SlideShare une entreprise Scribd logo

Windows guest debugging presentation from KVM Forum 2012

Yan Vugenfirer
Yan Vugenfirer

This presentation will show how to debug Windows virtual machine running on top of open source hypervisor KVM.

Technologie
1  sur  82
Windows Guest Debugging Yan Vugenfirer, yan@daynix.com Daynix Computing LTD
Agenda Device manager Logging and DebugView Introduction to BSOD Crash dumps Crash on demand Driver verifier WinDbg Installation and configuration Postmortem debugging !ndiskd Configuring guests Live debugging
Device manager
Device Manager Run -> devmgmt.msc Devices and drivers management and installation Scan for HW changes Effective tool to check resource allocations of the devices, drivers versions and different drivers settings.
Device Manager - Views Change the views of device manager Show non PNP devices
Device Manager - Views View -> Devices by connection This view can be used to check buses and devices relations
Device Manager - Views View -> Resources by type Effective to check IRQ sharing On OSes below Vista virtio devices will use legacy PCI interrupts Virtio-serial and ballon use legacy interrupts also on newer OSes.
Device Manager - Views View -> Resources by connection IO and memory address space with relations between buses and the devices
Device Manager - Show non- present devices Show devices drivers that are installed but the device is curently not present in the system Very useful for removing crashing drivers from the system From command line: SET devmgr_show_nonpresent_devices=1 START devmgmt.msc
Device manager - properties Double click on the device Click on “General” tab You can view device location on the bus If the driver is not started you can see the reason in status text-box. For example - no digital signature on x64 OS from Vista and up
Installing self signed drivers Drivers need to be at least self signed starting from Vista x64 bit To enable test signing: Bcdedit.exe –set TESTSIGNING ON Disable test signing Bcdedit.exe –set TESTSIGNING OFF Install test certificate on the guest Reboot needed after enabling and disabling test siging commands More information on test signing: http://msdn.microsoft.com/en-us/library/bb530195.aspx
Device Manager - resources Double click on the device Click on “Resources” tab Shows device resources (IRQs, IO and memory ranges)
Device manager - driver tab Double click on the device Click on “Driver” tab Get driver version View the driver binaries View the versions of driver binaires
Device manager - details Double click on the device Click on “Details” tab A lot of additional details like: PNP ID of the device, PM policy, location of different device keys in registry and etc
VirtIO - NetKVM parameters Advanced tab in device manager Change logging levels Enable packet statistics printout Other parameters starting with “TestOnly” prefix Full list: http://www.linux-kvm.org/ page/ Internals_of_NDIS_driver_for_VirtIO _based_network_adapter#List_of_ configurable_parameters
NetKVM - log levels 0 - Basic configuration and unload trace. Critical errors. 1 - Warnings, corner cases 2 - Network packet trace 3 - More verbose trace of packets 4 - Virtio library, DPC 5 - ISR trace 6 - Registers readwrite.
NetKVM parameters from command line Part of WHQL requirements to supply command line utility for drivers that expose parameters through “advanced” tab readme.doc - supplied with driver package explains the usage. Integrated with “netsh” Windows networking tool To register (before the first use): rundll32 netkvmco.dll,RegisterNetKVMNetShHelper Unregistration (removal) rundll32 netkvmco.dll,UnregisterNetKVMNetShHelper
NetKVM parameters from command line Description Command line Output List devices netsh netkvm show devices Names and index for each device Restart device netsh netkvm restart [idx] Should be done after parameters are changed Show parameters netsh netkvm show parameters [idx] List the names of the parameters Show detailed information about parameter netsh netkvm show paraminfo [idx] [param] Current value of the parameter Change parameter value netsh netkvm setparam [idx] [param] [value]
Debug view and tracing
DebugView Shows debug space of Windows (kind of dmesg). Can extract debug trace from crash dump if it was running before the crash Can log debug trace during boot. Download from - http://technet.microsoft.com/en-us/ sysinternals/bb896647.aspx
DebugView - enable output to debug space To enable debug space outputs from Vista and up: Through registry (using regedit): Add “Default” value of the type DWORD equal to 0xFFFFFFFF under “HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ControlSession ManagerDebug Print Filter” Reboot During live debugging ed nt!Kd_DEFAULT_MASK 0xFFFFFFFF
Debug view - capture kernel Capturing kernel output disabled by default To enable: Capture -> Capture Kernel
Debug view - log boot Run DebugView Enable boot logging Run DebugView after reboot to collect the logs
Debug view - crash dump Run DebugView before crash dump creation After crash and reboot - point DebugView to crash location for processing
Virtio debugging with serial port Uncomment “ENABLE_COM_DEBUG=1” in SOURCES file. Comment out “ENABLE_PRINT_DEBUG” Rebuild the driver On the host side -serial tcp::<port>,server,nowait nc localhost <port>
Blue screens
Bug check System crash called “Bug check” Blue screen Crash dump will be saved Ability to debug the bug check if debugger is connected
Blue screen inside Bug check code Bug check parameters - specific to each bug check Additional information - can be located also below bug check code and parameters Crash dump saving counter
Common bug checks Bug Check 0xA: IRQL_NOT_LESS_OR_EQUAL Bug Check 0x8E: KERNEL_MODE_EXCEPTION_NOT_HANDLED Bug Check 0xD1: DRIVER_IRQL_NOT_LESS_OR_EQUAL Bug Check 0x9F: DRIVER_POWER_STATE_FAILURE Bug Check 0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION Bug check codes reference: http://msdn.microsoft.com/en-us/ library/hh994433(v=vs.85).aspx
Crash dumps
Crash dump creation During blue screen Windows will save crash dump Minidumps are not always useful Also - remove the option to reboot on crash Right click on “My computer” -> “Properties”->”Advanced system settings”->”Startup and Recovery” -> “Settings” Chose “Kernel memory dump” Remove “Automatically restart” The windows on different OSes can be different but the menu names are the same
Crash dump creation
Crash dump locations After the crash search in: %windir%memory.dmp %windir%MinidumpMinidump<timestamp>.dmp When you have Windows error message after reboot - do not close it. Check minidump path and copy it.
Crash dumps From Windows 7 and up - OS will auto-delete large crash dumps To keep crash dumps: Key: HKLMSystemCurrentControlSetControl CrashControl Value: “AlwaysKeepMemoryDump”:DWORD set to 1
Crash dumps on demand Crash Windows on demand to examine driver status Configure through registry: Key: HKEY_LOCAL_MACHINESystem CurrentControlSetServicesi8042prtParameters, Value: CrashOnCtrlScroll, equal to a REG_DWORD value of 0x01 Key: HKEY_LOCAL_MACHINESystem CurrentControlSetServiceskbdhidParameters, value: CrashOnCtrlScroll, equal to a REG_DWORD value of 0x01
