Group 2 Windows Internals tools & Windows SDK debugging tools

1. Group 2Windows Internals tools &Windows SDK debugging tools David DenhollanderKevin FinklerCorey SarniaAilun Shen

2. What they are • Download From: http://technet.microsoft.com/en-us/sysinternals/bb842062 • To install, extract to a directory such as C:\Utils • (Optional) Add your new directory to the PATH environment variables in order to run the programs easily from the command prompt. Windows Sysinternals

3. Procmon.exe • Advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. Process Monitor

5. VNMap.exe • Process virtual and physical memory analysis utility. • Shows a breakdown of a process’s committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. VNMap

7. Executable and driver used to crash your system in several different ways. • The driver enables NotMyFault.exe to cause the system to hit a bug check and reboot, generating a new crash dump in the process. NotMyFault.exe

9. Debugging tool for Windws • Common WinDbgcommands listed here: http://windbg.info/doc/1-common-cmds.html • WinDbg Commands • vercommand:Dump command line that was used to start the debugger • Bp: Start breakpoint at address • bpHelloWorld!wmain • Sets a breakpoint at “wmain” in HelloWorld • g: o. Runs the program, stopping at breakpoints • dv: Display local variables and parameters • r: Display the values of all the CPU registers • q / qd: Quit / Quit and Detach • x: Lists the available symbols in a loaded module • x notepad!*open* • Lists the “open” symbols in notepad • .symfix& .reload • Fixes the debugger search path and reloads the symbols for all loaded modules • k: Display the stack trace of the current thread • kP also tries to show the parameters to each function on the call stack WINDbg