How to begin debugging

>

I have the debugger setup and when the system crashes I
run ‘analyze -v’
and print the drivers list and try to figure out what
driver caused the problem but where do you go from there?

How do you figure out what instruction actually caused
the crash?
And if it occurs inside ntkernel or similar file how do
you determine the cause?

EC

The answer is: It depends on the failure.

I don’t mean to be trite, but what you are asking is the subject of
several books and countless hours of classes. It is not a question that
anyone can answer in a couple paragraphs in an e-mail.

Now if you want help on a particular failure then some help can be
given. (sending the output of “!analyze -v” would be a decent starting
place for something like that)

For the general question of “how can I debug” all I can do is refer you
to the books, classes and debugger docs.

-----Original Message-----
From: Ed in Calif [mailto:xxxxx@attbi.com]
Sent: Tuesday, April 23, 2002 10:39 PM
To: Kernel Debugging Interest List
Subject: [windbg] How to begin debugging

I have the debugger setup and when the system crashes I
run ‘analyze -v’
and print the drivers list and try to figure out what
driver caused the problem but where do you go from there?

How do you figure out what instruction actually caused
the crash?
And if it occurs inside ntkernel or similar file how do
you determine the cause?

EC


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%

OK - can you recommend any books on it?
i have not found any.

Ed

----- Original Message -----
From: “Nathan Nesbit”
To: “Kernel Debugging Interest List”
Sent: Tuesday, April 23, 2002 11:20 PM
Subject: [windbg] RE: How to begin debugging

The answer is: It depends on the failure.

I don’t mean to be trite, but what you are asking is the subject of
several books and countless hours of classes. It is not a question that
anyone can answer in a couple paragraphs in an e-mail.

Now if you want help on a particular failure then some help can be
given. (sending the output of “!analyze -v” would be a decent starting
place for something like that)

For the general question of “how can I debug” all I can do is refer you
to the books, classes and debugger docs.

-----Original Message-----
From: Ed in Calif [mailto:xxxxx@attbi.com]
Sent: Tuesday, April 23, 2002 10:39 PM
To: Kernel Debugging Interest List
Subject: [windbg] How to begin debugging

>
> I have the debugger setup and when the system crashes I
> run ‘analyze -v’
> and print the drivers list and try to figure out what
> driver caused the problem but where do you go from there?
>
> How do you figure out what instruction actually caused
> the crash?
> And if it occurs inside ntkernel or similar file how do
> you determine the cause?
>
> EC
>
>


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to windbg as: xxxxx@attbi.com
To unsubscribe send a blank email to %%email.unsub%%

Ed,
Are you asking about book titles on debugging in general, or about WinDbg in
particular?
-bill
Bill Christie, Software Engineer
Link Engineering Company
43855 Plymouth Oaks Blvd.
Plymouth, MI 48170
www.linkeng.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Ed in Calif
Sent: Thursday, April 25, 2002 11:52 AM
To: Kernel Debugging Interest List
Subject: [windbg] RE: How to begin debugging

OK - can you recommend any books on it?
i have not found any.

Ed

----- Original Message -----
From: “Nathan Nesbit”
> To: “Kernel Debugging Interest List”
> Sent: Tuesday, April 23, 2002 11:20 PM
> Subject: [windbg] RE: How to begin debugging
>
>
> The answer is: It depends on the failure.
>
> I don’t mean to be trite, but what you are asking is the subject of
> several books and countless hours of classes. It is not a
> question that
> anyone can answer in a couple paragraphs in an e-mail.
>
> Now if you want help on a particular failure then some help can be
> given. (sending the output of “!analyze -v” would be a
> decent starting
> place for something like that)
>
> For the general question of “how can I debug” all I can do is
> refer you
> to the books, classes and debugger docs.
>
>
>
> -----Original Message-----
> From: Ed in Calif [mailto:xxxxx@attbi.com]
> Sent: Tuesday, April 23, 2002 10:39 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] How to begin debugging
>
>
>
>
> >
> > I have the debugger setup and when the system crashes I
> > run ‘analyze -v’
> > and print the drivers list and try to figure out what
> > driver caused the problem but where do you go from there?
> >
> > How do you figure out what instruction actually caused
> > the crash?
> > And if it occurs inside ntkernel or similar file how do
> > you determine the cause?
> >
> > EC
> >
> >
>
>
> —
> You are currently subscribed to windbg as: xxxxx@microsoft.com To
> unsubscribe send a blank email to %%email.unsub%%
>
> —
> You are currently subscribed to windbg as: xxxxx@attbi.com
> To unsubscribe send a blank email to %%email.unsub%%
>
>
> —
> You are currently subscribed to windbg as: xxxxx@linkeng.com
> To unsubscribe send a blank email to %%email.unsub%%
>

