when and how to use windbg kernel debugging

windows debugging windbg
whunmr picture whunmr · Jan 18, 2010 · Viewed 12.4k times · Source

I found Windbg is very useful during development and debugging. but mostly i use windbg in use mode debugging.

  1. What kernel debugging can do in windbg? or When should I use windbg's kernel debugging?

  2. Is there a toturial about kernel debugging in windbg?

Thanks in advance.

Answer

Alon picture Alon · Jan 18, 2010

you usually use kernel debugging when you need to debug low level device drivers interacting directly with the hardware.
It's more complicated to debug in kernel mode, among other things for a live kernel debug session you have to run the debugger on a different system than the one being debugged . for the majority of developers user mode is enough to do most of the work.
Advanced Windows Debugging is a very good book about debugging with wndbg (includes discussions about kernel debugging).

the dump analysis site has many tutorials including kernel debugging scenarios

Related questions

How can I abort a long operation in WinDbg?

Often WinDbg will enter a state where it is *Busy* performing an operation. Often this is due to some mistake I made trying to dt some_variable_itll_never_find or setting a break point somewhere without symbols or the 1000…

Read More
What is your favourite Windbg tip/trick?

I have come to realize that Windbg is a very powerful debugger for the Windows platform & I learn something new about it once in a while. Can fellow Windbg users share some of their mad skills? ps: I am …

Read More
Kernel trace Windows 7 WinDbg

I'm getting no debug information when debugging en_windows_7_checked_build_dvd_x86_398742. I can't see even my own trace info (ATLTRACE). In opposite, Windows XP Checked works like a charm. I get "Bad QueryIdType:5" msg on debug session start …

Read More