and the CPU
      • Exception handling
        • Traps
          • Interrupt handling
          2. Debugging Tools for Windows
          2 hours
          		This modules covers powerful tools that often spare the need to fire up the full-fledged debugger
          • SysInternals Tools
            • Application Verifier
              • GFlags
                • LeakDiag and LDGraph
                  3. Enter: The Debugger
                  2 hours
                  		This module introduces the Windows Debugger engine - common to WinDBG/NTSD/CDB - and explains the basic concepts, commands and extensions. Comparisons are given to the GNU debugger (GDB), and examples of command and extension usage are given
                  • Comparison with other debuggers (notably gdb)
                    • Managing Symbols
                      • Program Debug Database (.PDB) files
                        • Private and public symbols
                          • The Microsoft symbol servers
                            • Maintaining a symbol server
                            • Basic built-in Commands
                              • Debugger Extensions
                                Day 2
                                4. User Mode Debugging
                                1 day
                                		This module, the core of this course, provides a detailed discussion of Windows User-Mode application debugging. From process birth to demise, the common bugs and complications are analyzed and explained, with hands-on examples.
                                • The Windows Portable Executable (PE) architecture
                                  • The Process address space
                                    • The Stack
                                      • The Heap
                                        • Code, Data, BSS and other segments
                                        • Useful debugger commands and extensions in user mode
                                          • Common bugs, analyzed and explained:
                                            • Buffer overflows - Stack and Heap
                                              • Double free bugs
                                                • Memory leaks
                                                • Multithreaded bugs, analyzed and explained:
                                                  • Resource contention and deadlocks
                                                    • IPC issues
                                                      • Concurrency issues
                                                        • Compiler/CPU optimization induced bugs
                                                        • Debugging crash dumps
                                                          Day 3
                                                          5. Kernel-Mode Debugging
                                                          4 hours
                                                          		Kernel mode faults (BSODs, or "Blue Screens of Death) are amongst the hardest to properly diagnose and debug. This module explains the concepts behind Kernel-Mode debugging - how it differs from User Mode, and how to effectively walk through the Kernel environment and correctly pinpoint the cause of errors and crashes.
                                                          • Reading into the Blue Screen of Death
                                                            • The Kernel crash dump
                                                              • Important Kernel data structures
                                                                • !Analyze
                                                                  6. Scripting and extending the debugger
                                                                  4 hours
                                                                  		This optional module discusses advanced aspects of the Windows Debuggers - including the simple yet powerful scripting language, and the COM API that enables developers to write extensions (! commands) to the debugger
                                                                  • Scripting WinDBG
                                                                    • Creating a Debugger Extension