• E-mail
• Print
• Share

by Tarik Soulami

The author is a longstanding member of the core Windows Fundamentals team. Earlier, he worked on the CLR infrastructure. So, as might be expected, he has tips and suggestions for operating deep in the belly of the beast. "Tips" is a good way to describe this collection of chapters, each of which delves into a tricky debugging problem. Chapter 2 is a discourse on various debugging tools for Windows. Chapter 3 explains how debuggers work, so you get very specific information on what debuggers can do easily and what is hard for them to do. After this introduction, he starts in on unusual capacities of the debugger: the data in various dumps, examining pseudo-registers (which are variables maintained by the debugger engine), and so on. After exploring these areas, he tackles the major debugging scenarios in detail. These include debugging access violations, heap corruptions, stack corruptions, stack overflows, and memory leaks (in both user mode and kernel mode). The rest of the book is dedicated to event tracing for Windows (EFW), which is the logging framework used extensively inside Windows. The author shows how to put it to use in your own debugging sessions, including its use to diagnose delays and unexplained memory use.

The explanations are clear, well illustrated, and completely approachable. It many ways, I'd view this as a kind of deep dive tutorial that you keep near your workstation for occasional reference when chasing down a hard bug. My only complaint is that the book discusses only mainstream models of Windows; namely, the current versions and their recent antecedent versions. No mention of Windows 8 or Win RT is made, so you have no sense how things might change in the now-known impending release. But until then, this book is highly recommended.
— ALB