SlideShare una empresa de Scribd logo

Windows Crash Dump Analysis

Descargar como PPTX, PDF
Microsoft TechNet - Belgium and Luxembourg
Microsoft TechNet - Belgium and Luxembourg

More info on http://www.techdays.be.

Tecnología
1 de 34
Understanding Windows Crashes Analyzing Windows Crashes Introducing Driver Verifier Performing Manual Analysis Advanced Debugging Techniques
7 years working at Microsoft 3 years at Digital Equipment Corporation Instructor with David Solomon
Why analyze a Windows crash?
The result of an unhandled exception A device driver detects an unrecoverable condition The result of a hardware failure
KeBugCheckEx, the Windows kernel API is called
Disables all interrupts Freezes all CPUs and notifies any registered drivers Writes a crash dump to disk and restarts
Documented in the Windows Driver Kit Reference included with the Debugging Tools Viewable using the kernel debugger
Small memory dump Kernel memory dump Complete memory dump
Use any one of the Microsoft kernel debuggers Configure the debugger to point to symbols Troubleshoot symbol loading errors with !sym noisy
The debugger performs basic crash analysis The result of executing the !analyze command Can be disabled if desired
Demo
Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
Demo
Useful for identifying code defects in drivers Included as part of the operating system Required for Windows logo certification
Configurable using the Driver Verifier tool Contains standard settings for common defects Support for using a command line interface
Demo
!analyze doesn’t always offer results Several useful commands and techniques Additional manual analysis techniques
Demo
Support for attaching a kernel debugger The system must be started in debugging mode Required for debugging initialization failures
Possible for systems to become unresponsive Instant system lockup Slow grinding to a halt
Using a PS/2 keyboard Using a built in NMI button Using the kernel debugger
Demo
Windows Internals, 5th Edition Memory Dump, Software Trace, Debugging, Malware and Intelligence Analysis Portal Advanced Windows Debugging and Troubleshooting
Windows Crash Dump Analysis

Recomendados

Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Data recovery
Data recoveryData recovery
Data recoveryMir Majid
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifactsn|u - The Open Security Community
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 

Recomendados

Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Data recovery
Data recoveryData recovery
Data recoveryMir Majid
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifactsn|u - The Open Security Community
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testingSanthosh Kumar
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
iOS Forensics
iOS Forensics iOS Forensics
iOS Forensics Tjylen Veselyj
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Encase Forensic
Encase ForensicEncase Forensic
Encase ForensicMegha Sahu
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Cellebrite
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensicDINESH KAMBLE
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensicsPrince Boonlia
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imagerParminderKaurBScHons
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collectionFakrul Alam
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation Damir Delija
 
Windows forensic
Windows forensicWindows forensic
Windows forensicMD SAQUIB KHAN
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
C++ Production Debugging
C++ Production DebuggingC++ Production Debugging
C++ Production DebuggingSasha Goldshtein
 
VS Debugging Tricks
VS Debugging TricksVS Debugging Tricks
VS Debugging TricksSasha Goldshtein
 

Más contenido relacionado

La actualidad más candente

Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testingSanthosh Kumar
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Encase Forensic
Encase ForensicEncase Forensic
Encase ForensicMegha Sahu
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Cellebrite
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collectionFakrul Alam
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation Damir Delija
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 

La actualidad más candente (20)

Android– forensics and security testing
Android– forensics and security testingAndroid– forensics and security testing
Android– forensics and security testing
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
iOS Forensics
iOS Forensics iOS Forensics
iOS Forensics
 
Mac Forensics
Mac ForensicsMac Forensics
Mac Forensics
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Encase Forensic
Encase ForensicEncase Forensic
Encase Forensic
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensic
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensics
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
 
Module 02 ftk imager
Module 02 ftk imagerModule 02 ftk imager
Module 02 ftk imager
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collection
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation
 
Windows forensic
Windows forensicWindows forensic
Windows forensic
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
 

