Learn to use the Windows debugging tools, event logs, and other tools to isolate the causes of operating system crashes, system hangs, and application failures.

Level

Intermediate

Audience

Applications developers; systems software developers; device driver developers; system administrators; system integrators; hardware OEMs; I.T. support personnel

Description

This seminar presents the Windows XP/2000/NT operating system from the point of view of problem analysis. We review key operating system principles, and then present a number of problem scenarios – some “something isn’t working,” some “things aren’t working fast enough,” and some “the system is crashing” – and show how to use the various monitoring and debugging tools to isolate and solve the problems. Please note that crash dump (“blue screen”) analysis is included but is by no means our only topic!
 

Topics

• Setting up the debugging environment

• Types of system failures

• Detecting and analyzing "leaks"

• Analysis of typical and other stop codes

• Understanding stack backtraces and disassembly code

• Types of system failures

• Analyzing memory dumps and system "hangs"

• Interpreting call sequences

• Using the live kernel debugger

Prerequisites

Attendees must have attended one of our Windows Internals seminars (INT150, DRV150, or INT201), or have equivalent experience.

Windows versions

Windows Vista, Server 2003, Windows XP, Windows 2000

Duration and formats

3 days with labs
1 days lecture only "short course" (INT212)

Labs

We strongly recommend the hands-on labs version of this seminar. As in all of our seminars, we have carefully designed a series of demonstrations and lab problems that complement the lecture material. We use a variety of memory dump files and other problem scenarios – some involving deliberately created failures, and others from real systems with actual bugs in real, shipping code – each designed or selected to illustrate the use and applicability of a particular analysis technique. After each lab period, we will lead a walkthrough and discussion of at least one approach to the problem given. By the end of this seminar, you’ll have seen and solved failures of each of the most common types. At the conclusion of the seminar you will receive copies of the example problem files, together with highly detailed walkthroughs of the analyses of each. If your schedule doesn't permit the inclusion of labs, you will of course still receive these materials. 

Short formats

1 day lecture only (INT212, Windows Debugging and Troubleshooting Essentials)

This short version focuses solely on memory dump analysis. We cover only the material that is the most difficult to learn on one's own and which has the greatest reward for the time spent in the seminar. Suggested reading and exercises are provided so that the attendees can pursue further study on their own schedule. This format is not recommended if this will be the attendees’ first exposure to debugging!