Business problem to solve
There are 3 kinds of windows memory dump file, process, kernel and complete memory dump. Memory dump provides snapshot of Windows system status at that specific moment. It provides the critical information for postmortem analysis. When the Windows/application crashes, hang or unexpected error, CPU spike, we may do further investigation into memory dump for offline/postmortem analysis to identify the root/cause.
How the courses will proceed
• This course will focus on offline/dump file analysis by Windbg. (though Windbg can do realtime debugging)
• There will be 10+ memory dump provided. We will analyze each of cases by winDBG.
• The 10+ memory dump file cases includes (crash, access violation, 32/64 bit, application/kernel dump, hang, deadlock…)
What you will learn?
• Common command usage of Windbg
• Common problem patterns seen in the dump files. |