If you’re asking about how to debug with WinDBG, check out the docs for
windbg like Nathan suggested. They have lots of good info, including:
“Introduction to debugging”
“Elementary debugging techniques”
“Stack Traces”
“Advanced debugging techniques”

etc…

Bill Christie wrote:

Ed,
Are you asking about book titles on debugging in general, or about WinDbg in
particular?
-bill
Bill Christie, Software Engineer
Link Engineering Company
43855 Plymouth Oaks Blvd.
Plymouth, MI 48170
www.linkeng.com

>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com]On Behalf Of Ed in Calif
>Sent: Thursday, April 25, 2002 11:52 AM
>To: Kernel Debugging Interest List
>Subject: [windbg] RE: How to begin debugging
>
>
>OK - can you recommend any books on it?
>i have not found any.
>
>Ed
>
>----- Original Message -----
>From: “Nathan Nesbit”
>>To: “Kernel Debugging Interest List”
>>Sent: Tuesday, April 23, 2002 11:20 PM
>>Subject: [windbg] RE: How to begin debugging
>>
>>
>>The answer is: It depends on the failure.
>>
>>I don’t mean to be trite, but what you are asking is the subject of
>>several books and countless hours of classes. It is not a
>>question that
>>anyone can answer in a couple paragraphs in an e-mail.
>>
>>Now if you want help on a particular failure then some help can be
>>given. (sending the output of “!analyze -v” would be a
>>decent starting
>>place for something like that)
>>
>>For the general question of “how can I debug” all I can do is
>>refer you
>>to the books, classes and debugger docs.
>>
>>
>>
>>-----Original Message-----
>>From: Ed in Calif [mailto:xxxxx@attbi.com]
>>Sent: Tuesday, April 23, 2002 10:39 PM
>>To: Kernel Debugging Interest List
>>Subject: [windbg] How to begin debugging
>>
>>
>>
>>
>>>I have the debugger setup and when the system crashes I
>>>run ‘analyze -v’
>>>and print the drivers list and try to figure out what
>>>driver caused the problem but where do you go from there?
>>>
>>>How do you figure out what instruction actually caused
>>>the crash?
>>>And if it occurs inside ntkernel or similar file how do
>>>you determine the cause?
>>>
>>>EC
>>>
>>>
>>
>>—
>>You are currently subscribed to windbg as: xxxxx@microsoft.com To
>>unsubscribe send a blank email to %%email.unsub%%
>>
>>—
>>You are currently subscribed to windbg as: xxxxx@attbi.com
>>To unsubscribe send a blank email to %%email.unsub%%
>>
>>
>>—
>>You are currently subscribed to windbg as: xxxxx@linkeng.com
>>To unsubscribe send a blank email to %%email.unsub%%
>>
>
>
>—
>You are currently subscribed to windbg as: xxxxx@stg.com
>To unsubscribe send a blank email to %%email.unsub%%
>

How hard did you look?

Go to Amazon.com and search for “debugging” It finds 100+ books.
Searching for “debugging windows” has 9 hits, including a book called
“Windows 2000 Kernel Debugging” (which I haven’t read & I know is out of
date wrt windbg specifics)

Many books about driver writing include a chapter on debugging.

In my experience debugging is debugging no matter what the language or
platform. So I think there are things to be learned in books about
debugging stuff like user mode apps which can be applied to kernel mode
debugging. So I wouldn’t limit your research to just things that say
“kernel” in the title.

As someone else mentioned. The best place for Windbg specific help is
the windbg docs. Not only are commands documented, but there are some
good guides.

