Defrag Tools: #16 - WinDbg - Driver Verifier
- Posted: Nov 26, 2012 at 9:27 AM
- 46,241 Views
- 5 Comments
Not all Blue Screens of Death are easy to debug! Sometimes, you need to enable extra checking to help catch a buggy device driver. In this episode of Defrag Tools, Chad Beeder and Larry Larsen discuss using Driver Verifier in conjunction with WinDbg to track down a driver which is corrupting kernel mode pool memory.
Debugger commands used:
- !analyze -v
- .trap
- ub
- dp
- dps
- dc
- kv
Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.
Resources:
Windows Internals book tools (including NotMyFault)
Forcing a System Crash from the Keyboard
How to generate a complete crash dump file or a kernel crash dump file by using an NMI on a Windows-based system
Driver Verifier Options
Timeline:
[00:09] - What is Driver Verifier?
[01:54] - Using NotMyFault to cause a buffer overflow
[06:04] - Looking at a buffer overflow dump in WinDbg
[08:10] - What is the .trap command? (see: x64 Register Usage)
[12:45] - First dump was inconclusive. Looking at a second buffer overflow dump.
[15:47] - Memory is corrupted, but how to find out who is corrupting it? Driver Verifier!
[16:55] - Launching and configuring Driver Verifier
[20:20] - Verifier enabled, let's crash the system!
[21:25] - What is special pool?
[22:27] - Looking at the memory dump (captured with Verifier enabled)
[25:13] - Forcing a memory dump of a hung system via keyboard
[28:00] - Forcing a memory dump of a hung system via NMI switch
[31:52] - Advanced/custom Driver Verifier settings
Comments Closed
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation,
please create a new thread in our Forums,
or
Contact Us and let us know.
More episodes in this show
-
Defrag Tools: #15 - WinDbg - Bugchecks (BSOD)
-
Defrag Tools: #16 - WinDbg - Driver Verifier
-
Defrag Tools: #17 - WinDbg - Driver Verifier -…
Follow the Discussion
Oops, something didn't work.
What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.sign up for email notifications?
AppVerifier would seem like a good topic for next week
@JohnLudlow: We are covering the basic commands for about 4 weeks and then will be doing Application Verifier. We thought of doing it straight away but decided to do the foundation stuff first.
@windev: Hi Andrew. That makes sense. WinDbg is not a small topic, so it's good that you're covering it in detail
Thanks & keep up the good work
You can use AutoHotkey to remap keyboard keys if you don't have a scroll lock key, or any others for that matter. Helpful if you don't have an external keyboard handy.
Thanks for the serise of videos on WInDbg and Driver Verifier. I am finding them very useful in my day to day work.
I have doubt regarding driver verifier. If I am developing a WDF driver of File System mini filter driver or a NDIS filter drivers; is it sufficient just to add my driver on the driver verifier?
For example, If have a FS mini filter driver (which I want to test); do I need to put fltmgr.sys(or any other related drivers) in Driver Verifier driver list?
Remove this comment
Remove this thread
close