Defrag Tools: #16 - WinDbg - Driver Verifier | Defrag Tools

EDN Admin

EDN Admin

Well-known member
Joined
Aug 7, 2010
Messages
12,794
Location
In the Machine
Not all Blue Screens of Death are easy to debug! Sometimes, you need to enable extra checking to help catch a buggy device driver. In this episode of Defrag Tools , Chad Beeder and Larry Larsen discuss using Driver Verifier in conjunction with WinDbg to track down a driver which is corrupting kernel mode pool memory. Debugger commands used: !analyze -v .trap ub dp dps dc kv Make sure you watch http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-Building-your-USB-thumbdrive Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution. Resources: http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx Debugging Tools for Windows http://technet.microsoft.com/en-us/sysinternals/bb963901.aspx Windows Internals book tools (including NotMyFault)

http://msdn.microsoft.com/en-us/library/windows/hardware/ff545499(v=vs.85).aspx Forcing a System Crash from the Keyboard

http://support.microsoft.com/kb/927069 How to generate a complete crash dump file or a kernel crash dump file by using an NMI on a Windows-based system

http://msdn.microsoft.com/en-us/library/windows/hardware/ff545470(v=vs.85).aspx Driver Verifier Options <span><span> Timeline: <span><span> http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=00m09s [00:09] - What is Driver Verifier?
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=01m54s [01:54] - Using NotMyFault to cause a buffer overflow
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=06m04s [06:04] - Looking at a buffer overflow dump in WinDbg
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=08m10s [08:10] - What is the .trap command? (see: http://msdn.microsoft.com/en-us/library/9z1stfyw.aspx x64 Register Usage )
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=12m45s [12:45] - First dump was inconclusive. Looking at a second buffer overflow dump.
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=15m47s [15:47] - Memory is corrupted, but how to find out who is corrupting it? Driver Verifier!
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=16m55s [16:55] - Launching and configuring Driver Verifier
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=20m20s [20:20] - Verifier enabled, lets crash the system!
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=21m25s [21:25] - What is special pool?
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=22m27s [22:27] - Looking at the memory dump (captured with Verifier enabled)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=25m13s [25:13] - Forcing a memory dump of a hung system via keyboard
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=28m00s [28:00] - Forcing a memory dump of a hung system via NMI switch
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-16-WinDbg-Driver-Verifier#time=31m52s [31:52] - Advanced/custom Driver Verifier settings <img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:933b000b97cb4406a707a0f2014dc839

View the full article
 
You must log in or register to reply here.
Back
Top