A short "supplement" to DBG211: Windows Troubleshooting, Performance Optimization, and Crash Dump Analysis covering the details of x64 debugging.

Level

Intermediate

Audience

Applications developers; systems software developers; system administrators; system integrators; hardware OEMs; I.T. support personnel

Description

This seminar is designed for those who have experience analyzing memory dumps for x86 and need need to become equally familiar with the x64 environment. A large number of the features of x64 and of the Windows x64 implementation necessitate changes in both basic and advanced debugging technique. The exception handling mechanisms are very different, so the methods to set the debugger's register context, recover the exception stack, and find “lost stacks” are different as well. In addition, all procedure calls on x64 are "fastcall", with the first four arguments nearly always being passed through registers; they might be saved on the stack but are not necessarily. This makes analysis of the arguments passed to procedures difficult, so it is more important than ever to be able to interpret the assembly language in order to recover argument values and find other clues.

Topics

• Windows x64 implementation details

• Debugger setup considerations

• x64 exception handling

• Debugger register context

• x64 calling conventions

• x64 instruction set; interpreting disassembly code

• Recovering argument values

Prerequisites

This seminar depends on, and does not repeat, the material presented in DBG211: Windows Troubleshooting, Performance Optimization, and Crash Dump Analysis.  Attendees must have attended DBG211 or have equivalent experience analyzing memory dumps under x86. 

Windows versions

This seminar is applicable to all x64 Windows versions from Windows XP through Windows 7.

Duration and formats

2 days with labs
1 day lecture only