GROUP 2 WINDOWS INTERNALS TOOLS & WINDOWS SDK DEBUGGING TOOLS David Denhollander Kevin Finkler Corey Sarnia Ailun Shen

WINDOWS SYSINTERNALS  What they are  Download From: us/sysinternals/bb842062http://technet.microsoft.com/en- us/sysinternals/bb  To install, extract to a directory such as C:\Utils  (Optional) Add your new directory to the PATH environment variables in order to run the programs easily from the command prompt.

PROCESS MONITOR  Procmon.exe  Advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.

VNMAP  VNMap.exe  Process virtual and physical memory analysis utility.  Shows a breakdown of a process’s committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types.

NOTMYFAULT.EXE  Executable and driver used to crash your system in several different ways.  The driver enables NotMyFault.exe to cause the system to hit a bug check and reboot, generating a new crash dump in the process.

WINDBG  Debugging tool for Windws  Common WinDbg commands listed here: cmds.html  WinDbg Commands  vercommand : Dump command line that was used to start the debugger  Bp : Start breakpoint at address  bp HelloWorld!wmain  Sets a breakpoint at “wmain” in HelloWorld  g : o. Runs the program, stopping at breakpoints  dv : Display local variables and parameters  r : Display the values of all the CPU registers  q / qd : Quit / Quit and Detach  x : Lists the available symbols in a loaded module  x notepad!*open*  Lists the “open” symbols in notepad .symfix &.reload  Fixes the debugger search path and reloads the symbols for all loaded modules  k : Display the stack trace of the current thread  kP also tries to show the parameters to each function on the call stack