Luck

-----Original Message-----
From: Ed in Calif [mailto:xxxxx@attbi.com]
Sent: Thursday, April 25, 2002 8:52 AM
To: Kernel Debugging Interest List
Subject: [windbg] RE: How to begin debugging

OK - can you recommend any books on it?
i have not found any.

Ed

----- Original Message -----
From: “Nathan Nesbit”
To: “Kernel Debugging Interest List”
Sent: Tuesday, April 23, 2002 11:20 PM
Subject: [windbg] RE: How to begin debugging

The answer is: It depends on the failure.

I don’t mean to be trite, but what you are asking is the subject of
several books and countless hours of classes. It is not a question that
anyone can answer in a couple paragraphs in an e-mail.

Now if you want help on a particular failure then some help can be
given. (sending the output of “!analyze -v” would be a decent starting
place for something like that)

For the general question of “how can I debug” all I can do is refer you
to the books, classes and debugger docs.

-----Original Message-----
From: Ed in Calif [mailto:xxxxx@attbi.com]
Sent: Tuesday, April 23, 2002 10:39 PM
To: Kernel Debugging Interest List
Subject: [windbg] How to begin debugging

>
> I have the debugger setup and when the system crashes I
> run ‘analyze -v’
> and print the drivers list and try to figure out what
> driver caused the problem but where do you go from there?
>
> How do you figure out what instruction actually caused
> the crash?
> And if it occurs inside ntkernel or similar file how do
> you determine the cause?
>
> EC
>
>


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to windbg as: xxxxx@attbi.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%

Thanks, I found a couple of good titles on amazon.

Ed
----- Original Message -----
From: “Nathan Nesbit”
To: “Kernel Debugging Interest List”
Sent: Thursday, April 25, 2002 1:38 PM
Subject: [windbg] RE: How to begin debugging

How hard did you look?

Go to Amazon.com and search for “debugging” It finds 100+ books.
Searching for “debugging windows” has 9 hits, including a book called
“Windows 2000 Kernel Debugging” (which I haven’t read & I know is out of
date wrt windbg specifics)

Many books about driver writing include a chapter on debugging.

In my experience debugging is debugging no matter what the language or
platform. So I think there are things to be learned in books about
debugging stuff like user mode apps which can be applied to kernel mode
debugging. So I wouldn’t limit your research to just things that say
“kernel” in the title.

As someone else mentioned. The best place for Windbg specific help is
the windbg docs. Not only are commands documented, but there are some
good guides.

Luck

-----Original Message-----
From: Ed in Calif [mailto:xxxxx@attbi.com]
Sent: Thursday, April 25, 2002 8:52 AM
To: Kernel Debugging Interest List
Subject: [windbg] RE: How to begin debugging

OK - can you recommend any books on it?
i have not found any.

Ed

----- Original Message -----
From: “Nathan Nesbit”
To: “Kernel Debugging Interest List”
Sent: Tuesday, April 23, 2002 11:20 PM
Subject: [windbg] RE: How to begin debugging

The answer is: It depends on the failure.

I don’t mean to be trite, but what you are asking is the subject of
several books and countless hours of classes. It is not a question that
anyone can answer in a couple paragraphs in an e-mail.

Now if you want help on a particular failure then some help can be
given. (sending the output of “!analyze -v” would be a decent starting
place for something like that)

For the general question of “how can I debug” all I can do is refer you
to the books, classes and debugger docs.

-----Original Message-----
From: Ed in Calif [mailto:xxxxx@attbi.com]
Sent: Tuesday, April 23, 2002 10:39 PM
To: Kernel Debugging Interest List
Subject: [windbg] How to begin debugging

>
> I have the debugger setup and when the system crashes I
> run ‘analyze -v’
> and print the drivers list and try to figure out what
> driver caused the problem but where do you go from there?
>
> How do you figure out what instruction actually caused
> the crash?
> And if it occurs inside ntkernel or similar file how do
> you determine the cause?
>
> EC
>
>


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to windbg as: xxxxx@attbi.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to windbg as: xxxxx@attbi.com
To unsubscribe send a blank email to %%email.unsub%%