Crash dumps on demand Press Ctrl+ScrollLock+ScrollLock You will get MANUALLY_INITIATED_CRASH (0x000000E2) bug check. Read more (also how to redefine the shortcuts): http:// msdn.microsoft.com/en-us/library/ff545499.aspx
Crash dumps on demand (2) Issue NMI from QEMU monitor Setup guest: HKLM/System/CurrentControlSet/Control/CrashControl, DWORD value NMICrashDump 1 Restart Enter QEMU monitor (Alt+Ctrl+2, to go back Alt+Ctrl+1) Issue “NMI” command
Driver verifier
Driver verifier Built-in into OS (substitutes OS functions with own layer). To activate run “verifier.exe” from command line Need a reboot after the settings are changed Effective in finding deadlocks, memory leaks, memory corruptions and incorrect parameters to OS functions.
Driver verifier - activation Run from command line: verifier.exe Select “Create custom settings”
Driver verifier - activation
Driver verifier - activation Change selection to “Select driver names from a list”
Driver verifier - activation Select loaded driver from the list Or select driver from its location on files system After clicking finish - reboot is needed to activate the settings.
Driver verifier - bug checks 0x000000C4 Some can be ignored if debugger is connected Provide additional information for debugging
Driver verifier - current settings Run verifier.exe Click on “Display existing settings” radio button Click on “Next” button
Driver verifier - current settings
Driver verifier - removal Don’t forget to reboot
WinDbg
WinDbg We can examine crash dumps with WinDbg Remote live kernel debugging Limited live kernel debugging using one guest only User mode debugging including remote debugging
Installation Install as part of the WDK http://msdn.microsoft.com/en-US/windows/ hardware/hh852362 Install as part of the SDK http://msdn.microsoft.com/en-US/windows/ hardware/hh852363 Download symbols for different Windows OSes http://msdn.microsoft.com/en-us/windows/ hardware/gg463028
Symbols configuration View OS functions and variable names Set Microsoft symbol server and local paths Set environment variable: “_NT_SYMBOL_PATH” Sample symbol path: C:symbolslocal;SRV*C: symbolswebsymbols*http:// msdl.microsoft.com/ download/symbols
Symbol configuration Another way to set the symbols path is through WinDbg menu File ->”Symbol File Path...” You can instruct WinDbg to reload the symbols Also using windbg command: .reload
Post mortem debugging Run WinDbg.exe Load dump file through: File -> “Open Crash Dump...” Might be slow first time
Loading crash dump Information about loaded symbols OS information Hint to use “!analyze -v” Bug check code and parameters
Magic wand - !analyze -v
!analyze -v First command that you should run (or click) Bug check and its parameters explanation Hints for the next steps and how those parameters can be used for further debugging Module name that probably caused the crash Stack trace
WinDbg - help Help -> Contents Switch to “Index” tab for specific command help
WinDbg - views
WinDbg - Views View To display window From command line Memory Alt+5 d <address> Call stack Alt+6 kb Disassembly Alt+7 u <address> Registers Alt+4 r Watch Alt+2
WinDbg - View memory Menu: View -> Memory Command (different variation of “d”): db <address>
Use case - memory leak with verifier
WinDbg - View disassembly
Windbg - Reference symbols <modulename>!<symbol_name> Example: netkvm!DriverEntry
WinDbg - Reference symbols
Useful command Command Description !scsikd Scsi related commands. Use !scsikd.help to find more .reload Reload symbols lm List loaded modules ~<cpu number> Switch between CPUs. For example ~0 !irpfind Search for IO request packets !irp Display information regarding specific IRP .reboot Restart remote during live debugging
!ndiskd - NDIS debug extensions !ndiskd.ndis Show ndis.sys build information !ndiskd.help Show help !ndiskd.miniports Show NDIS miniports !ndiskd.miniport <addr> Show info about specific mimiport !ndiskd.nbl Show NET_BUFFER_LIST info !ndiskd.oid Show pending OID requests
!ndiskd.miniports
!ndiskd.miniport <miniport handle>
From !ndiskd to NetKVM
Configuring live debugging Host side Run debugget host VM with : “-serial tcp::<port_number>,server,nowait” For example: “-serial tcp::4445,server,nowait” Run target VM with: “-serial tcp: 127.0.0.1:<port_number>”
Configuring live debugging (2) Host side (new format) Run debugget host VM with : “-chardev socket,id=serial0,path=/tmp/debug- serial0,server,nowait -device isa- serial,chardev=serial0,id=serial0 ” Run target VM with: “-chardev socket,id=serial0,path=/tmp/debug-serial0 - device isa-serial,chardev=serial0,id=serial0”
Configuring live debugging Guest side - Windows XP and Windows 2003 Edit c:boot.ini Duplicate the default boot line and add: “/debug /debugport=COM1 /baudrate=115200” Reboot
Configuring live debugging Guest side - Vista and up Use bcdedit.exe bcdedit /dbgsettings SERIAL DEBUGPORT:1 BAUDRATE:115200 bcdedit /debug ON Reboot Read more: http://www.linux-kvm.org/page/ WindowsGuestDrivers/GuestDebugging
WinDbg - Connecting to target VM File -> Kernel Debug... Select previously specified serial port and baud rate
WinDbg - Breaking into target VM Ctrl+C Ctrl+Break Press pause button in the toolbar
WinDbg - break points Command Description bl List breakpoints bp Set breakpoint bu Unresolved breakpoints (will persist between module reloads) ba Breakpoint on access bc Clear breakpoint Read more: http://msdn.microsoft.com/en-us/library/ windows/hardware/ff552204(v=vs.85).aspx
WinDbg - stepping through the code Command Description g Start executing the given process or thread t Trace - executes single instruction or source line p Step - executes single instruction or source line. Subroutines are treated as single step. Check different variation and parameters of the above commands
Saving the dump file Sometimes the system doesn’t save dump file. What to do? Connect WinDbg Use “.dump /f <local_file_name>” to save dump file Wait for it. It will take a long time
Live debugging on same VM File -> Kernel Debug...
More links More on debugging - http://msdn.microsoft.com/en-us/library/windows/hardware/ hh406283(v=vs.85).aspx Use the Microsoft Symbol Server to obtain debug symbol files - http:// support.microsoft.com/kb/311503 Setting break points with WinDbg - http://msdn.microsoft.com/en-us/library/windows/ hardware/ff552204(v=vs.85).aspx Working with source files - http://msdn.microsoft.com/en-us/library/windows/hardware/ ff556911(v=vs.85).aspx Live kernel debugging - http://msdn.microsoft.com/en-us/library/windows/hardware/ hh451166(v=vs.85).aspx Debugging techniques - http://msdn.microsoft.com/en-us/library/windows/hardware/ ff541398(v=vs.85).aspx Enabling NDIS debug tracing - http://msdn.microsoft.com/en-us/library/windows/ hardware/ff542961%28v=vs.85%29.aspx
More tools and links regedit.exe (just in case) Sysinternls tools (home of DbgView) - http:// technet.microsoft.com/en-US/sysinternals Wireshark - http://www.wireshark.org/download.html Extra debugging tools - http://msdn.microsoft.com/en- us/library/windows/hardware/ff543998(v=vs.85).aspx
Q&A

