Download this episode
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer.
This installment goes over the commands used to diagnose Semaphores, Mutexes and (Waitable) Timers in a user mode application. For timers, we delve deep in to the kernel to gather more information about them. We use these commands:
- !handle <handle> <mask>
- !object <name>
- !object <addr>
- !timer <addr>
- ub @rip
- dt nt!_KTHREAD <addr>
Make sure you watch Defrag Tools Episode #1 and Defrag Tools Episode #23 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbol and source code resolution.
[02:47] - Demo Apps [SkyDrive]
[03:08] - Semaphores
[09:32] - Mutexes
[15:32] - Waitable Timers
[15:58] - Clock Resolution
[17:05] - Timer Coalescing
[19:45] - Timer demo application
[25:05] - LiveKD makes a kernel dump
[26:37] - Object Manager - !object
[29:40] - DPC Timers - !timer
[35:22] - !timer <addr>
[35:52] - Waiting Threads - !thread <addr> 17
[37:08] - Wait Start TickCount
[38:55] - Kernel Wait Routines
[41:12] - Dump Type of Kernel Thread - dt nt!_KTHREAD <addr>
[42:00] - Running, Ready and Waiting states
[44:54] - Wakable Timers
[47:22] - powercfg.exe /waketimers
[49:18] - 'Century' DPC Timer Routine
[50:43] - Post in the forums and email us at firstname.lastname@example.org!
Available formats for this video:
Actual format may change based on video formats available and browser capability.