|CMB221: Windows Internals, Troubleshooting, and Memory Dump Analysis |
Learn how current Windows operating systems are designed and implemented, then immediately apply that knowledge to isolate the causes of system and application failures.
Applications developers; systems software developers; device driver developers; system administrators; system integrators; hardware OEMs; I.T. support personnel
This seminar is a combination of our Windows Internals and Windows Troubleshooting and Memory Dump Analysis seminars, INT201 and DBG211. We’ve merged the “how it all works” material of the former with the “what to do when it isn’t working” information and lab problems from the latter, forming a single, tightly integrated presentation. We give you a comprehensive “guided tour” of the internal design and implementation of Windows operating systems and, for each key feature, show you how to observe it working, measure it, and optimize it… and when it isn’t working, you’ll know how to find out why, and how to fix it. A significant portion of the time will be spent on system memory dump (“blue screen”) analysis, including how to isolate problems to the component level.
A significant portion of the time will be spent on system memory dump (“blue screen”) analysis, to the extent of isolating problems to the component level.
Tools and terminology
Introduction to the debuggers
System architecture overview
Program execution environment
Kernel mode components: Executive, kernel, and HAL
Environment subsystems and user-to-kernel call implementation
Supporting the Windows GUI; understanding "GUI hangs"
Handles, objects, and security
Kernel mode execution contexts and environment
Kernel mode stacks
Paged and nonpaged pools
Interrupt Request Levels (IRQLs)
Scheduling and waiting; multiprocessor/hyperthreading issues
Identifying CPU-bound tasks
User mode memory management
User mode heaps
Virtual memory implementation
Working set management
Physical memory management
Virtual and physical memory leaks
I/O subsystem and device driver architectures
File system cache
Types of system failures
Analyzing system failures and "hangs"
Interpreting stop codes
Understanding stack traces and disassembly code
Identifying problem components in system crashes
Interpreting call sequences
"Live" kernel and user mode debugging
Experience using, administering, or writing applications or drivers for Windows operating systems.
All current Windows versions
Duration and formats
5 days with labs
4 days with labs for troubleshooting and memory dump analysis only
We strongly recommend the hands-on labs version of this seminar. As in all of our seminars, we have carefully designed a series of demonstrations, lab exercises, and problems that illustrate and build on the information presented. Every key operating system principle is illustrated and demonstrated by one or more “hand on” exercises. In addition, we have a variety of problem scenarios – some involving deliberately created failures; others from real systems with actual bugs in real, shipping drivers – each designed or selected to illustrate the use and applicability of a particular analysis technique. After each lab period, we will lead a walkthrough and discussion of at least one approach to the problem given. By the end of this seminar, you’ll have seen and solved failures of each of the most common types. After the seminar, we will also provide you with a document that gives a detailed walkthrough of the analysis procedures for each problem scenario, and copies of the corresponding example memory dump files, for your further study.
There is no short form of this seminar. If you are interested in a "fast-track" approach to these topics, we suggest one of our one-day internals seminars (INT150, INT151, or DRV150), followed by the one-day version of DBG211.
|If you are a system administrator, application developer, hardware integrator, etc., this seminar is for you! Our focus here is “which component is causing problems" rather than “how can I fix the code." |
On the other hand, if you are primarily interested in debugging device driver source code that you, or others in your organization, write and maintain, please consider DRV211: Windows Driver Debugging and Memory Dump Analysis.