Recommandé

Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...Yan Vugenfirer
 
Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020 Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020 Oracle
 
Oracle GoldenGate and Apache Kafka: A Deep Dive Into Real-Time Data Streaming
Oracle GoldenGate and Apache Kafka: A Deep Dive Into Real-Time Data StreamingOracle GoldenGate and Apache Kafka: A Deep Dive Into Real-Time Data Streaming
Oracle GoldenGate and Apache Kafka: A Deep Dive Into Real-Time Data StreamingMichael Rainey
 
Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?Ludovico Caldara
 
DB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerDB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerAndrejs Vorobjovs
 
Comparison of ACFS and DBFS
Comparison of ACFS and DBFSComparison of ACFS and DBFS
Comparison of ACFS and DBFSDanielHillinger
 
Performance Scenario: Diagnosing and resolving sudden slow down on two node RAC
Performance Scenario: Diagnosing and resolving sudden slow down on two node RACPerformance Scenario: Diagnosing and resolving sudden slow down on two node RAC
Performance Scenario: Diagnosing and resolving sudden slow down on two node RACKristofferson A
 
Weblogic12 c installation guide
Weblogic12 c installation guideWeblogic12 c installation guide
Weblogic12 c installation guideChinni Rajavardhan Reddy
 

Recommandé

Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...
Building “old” Windows drivers (XP, Vista, 2003 and 2008) with Visual Studio ...Yan Vugenfirer
 
Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020 Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020 Oracle
 
Oracle GoldenGate and Apache Kafka: A Deep Dive Into Real-Time Data Streaming
Oracle GoldenGate and Apache Kafka: A Deep Dive Into Real-Time Data StreamingOracle GoldenGate and Apache Kafka: A Deep Dive Into Real-Time Data Streaming
Oracle GoldenGate and Apache Kafka: A Deep Dive Into Real-Time Data StreamingMichael Rainey
 
Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?Ludovico Caldara
 
DB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerDB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerAndrejs Vorobjovs
 
Comparison of ACFS and DBFS
Comparison of ACFS and DBFSComparison of ACFS and DBFS
Comparison of ACFS and DBFSDanielHillinger
 
Performance Scenario: Diagnosing and resolving sudden slow down on two node RAC
Performance Scenario: Diagnosing and resolving sudden slow down on two node RACPerformance Scenario: Diagnosing and resolving sudden slow down on two node RAC
Performance Scenario: Diagnosing and resolving sudden slow down on two node RACKristofferson A
 
Weblogic12 c installation guide
Weblogic12 c installation guideWeblogic12 c installation guide
Weblogic12 c installation guideChinni Rajavardhan Reddy
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitchSim Janghoon
 
OpenStack을 중심으로 한 오픈 소스 & 상용 하이브리드 클라우드
OpenStack을 중심으로 한 오픈 소스 & 상용 하이브리드 클라우드OpenStack을 중심으로 한 오픈 소스 & 상용 하이브리드 클라우드
OpenStack을 중심으로 한 오픈 소스 & 상용 하이브리드 클라우드Ian Choi
 
One PDB to go, please!
One PDB to go, please!One PDB to go, please!
One PDB to go, please!Christian Gohmann
 