Destacado

Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debuggingchrisortman
 
Who’s afraid of WinDbg
Who’s afraid of WinDbgWho’s afraid of WinDbg
Who’s afraid of WinDbgDror Helper
 
Debugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherDebugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherTamir Dresher
 
Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSSasha Goldshtein
 
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...Shanmuga KS
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbgArno Huetter
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharingJames Hsieh
 
Location Shoot
Location ShootLocation Shoot
Location Shootloousmith
 
02 allocative efficiency
02 allocative efficiency02 allocative efficiency
02 allocative efficiencyTravis Klein
 

Destacado (14)

C++ Production Debugging
C++ Production DebuggingC++ Production Debugging
C++ Production Debugging
 
VS Debugging Tricks
VS Debugging TricksVS Debugging Tricks
VS Debugging Tricks
 
Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debugging
 
Who’s afraid of WinDbg
Who’s afraid of WinDbgWho’s afraid of WinDbg
Who’s afraid of WinDbg
 
Debugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherDebugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir Dresher
 
Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOS
 
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmug...
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbg
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharing
 
Location Shoot
Location ShootLocation Shoot
Location Shoot
 
Discover Great Reasons to move to ConfigMgr 2012 SP1
Discover Great Reasons to move to ConfigMgr 2012 SP1Discover Great Reasons to move to ConfigMgr 2012 SP1
Discover Great Reasons to move to ConfigMgr 2012 SP1
 
02 allocative efficiency
02 allocative efficiency02 allocative efficiency
02 allocative efficiency
 
Trends 2012
Trends 2012Trends 2012
Trends 2012
 
Carmen y. benavides deber
Carmen y. benavides deberCarmen y. benavides deber
Carmen y. benavides deber
 

Similar a Windows Crash Dump Analysis

Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Camilo Alvarez Rivera
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and TechniquesBala Subra
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging TechniquesBala Subra
 
Build your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed MisbahBuild your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed MisbahSAYYED AHAMMED MISBAH
 
Diagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg DebuggerDiagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg DebuggerDmitry Vostokov
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexityasimkadav
 
Advanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copyAdvanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copyBurlacu Sergiu
 
Process control daemon
Process control daemonProcess control daemon
Process control daemonhaish
 
Compilers and interpreters
Compilers and interpretersCompilers and interpreters
Compilers and interpretersRAJU KATHI
 
Software development windows nutshell
Software development windows nutshellSoftware development windows nutshell
Software development windows nutshellHimanshu Pareek
 
3.1 teams and processes
3.1 teams and processes3.1 teams and processes
3.1 teams and processesSayed Ahmed
 
Big Java Chapter 1
Big Java Chapter 1Big Java Chapter 1
Big Java Chapter 1Maria Joslin
 
Guide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGuide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGene Carboni
 
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11blusmurfydot1
 

Similar a Windows Crash Dump Analysis (20)

Memory Dump
Memory DumpMemory Dump
Memory Dump
 
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01Introductiontoasp netwindbgdebugging-100506045407-phpapp01
Introductiontoasp netwindbgdebugging-100506045407-phpapp01
 
Troubleshooting
TroubleshootingTroubleshooting
Troubleshooting
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
 
Windows Debugging and Troubleshooting
Windows Debugging and TroubleshootingWindows Debugging and Troubleshooting
Windows Debugging and Troubleshooting
 
Build your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed MisbahBuild your own pc & trubleshooting by Sayyed Misbah
Build your own pc & trubleshooting by Sayyed Misbah
 
Diagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg DebuggerDiagnosing Application Problems using Microsoft WinDbg Debugger
Diagnosing Application Problems using Microsoft WinDbg Debugger
 
CISY 105 Chapter 1
CISY 105 Chapter 1CISY 105 Chapter 1
CISY 105 Chapter 1
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexity
 
Advanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copyAdvanced driver debugging (13005399) copy
Advanced driver debugging (13005399) copy
 
Process control daemon
Process control daemonProcess control daemon
Process control daemon
 
