Overview
Dive into the world of Windows kernel mode debugging with this 32-minute conference talk from BSidesSF 2018. Explore the practical science of debugging, focusing on its crucial role in creating secure software and understanding operating system internals. Learn about the importance of kernel debugging for efficiency, root cause analysis, and crafting more secure software. Gain insights into approaching different software issues, identifying appropriate commands and tools, and understanding the internal workings of operating systems. Discover how to collect BSOD dumps, configure Live Kernel Debugging with VMware, and tackle various software problems including CPU issues, deadlocks, and blue screens. Suitable for those with an introductory C programming background and general understanding of operating systems, this talk aims to encourage exploration of kernel debugging as a core component of resilient security.
Syllabus
Introduction
Agenda
Symbols
Symbol Server
First Bluescreen
Windbg
Source code
How to collect BSOD dumps
How to configure Life Kernel Debugging with VMware
General approach to software problems
CPU problem
Snapshot
Example
Looping
Code Location
Fixing is not Universal
deadlock
costax
sample code
get lock information
match source code location
fix for developer
blue screen
bug check
kernel
hack
conclusion
Taught by
Security BSides San Francisco