Enable GoldenGate Monitoring with OEM 12c/JAgent
Enable GoldenGate Monitoring with OEM 12c/JAgentEnable GoldenGate Monitoring with OEM 12c/JAgent
Enable GoldenGate Monitoring with OEM 12c/JAgentBobby Curtis
 
Oracle API Gateway
Oracle API GatewayOracle API Gateway
Oracle API GatewayRakesh Gujjarlapudi
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckRundeck
 
Brkdct 3101
Brkdct 3101Brkdct 3101
Brkdct 3101Nguyen Van Linh
 
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...Simplilearn
 
[Defcon] Hardware backdooring is practical
[Defcon] Hardware backdooring is practical[Defcon] Hardware backdooring is practical
[Defcon] Hardware backdooring is practicalMoabi.com
 
cisco csr1000v
cisco csr1000vcisco csr1000v
cisco csr1000vMing914298
 
YOW2020 Linux Systems Performance
YOW2020 Linux Systems PerformanceYOW2020 Linux Systems Performance
YOW2020 Linux Systems PerformanceBrendan Gregg
 
Spy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformSpy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformRedge Technologies
 
Improve PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateImprove PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateBobby Curtis
 
Laravel and SOLR
Laravel and SOLRLaravel and SOLR
Laravel and SOLRPeter Steenbergen
 
Oracle High Availabiltity for application developers
Oracle High Availabiltity for application developersOracle High Availabiltity for application developers
Oracle High Availabiltity for application developersAlexander Tokarev
 
Introduction to Oracle Data Guard Broker
Introduction to Oracle Data Guard BrokerIntroduction to Oracle Data Guard Broker
Introduction to Oracle Data Guard BrokerZohar Elkayam
 
Nagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using JenkinsNagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using Jenkinspqrs1234
 
Nginx Reverse Proxy with Kafka.pptx
Nginx Reverse Proxy with Kafka.pptxNginx Reverse Proxy with Kafka.pptx
Nginx Reverse Proxy with Kafka.pptxwonyong hwang
 
Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud Gateway
Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud GatewaySpring IO 2023 - Dynamic OpenAPIs with Spring Cloud Gateway
Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud GatewayIván López Martín
 
Atomicity In Redis: Thomas Hunter
Atomicity In Redis: Thomas HunterAtomicity In Redis: Thomas Hunter
Atomicity In Redis: Thomas HunterRedis Labs
 
VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...
VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...
VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...VMworld
 
WinCE
WinCEWinCE
WinCExonicx
 

Contenu connexe

Tendances

Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitchSim Janghoon
 
OpenStack을 중심으로 한 오픈 소스 & 상용 하이브리드 클라우드
OpenStack을 중심으로 한 오픈 소스 & 상용 하이브리드 클라우드OpenStack을 중심으로 한 오픈 소스 & 상용 하이브리드 클라우드
OpenStack을 중심으로 한 오픈 소스 & 상용 하이브리드 클라우드Ian Choi
 
Enable GoldenGate Monitoring with OEM 12c/JAgent
Enable GoldenGate Monitoring with OEM 12c/JAgentEnable GoldenGate Monitoring with OEM 12c/JAgent
Enable GoldenGate Monitoring with OEM 12c/JAgentBobby Curtis
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckRundeck
 
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...Simplilearn
 
[Defcon] Hardware backdooring is practical
[Defcon] Hardware backdooring is practical[Defcon] Hardware backdooring is practical
[Defcon] Hardware backdooring is practicalMoabi.com
 
cisco csr1000v
cisco csr1000vcisco csr1000v
cisco csr1000vMing914298
 
YOW2020 Linux Systems Performance
YOW2020 Linux Systems PerformanceYOW2020 Linux Systems Performance
YOW2020 Linux Systems PerformanceBrendan Gregg
 
Spy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformSpy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformRedge Technologies
 
Improve PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateImprove PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateBobby Curtis
 
Oracle High Availabiltity for application developers
Oracle High Availabiltity for application developersOracle High Availabiltity for application developers
Oracle High Availabiltity for application developersAlexander Tokarev
 
Introduction to Oracle Data Guard Broker
Introduction to Oracle Data Guard BrokerIntroduction to Oracle Data Guard Broker
Introduction to Oracle Data Guard BrokerZohar Elkayam
 
Nagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using JenkinsNagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using Jenkinspqrs1234
 
Nginx Reverse Proxy with Kafka.pptx
Nginx Reverse Proxy with Kafka.pptxNginx Reverse Proxy with Kafka.pptx
Nginx Reverse Proxy with Kafka.pptxwonyong hwang
 
Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud Gateway
Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud GatewaySpring IO 2023 - Dynamic OpenAPIs with Spring Cloud Gateway
Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud GatewayIván López Martín
 
Atomicity In Redis: Thomas Hunter
Atomicity In Redis: Thomas HunterAtomicity In Redis: Thomas Hunter
Atomicity In Redis: Thomas HunterRedis Labs
 

Tendances (20)

Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
 
OpenStack을 중심으로 한 오픈 소스 & 상용 하이브리드 클라우드
OpenStack을 중심으로 한 오픈 소스 & 상용 하이브리드 클라우드OpenStack을 중심으로 한 오픈 소스 & 상용 하이브리드 클라우드
OpenStack을 중심으로 한 오픈 소스 & 상용 하이브리드 클라우드
 
One PDB to go, please!
One PDB to go, please!One PDB to go, please!
One PDB to go, please!
 