Compilers and interpreters
Compilers and interpretersCompilers and interpreters
Compilers and interpreters
 
Software development windows nutshell
Software development windows nutshellSoftware development windows nutshell
Software development windows nutshell
 
3.1 teams and processes
3.1 teams and processes3.1 teams and processes
3.1 teams and processes
 
Big Java Chapter 1
Big Java Chapter 1Big Java Chapter 1
Big Java Chapter 1
 
Guide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGuide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System Utilities
 
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
IT109 Microsoft Windows 7 Operating Systems Unit 08 lesson 11
 
Spug pt session2 - debuggingl
Spug pt session2 - debugginglSpug pt session2 - debuggingl
Spug pt session2 - debuggingl
 
Chapter1a
Chapter1aChapter1a
Chapter1a
 

Más de Microsoft TechNet - Belgium and Luxembourg

Más de Microsoft TechNet - Belgium and Luxembourg (20)

Windows 10: all you need to know!
Windows 10: all you need to know!Windows 10: all you need to know!
Windows 10: all you need to know!
 
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de KeukelaereConfiguration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
 
Windows 8.1 a closer look
Windows 8.1 a closer lookWindows 8.1 a closer look
Windows 8.1 a closer look
 
So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
Deploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr ClientsDeploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr Clients
 
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
 
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware UpdatingHands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
 
Jump start your application monitoring with APM
Jump start your application monitoring with APMJump start your application monitoring with APM
Jump start your application monitoring with APM
 
What’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent ChatWhat’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent Chat
 
What's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & DevicesWhat's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & Devices
 
Office 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and managementOffice 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and management
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options
 
SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options
 
The application model in real life
The application model in real lifeThe application model in real life
The application model in real life
 
Microsoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solutionMicrosoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solution
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management
 
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
 

Último

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 

Último (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 

Windows Crash Dump Analysis

  • 1.
  • 2. Understanding Windows Crashes Analyzing Windows Crashes Introducing Driver Verifier Performing Manual Analysis Advanced Debugging Techniques
  • 3. 7 years working at Microsoft 3 years at Digital Equipment Corporation Instructor with David Solomon
  • 5.
  • 6. The result of an unhandled exception A device driver detects an unrecoverable condition The result of a hardware failure
  • 7.
  • 8. KeBugCheckEx, the Windows kernel API is called
  • 9. Disables all interrupts Freezes all CPUs and notifies any registered drivers Writes a crash dump to disk and restarts
  • 10.
  • 11.
  • 12. Documented in the Windows Driver Kit Reference included with the Debugging Tools Viewable using the kernel debugger
  • 13. Small memory dump Kernel memory dump Complete memory dump
  • 14.
  • 15. Use any one of the Microsoft kernel debuggers Configure the debugger to point to symbols Troubleshoot symbol loading errors with !sym noisy
  • 16. The debugger performs basic crash analysis The result of executing the !analyze command Can be disabled if desired
  • 17. Demo
  • 18. Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
  • 19. Registers, small areas of extremely fast storage Usually measured by the number of bits they hold x86 architecture provides 16 basic program registers x64 adds an additional 8 general–purpose registers
  • 20. Demo
  • 21.
  • 22. Useful for identifying code defects in drivers Included as part of the operating system Required for Windows logo certification
  • 23. Configurable using the Driver Verifier tool Contains standard settings for common defects Support for using a command line interface
  • 24. Demo
  • 25.
  • 26. !analyze doesn’t always offer results Several useful commands and techniques Additional manual analysis techniques
  • 27. Demo
  • 28.
  • 29. Support for attaching a kernel debugger The system must be started in debugging mode Required for debugging initialization failures
  • 30. Possible for systems to become unresponsive Instant system lockup Slow grinding to a halt
  • 31. Using a PS/2 keyboard Using a built in NMI button Using the kernel debugger
  • 32. Demo
  • 33. Windows Internals, 5th Edition Memory Dump, Software Trace, Debugging, Malware and Intelligence Analysis Portal Advanced Windows Debugging and Troubleshooting