I’ve been exchanging e-mails with Mario Hewardt and Daniel Pravat, authors of the upcoming debugging book “Advanced Windows Debugging”.
I must tell you: this post is to share my excitement with this book!
The book covers everything you can imagine regarding native debugging!
Take a look at the table of contents:
Part I – Introduction
1. Introduction to the Tools Introduces the tools used throughout the book including basic usage scenarios and download locations. The following tools are covered:
< Diagnosis>Debugging Tools for Windows UMDH
Microsoft Application Verifier
2. Introduction to the Debuggers
Introduces the fundamentals of the Windows Debuggers including coverage of the different types of debuggers (user mode vs. kernel mode), debugger setup, symbols, crash dumps and much more. The second part of the chapter details the basic and most commonly used debugger commands.
3. Debugger Uncovered
Chapter 3 continues the examination of the debuggers in greater detail. Coverage includes topics such as the inner workings of a debugger (miniature debugger implementation) and a detailed description of the exceptions dispatching mechanism.
4. Managing Symbols and Sources
Without proper symbols debugging is a very hard and sometimes impossible proposition. This chapter covers the important topic of symbol and source management. Topics such as creating private and public symbol packages, setting up a symbol and source server are covered in detail.
Part II – Applied Debugging
5. Memory Corruptions Part I: Stacks
Corrupting the stack is a common programming mistake that can be extremely difficult to debug. Without the proper knowledge of how Windows manages thread stacks as well as the tools available to make debugging stack problems easier developers can spend countless hours navigating a stack corruption. The chapter begins with an overview of Windows stack management followed by a set of scenarios that illustrate common stack problems and how to debug them.
6. Memory Corruptions Part II: Heaps
This chapter continues the study of memory corruptions and focuses on heap related corruptions. The chapter begins with a detailed discussion of the Windows Heap Manager and covers topics such as the front end allocator, back end allocator, look aside lists and free lists. Several scenarios are also included and serve to illustrate some of the most common forms of heap corruptions. A detailed root cause analysis using the debuggers and tools is also included for each scenario.
Every so often a developer is faced with an ACCESS DENIED error code without any clues as to why the error was returned. The task of navigating complex security and access denied problems is a covered in this chapter. The primary focus of this chapter is on the Windows native security model and covers the access control constructs available as well as how the debuggers can be used to maximize efficiency when analyzing security problems.
8. Interprocess Communication
Processes typically don’t live in isolation rather rely on auxiliary processes to complete processing. This chapter details the intricacies of debugging across processes using RPC. Topics covered include identity tracking (who is calling what), RPC debugger commands and extensions as well as an explanation of a powerful freeware tool called Ethereal that can be used to track interprocess calls that cross machine boundaries.
9. Resource Leaks
Resource leaks are common programming mistakes that can wreak havoc in your application. This chapter studies the most common form of resource leaks (such as memory and handle leaks) and shows how the debuggers and associated tools can be utilized when tracking down resource leaks.
A multithreaded environment allows for a great amount of flexibility and efficiency. With this flexibility comes a lot of complexity in the form of thread management. Threads must be made to properly work in tandem without interfering with each other. This chapter introduces the synchronization primitives available in Windows and discusses how the debuggers and tools can be used to debug common thread synchronization problems. Scenarios such as deadlocks, lock contention (lock convoys), indirect deadlocks (such as loader lock) and management of critical sections are discussed in detail.
Part III – Advanced Topics
11. Writing Custom Debugger Extensions
Even though the debuggers include a ton of powerful commands out of the box it is sometimes necessary to extend the core functionality. This can be achieved by writing your own debugger extensions. This provides an in depth discussion of how to develop a custom debugger extension. It will guide you through the overall extensibility mechanism and includes a step by step guide on how to implement a sample debugger extension.
12. 64bit Debugging
With the advent of 64bit architectures, the need to understand how these architectures work and how they can be debugged is critical. This chapter outlines the fundamentals of 64bit debugging. The chapter looks at each topic discussed in the book and details the various differences between 32 and 64 bit debugging. The primary architecture covered is the x64 architecture.
13. Postmortem Debugging
Quite often, it’s not feasible to expect to have full access to a failing machine so that a problem can be debugged. Bugs that surface on production machines on customer sites are rarely available for debugging. This chapter outlines the mechanisms available for debugging a problem without access to the physical machine. Topics discussed include the basics of crash dumps, generating crash dumps, analyzing crash dumps, signing up for Windows Error Reporting and using Corporate Error Reporting to maximize postmortem debugging efficiency.
14. Power Tools
This chapter discusses two extremely important tools that can automate much of the debugging process. The DebugDiag is a powerful tool that can help analyze resource leaks, crashes and hangs. It is scripting enabled and allows for a powerful extension model. The second tool discussed is the analyze debugger command which performs a preliminary analysis of the process in question and can automate a lot of the investigative work typically done on a failing process.
15. Windows Vista Fundamentals
Windows Vista introduces a slew of new features and many of those new features come in the form of kernel enhancements. This chapter gives an overview of the most important changes such as the low fragmentation heap, new interprocess communication, new security model and much more.
If it wasn’t enough to help you understand my excitement, then read this sample chapter that explains how to debug a heap memory corruption.
By the way, if you wish to apply for our Support Escalation Engineer or Escalation Engineer positions, read this book because it will help you during the interviews. J
I’ve already ordered mine and I’m looking forward to having it in my hands!
It’s going to be released on October 26, 2007.
In this article I comment on other debugging books.
See you on next article.