Enable GoldenGate Monitoring with OEM 12c/JAgent
Enable GoldenGate Monitoring with OEM 12c/JAgentEnable GoldenGate Monitoring with OEM 12c/JAgent
Enable GoldenGate Monitoring with OEM 12c/JAgent
 
Oracle API Gateway
Oracle API GatewayOracle API Gateway
Oracle API Gateway
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in Rundeck
 
Brkdct 3101
Brkdct 3101Brkdct 3101
Brkdct 3101
 
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
 
[Defcon] Hardware backdooring is practical
[Defcon] Hardware backdooring is practical[Defcon] Hardware backdooring is practical
[Defcon] Hardware backdooring is practical
 
cisco csr1000v
cisco csr1000vcisco csr1000v
cisco csr1000v
 
YOW2020 Linux Systems Performance
YOW2020 Linux Systems PerformanceYOW2020 Linux Systems Performance
YOW2020 Linux Systems Performance
 
Spy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformSpy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platform
 
Improve PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateImprove PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGate
 
Laravel and SOLR
Laravel and SOLRLaravel and SOLR
Laravel and SOLR
 
Oracle High Availabiltity for application developers
Oracle High Availabiltity for application developersOracle High Availabiltity for application developers
Oracle High Availabiltity for application developers
 
Introduction to Oracle Data Guard Broker
Introduction to Oracle Data Guard BrokerIntroduction to Oracle Data Guard Broker
Introduction to Oracle Data Guard Broker
 
Nagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using JenkinsNagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using Jenkins
 
Nginx Reverse Proxy with Kafka.pptx
Nginx Reverse Proxy with Kafka.pptxNginx Reverse Proxy with Kafka.pptx
Nginx Reverse Proxy with Kafka.pptx
 
Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud Gateway
Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud GatewaySpring IO 2023 - Dynamic OpenAPIs with Spring Cloud Gateway
Spring IO 2023 - Dynamic OpenAPIs with Spring Cloud Gateway
 
Atomicity In Redis: Thomas Hunter
Atomicity In Redis: Thomas HunterAtomicity In Redis: Thomas Hunter
Atomicity In Redis: Thomas Hunter
 

Similaire à Windows guest debugging presentation from KVM Forum 2012

VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...
VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...
VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...VMworld
 
Malware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual MachinesMalware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual Machinesintertelinvestigations
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
Chapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesChapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesRaja Waseem Akhtar
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administrationConcentrated Technology
 
Powervc upgrade from_1.3.0.2_to_1.3.2.0
Powervc upgrade from_1.3.0.2_to_1.3.2.0Powervc upgrade from_1.3.0.2_to_1.3.2.0
Powervc upgrade from_1.3.0.2_to_1.3.2.0Gobinath Panchavarnam
 
System Client Details
System Client DetailsSystem Client Details
System Client DetailsSyAM Software
 
My old security advisories on HMI/SCADA and industrial software released betw...
My old security advisories on HMI/SCADA and industrial software released betw...My old security advisories on HMI/SCADA and industrial software released betw...
My old security advisories on HMI/SCADA and industrial software released betw...Luigi Auriemma
 
[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程
[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程
[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程Jimmy Chang
 
Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Louis Göhl
 
Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)
Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)
Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)Dina Goldshtein
 
Windows Server Core
Windows Server CoreWindows Server Core
Windows Server CoreMark Wilson
 
TechMentor 2012: Deploying Windows Server 2012 Server Core
TechMentor 2012: Deploying Windows Server 2012 Server CoreTechMentor 2012: Deploying Windows Server 2012 Server Core
TechMentor 2012: Deploying Windows Server 2012 Server CoreHarold Wong
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3David Pasek
 
Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3ManageEngine, Zoho Corporation
 

Similaire à Windows guest debugging presentation from KVM Forum 2012 (20)

VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...
VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...
VMworld 2013: ESXi Native Networking Driver Model - Delivering on Simplicity ...
 
WinCE
WinCEWinCE
WinCE
 
Malware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual MachinesMalware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual Machines
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new black
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
 
Chapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesChapter02 Managing Hardware Devices
Chapter02 Managing Hardware Devices
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administration
 
Powervc upgrade from_1.3.0.2_to_1.3.2.0
Powervc upgrade from_1.3.0.2_to_1.3.2.0Powervc upgrade from_1.3.0.2_to_1.3.2.0
Powervc upgrade from_1.3.0.2_to_1.3.2.0
 
System Client Details
System Client DetailsSystem Client Details
System Client Details
 
My old security advisories on HMI/SCADA and industrial software released betw...
My old security advisories on HMI/SCADA and industrial software released betw...My old security advisories on HMI/SCADA and industrial software released betw...
My old security advisories on HMI/SCADA and industrial software released betw...
 
[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程
[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程
[文件] 華創造型SERVER安裝過程記錄 -V6R2016X 安裝流程
 
Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]
 
Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)
Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)
Self-Aware Applications: Automatic Production Monitoring (NDC Sydney 2017)
 
Windows Server Core
Windows Server CoreWindows Server Core
Windows Server Core
 
Blackfin Device Drivers
Blackfin Device DriversBlackfin Device Drivers
Blackfin Device Drivers
 
Load Runner
Load RunnerLoad Runner
Load Runner
 
TechMentor 2012: Deploying Windows Server 2012 Server Core
TechMentor 2012: Deploying Windows Server 2012 Server CoreTechMentor 2012: Deploying Windows Server 2012 Server Core
TechMentor 2012: Deploying Windows Server 2012 Server Core
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3
 
Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3
 
Vcp6.7 episode 1
Vcp6.7 episode 1Vcp6.7 episode 1
Vcp6.7 episode 1
 

Plus de Yan Vugenfirer

HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...Yan Vugenfirer
 
Receive side scaling (RSS) with eBPF in QEMU and virtio-net
Receive side scaling (RSS) with eBPF in QEMU and virtio-netReceive side scaling (RSS) with eBPF in QEMU and virtio-net
Receive side scaling (RSS) with eBPF in QEMU and virtio-netYan Vugenfirer
 
Implementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationImplementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationYan Vugenfirer
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototypingYan Vugenfirer
 
Windows network teaming
Windows network teamingWindows network teaming
Windows network teamingYan Vugenfirer
 
Rebuild presentation - IoT Israel MeetUp
Rebuild presentation - IoT Israel MeetUpRebuild presentation - IoT Israel MeetUp
Rebuild presentation - IoT Israel MeetUpYan Vugenfirer
 
Rebuild presentation during Docker's Birthday party
Rebuild presentation during Docker's Birthday partyRebuild presentation during Docker's Birthday party
Rebuild presentation during Docker's Birthday partyYan Vugenfirer
 
Contributing to open source using Git
Contributing to open source using GitContributing to open source using Git
Contributing to open source using GitYan Vugenfirer
 
Microsoft Hardware Certification Kit (HCK) setup
Microsoft Hardware Certification Kit (HCK) setupMicrosoft Hardware Certification Kit (HCK) setup
Microsoft Hardware Certification Kit (HCK) setupYan Vugenfirer
 
Advanced NDISTest options
Advanced NDISTest optionsAdvanced NDISTest options
Advanced NDISTest optionsYan Vugenfirer
 
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...Yan Vugenfirer
 

Plus de Yan Vugenfirer (13)

HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
HCK-CI: Enabling CI for Windows Guest Paravirtualized Drivers - Kostiantyn Ko...
 
Receive side scaling (RSS) with eBPF in QEMU and virtio-net
Receive side scaling (RSS) with eBPF in QEMU and virtio-netReceive side scaling (RSS) with eBPF in QEMU and virtio-net
Receive side scaling (RSS) with eBPF in QEMU and virtio-net
 
Implementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationImplementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migration
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototyping
 
Windows network teaming
Windows network teamingWindows network teaming
Windows network teaming
 
Rebuild presentation - IoT Israel MeetUp
Rebuild presentation - IoT Israel MeetUpRebuild presentation - IoT Israel MeetUp
Rebuild presentation - IoT Israel MeetUp
 
Rebuild presentation during Docker's Birthday party
Rebuild presentation during Docker's Birthday partyRebuild presentation during Docker's Birthday party
Rebuild presentation during Docker's Birthday party
 
Contributing to open source using Git
Contributing to open source using GitContributing to open source using Git
Contributing to open source using Git
 
Introduction to Git
Introduction to GitIntroduction to Git
Introduction to Git
 
Microsoft Hardware Certification Kit (HCK) setup
Microsoft Hardware Certification Kit (HCK) setupMicrosoft Hardware Certification Kit (HCK) setup
Microsoft Hardware Certification Kit (HCK) setup
 
UsbDk at a Glance 
UsbDk at a Glance UsbDk at a Glance 
UsbDk at a Glance 
 
Advanced NDISTest options
Advanced NDISTest optionsAdvanced NDISTest options
Advanced NDISTest options
 
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
QEMU Development and Testing Automation Using MS HCK - Anton Nayshtut and Yan...
 

Dernier

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 

Dernier (20)

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 

Windows guest debugging presentation from KVM Forum 2012

  • 1. Windows Guest Debugging Yan Vugenfirer, yan@daynix.com Daynix Computing LTD
  • 2. Agenda Device manager Logging and DebugView Introduction to BSOD Crash dumps Crash on demand Driver verifier WinDbg Installation and configuration Postmortem debugging !ndiskd Configuring guests Live debugging
  • 4. Device Manager Run -> devmgmt.msc Devices and drivers management and installation Scan for HW changes Effective tool to check resource allocations of the devices, drivers versions and different drivers settings.
  • 5. Device Manager - Views Change the views of device manager Show non PNP devices
  • 6. Device Manager - Views View -> Devices by connection This view can be used to check buses and devices relations
  • 7. Device Manager - Views View -> Resources by type Effective to check IRQ sharing On OSes below Vista virtio devices will use legacy PCI interrupts Virtio-serial and ballon use legacy interrupts also on newer OSes.
  • 8. Device Manager - Views View -> Resources by connection IO and memory address space with relations between buses and the devices
  • 9. Device Manager - Show non- present devices Show devices drivers that are installed but the device is curently not present in the system Very useful for removing crashing drivers from the system From command line: SET devmgr_show_nonpresent_devices=1 START devmgmt.msc
  • 10. Device manager - properties Double click on the device Click on “General” tab You can view device location on the bus If the driver is not started you can see the reason in status text-box. For example - no digital signature on x64 OS from Vista and up
  • 11. Installing self signed drivers Drivers need to be at least self signed starting from Vista x64 bit To enable test signing: Bcdedit.exe –set TESTSIGNING ON Disable test signing Bcdedit.exe –set TESTSIGNING OFF Install test certificate on the guest Reboot needed after enabling and disabling test siging commands More information on test signing: http://msdn.microsoft.com/en-us/library/bb530195.aspx
  • 12. Device Manager - resources Double click on the device Click on “Resources” tab Shows device resources (IRQs, IO and memory ranges)
  • 13. Device manager - driver tab Double click on the device Click on “Driver” tab Get driver version View the driver binaries View the versions of driver binaires
  • 14. Device manager - details Double click on the device Click on “Details” tab A lot of additional details like: PNP ID of the device, PM policy, location of different device keys in registry and etc
  • 15. VirtIO - NetKVM parameters Advanced tab in device manager Change logging levels Enable packet statistics printout Other parameters starting with “TestOnly” prefix Full list: http://www.linux-kvm.org/ page/ Internals_of_NDIS_driver_for_VirtIO _based_network_adapter#List_of_ configurable_parameters
  • 16. NetKVM - log levels 0 - Basic configuration and unload trace. Critical errors. 1 - Warnings, corner cases 2 - Network packet trace 3 - More verbose trace of packets 4 - Virtio library, DPC 5 - ISR trace 6 - Registers readwrite.
  • 17. NetKVM parameters from command line Part of WHQL requirements to supply command line utility for drivers that expose parameters through “advanced” tab readme.doc - supplied with driver package explains the usage. Integrated with “netsh” Windows networking tool To register (before the first use): rundll32 netkvmco.dll,RegisterNetKVMNetShHelper Unregistration (removal) rundll32 netkvmco.dll,UnregisterNetKVMNetShHelper
  • 18. NetKVM parameters from command line Description Command line Output List devices netsh netkvm show devices Names and index for each device Restart device netsh netkvm restart [idx] Should be done after parameters are changed Show parameters netsh netkvm show parameters [idx] List the names of the parameters Show detailed information about parameter netsh netkvm show paraminfo [idx] [param] Current value of the parameter Change parameter value netsh netkvm setparam [idx] [param] [value]
  • 19. Debug view and tracing
  • 20. DebugView Shows debug space of Windows (kind of dmesg). Can extract debug trace from crash dump if it was running before the crash Can log debug trace during boot. Download from - http://technet.microsoft.com/en-us/ sysinternals/bb896647.aspx
  • 21. DebugView - enable output to debug space To enable debug space outputs from Vista and up: Through registry (using regedit): Add “Default” value of the type DWORD equal to 0xFFFFFFFF under “HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ControlSession ManagerDebug Print Filter” Reboot During live debugging ed nt!Kd_DEFAULT_MASK 0xFFFFFFFF
  • 22. Debug view - capture kernel Capturing kernel output disabled by default To enable: Capture -> Capture Kernel
  • 23. Debug view - log boot Run DebugView Enable boot logging Run DebugView after reboot to collect the logs
  • 24. Debug view - crash dump Run DebugView before crash dump creation After crash and reboot - point DebugView to crash location for processing
  • 25. Virtio debugging with serial port Uncomment “ENABLE_COM_DEBUG=1” in SOURCES file. Comment out “ENABLE_PRINT_DEBUG” Rebuild the driver On the host side -serial tcp::<port>,server,nowait nc localhost <port>
  • 27. Bug check System crash called “Bug check” Blue screen Crash dump will be saved Ability to debug the bug check if debugger is connected
  • 28. Blue screen inside Bug check code Bug check parameters - specific to each bug check Additional information - can be located also below bug check code and parameters Crash dump saving counter
  • 29. Common bug checks Bug Check 0xA: IRQL_NOT_LESS_OR_EQUAL Bug Check 0x8E: KERNEL_MODE_EXCEPTION_NOT_HANDLED Bug Check 0xD1: DRIVER_IRQL_NOT_LESS_OR_EQUAL Bug Check 0x9F: DRIVER_POWER_STATE_FAILURE Bug Check 0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION Bug check codes reference: http://msdn.microsoft.com/en-us/ library/hh994433(v=vs.85).aspx
  • 31. Crash dump creation During blue screen Windows will save crash dump Minidumps are not always useful Also - remove the option to reboot on crash Right click on “My computer” -> “Properties”->”Advanced system settings”->”Startup and Recovery” -> “Settings” Chose “Kernel memory dump” Remove “Automatically restart” The windows on different OSes can be different but the menu names are the same
  • 33. Crash dump locations After the crash search in: %windir%memory.dmp %windir%MinidumpMinidump<timestamp>.dmp When you have Windows error message after reboot - do not close it. Check minidump path and copy it.
  • 34. Crash dumps From Windows 7 and up - OS will auto-delete large crash dumps To keep crash dumps: Key: HKLMSystemCurrentControlSetControl CrashControl Value: “AlwaysKeepMemoryDump”:DWORD set to 1
  • 35. Crash dumps on demand Crash Windows on demand to examine driver status Configure through registry: Key: HKEY_LOCAL_MACHINESystem CurrentControlSetServicesi8042prtParameters, Value: CrashOnCtrlScroll, equal to a REG_DWORD value of 0x01 Key: HKEY_LOCAL_MACHINESystem CurrentControlSetServiceskbdhidParameters, value: CrashOnCtrlScroll, equal to a REG_DWORD value of 0x01
  • 36. Crash dumps on demand Press Ctrl+ScrollLock+ScrollLock You will get MANUALLY_INITIATED_CRASH (0x000000E2) bug check. Read more (also how to redefine the shortcuts): http:// msdn.microsoft.com/en-us/library/ff545499.aspx
  • 37. Crash dumps on demand (2) Issue NMI from QEMU monitor Setup guest: HKLM/System/CurrentControlSet/Control/CrashControl, DWORD value NMICrashDump 1 Restart Enter QEMU monitor (Alt+Ctrl+2, to go back Alt+Ctrl+1) Issue “NMI” command
  • 39. Driver verifier Built-in into OS (substitutes OS functions with own layer). To activate run “verifier.exe” from command line Need a reboot after the settings are changed Effective in finding deadlocks, memory leaks, memory corruptions and incorrect parameters to OS functions.
  • 40. Driver verifier - activation Run from command line: verifier.exe Select “Create custom settings”
  • 41. Driver verifier - activation
  • 42. Driver verifier - activation Change selection to “Select driver names from a list”
  • 43. Driver verifier - activation Select loaded driver from the list Or select driver from its location on files system After clicking finish - reboot is needed to activate the settings.
  • 44. Driver verifier - bug checks 0x000000C4 Some can be ignored if debugger is connected Provide additional information for debugging
  • 45. Driver verifier - current settings Run verifier.exe Click on “Display existing settings” radio button Click on “Next” button
  • 46. Driver verifier - current settings
  • 47. Driver verifier - removal Don’t forget to reboot
  • 49. WinDbg We can examine crash dumps with WinDbg Remote live kernel debugging Limited live kernel debugging using one guest only User mode debugging including remote debugging
  • 50. Installation Install as part of the WDK http://msdn.microsoft.com/en-US/windows/ hardware/hh852362 Install as part of the SDK http://msdn.microsoft.com/en-US/windows/ hardware/hh852363 Download symbols for different Windows OSes http://msdn.microsoft.com/en-us/windows/ hardware/gg463028
  • 51. Symbols configuration View OS functions and variable names Set Microsoft symbol server and local paths Set environment variable: “_NT_SYMBOL_PATH” Sample symbol path: C:symbolslocal;SRV*C: symbolswebsymbols*http:// msdl.microsoft.com/ download/symbols
  • 52. Symbol configuration Another way to set the symbols path is through WinDbg menu File ->”Symbol File Path...” You can instruct WinDbg to reload the symbols Also using windbg command: .reload
  • 53. Post mortem debugging Run WinDbg.exe Load dump file through: File -> “Open Crash Dump...” Might be slow first time
  • 54. Loading crash dump Information about loaded symbols OS information Hint to use “!analyze -v” Bug check code and parameters
  • 55. Magic wand - !analyze -v
  • 56. !analyze -v First command that you should run (or click) Bug check and its parameters explanation Hints for the next steps and how those parameters can be used for further debugging Module name that probably caused the crash Stack trace
  • 57. WinDbg - help Help -> Contents Switch to “Index” tab for specific command help
  • 59. WinDbg - Views View To display window From command line Memory Alt+5 d <address> Call stack Alt+6 kb Disassembly Alt+7 u <address> Registers Alt+4 r Watch Alt+2
  • 60. WinDbg - View memory Menu: View -> Memory Command (different variation of “d”): db <address>
  • 62. WinDbg - View disassembly
  • 63. Windbg - Reference symbols <modulename>!<symbol_name> Example: netkvm!DriverEntry
  • 65. Useful command Command Description !scsikd Scsi related commands. Use !scsikd.help to find more .reload Reload symbols lm List loaded modules ~<cpu number> Switch between CPUs. For example ~0 !irpfind Search for IO request packets !irp Display information regarding specific IRP .reboot Restart remote during live debugging
  • 66. !ndiskd - NDIS debug extensions !ndiskd.ndis Show ndis.sys build information !ndiskd.help Show help !ndiskd.miniports Show NDIS miniports !ndiskd.miniport <addr> Show info about specific mimiport !ndiskd.nbl Show NET_BUFFER_LIST info !ndiskd.oid Show pending OID requests
  • 69. From !ndiskd to NetKVM
  • 70. Configuring live debugging Host side Run debugget host VM with : “-serial tcp::<port_number>,server,nowait” For example: “-serial tcp::4445,server,nowait” Run target VM with: “-serial tcp: 127.0.0.1:<port_number>”
  • 71. Configuring live debugging (2) Host side (new format) Run debugget host VM with : “-chardev socket,id=serial0,path=/tmp/debug- serial0,server,nowait -device isa- serial,chardev=serial0,id=serial0 ” Run target VM with: “-chardev socket,id=serial0,path=/tmp/debug-serial0 - device isa-serial,chardev=serial0,id=serial0”
  • 72. Configuring live debugging Guest side - Windows XP and Windows 2003 Edit c:boot.ini Duplicate the default boot line and add: “/debug /debugport=COM1 /baudrate=115200” Reboot
  • 73. Configuring live debugging Guest side - Vista and up Use bcdedit.exe bcdedit /dbgsettings SERIAL DEBUGPORT:1 BAUDRATE:115200 bcdedit /debug ON Reboot Read more: http://www.linux-kvm.org/page/ WindowsGuestDrivers/GuestDebugging
  • 74. WinDbg - Connecting to target VM File -> Kernel Debug... Select previously specified serial port and baud rate
  • 75. WinDbg - Breaking into target VM Ctrl+C Ctrl+Break Press pause button in the toolbar
  • 76. WinDbg - break points Command Description bl List breakpoints bp Set breakpoint bu Unresolved breakpoints (will persist between module reloads) ba Breakpoint on access bc Clear breakpoint Read more: http://msdn.microsoft.com/en-us/library/ windows/hardware/ff552204(v=vs.85).aspx
  • 77. WinDbg - stepping through the code Command Description g Start executing the given process or thread t Trace - executes single instruction or source line p Step - executes single instruction or source line. Subroutines are treated as single step. Check different variation and parameters of the above commands
  • 78. Saving the dump file Sometimes the system doesn’t save dump file. What to do? Connect WinDbg Use “.dump /f <local_file_name>” to save dump file Wait for it. It will take a long time
  • 79. Live debugging on same VM File -> Kernel Debug...
  • 80. More links More on debugging - http://msdn.microsoft.com/en-us/library/windows/hardware/ hh406283(v=vs.85).aspx Use the Microsoft Symbol Server to obtain debug symbol files - http:// support.microsoft.com/kb/311503 Setting break points with WinDbg - http://msdn.microsoft.com/en-us/library/windows/ hardware/ff552204(v=vs.85).aspx Working with source files - http://msdn.microsoft.com/en-us/library/windows/hardware/ ff556911(v=vs.85).aspx Live kernel debugging - http://msdn.microsoft.com/en-us/library/windows/hardware/ hh451166(v=vs.85).aspx Debugging techniques - http://msdn.microsoft.com/en-us/library/windows/hardware/ ff541398(v=vs.85).aspx Enabling NDIS debug tracing - http://msdn.microsoft.com/en-us/library/windows/ hardware/ff542961%28v=vs.85%29.aspx
  • 81. More tools and links regedit.exe (just in case) Sysinternls tools (home of DbgView) - http:// technet.microsoft.com/en-US/sysinternals Wireshark - http://www.wireshark.org/download.html Extra debugging tools - http://msdn.microsoft.com/en- us/library/windows/hardware/ff543998(v=vs.85).aspx
  • 82. Q&A