-
We recently sat down with Charles over in Channel 9 and talked about the Advanced Windows Debugging book and its PDC 2008 session. Check it out at:
http://channel9.msdn.com/posts/Charles/Advanced-Windows-Debugging-An-Introduction/
Cheers,
Mario
-
The Professional Developer Conference 2008 is right around the corner! Almost a week jam packed with the latest and greatest technology talks and in depth information on what has and is brewing at Microsoft. I and Daniel have been asked to present a 6hr pre-conference session on October 26th. We are extremely excited to have this opportunity to spread the word about the great tools available from Microsoft to make the development process more robust as well as increase the quality of software developed for Windows. In this session, we will dive into the details of some of the most vexing software bugs and include detailed examples of how to use the freely available tools to quickly arrive at the resolution. The session will be focused on ensuring that the material covered and presented is something that an attendee can apply right away when doing their day to day job.
Have a look at the PDC 2008 website and remember, dont forget to sign up for the Advanced Windows Debugging pre-conference session!
http://www.microsoftpdc.com/Agenda/Preconference.aspx#advanced-windows-debugging
http://www.microsoftpdc.com/
Cheers,
Mario
-
Interested in joining Microsoft and the exciting world of online services. If so, my team is hiring -- feel free to send me your inquiry/resume (we have several positions open).
------
Software as a service (SaaS) is “the single biggest opportunity across every one of our businesses”. Do you want to be a part of this exciting new direction for Microsoft? Do you want to work on a V1 service? Do you want to be part of the team that’s defining a whole new experience for hosted services? Then look no further, come and join the System Center Online team. The team that believes and works towards the success of our employees and our customers.
System Center Online is Microsoft's service-based systems management offering, providing an online solution and complimenting the industry-leading Systems Center range of products. This new System Center Online Service targeted to IT pro’s & Value Add Providers (VAPs) will be offering Update Management, Host protection (AV/AS), Hardware/Software Inventory, Monitoring and Backup along with policy/configuration, helpdesk and others. A key part of our services vision is a rapidly evolving suite of products on a constant delivery and upgrade cycle.
Be part of our Online Management Platform and Solutions (OMPS) group that has an excellent track record in successfully delivering great performing services catering to large volume – Microsoft/Windows Update, Windows Server Update Services (WSUS) product and the recent addition of Asset Inventory Service which was part of MDOP. You would be part of a team focusing on server side solutions for infrastructure (‘Eventing’ system – Generic ‘eventing’ collection and staging web service along with ETL orchestration) as well as direct customer impacting offering of Hardware/Software inventory.
A successful candidate should have solid skills in design and development to drive the design of areas of the service within the team; ability to work independently and own the design of individual features; Strong cross-functional interaction skills; Excellent programming, problem solving & debugging skills with experience in C/C++ or C# or Java. Preference will be given to candidates experience Web Services and related technologies such as XML/SOAP as well as SQL along being able to provide technical mentoring inside the team;. A BS degree in Computer Science or a related field with 5+ years of industry experience is strongly preferred.
Cheers,
Mario
-
A couple of weeks ago we had the opportunity to chat with the folks over at CS Techcast about Advanced Windows Debugging. It was an excellent discussion with a lot of interesting questions. Head over to http://www.cstechcast.com/home.aspx?Episode=12 for the full Podcast.
Cheers,
Mario
-
One of the most intriguing command omissions from the native debugger package is that of being able to display extended security information (such as a security descriptor) on a kernel mode object from user mode via its associated user mode handle. The workaround is somewhat tedious and involves hooking up the kernel debugger (live or actual) and get the security information from there. The most interesting part of this omission is that getting extended security information about a kernel mode object from user mode is relatively straightforward using the GetUserObjectSecurity API. As such, the first thing that popped into my mind was to write a custom debugger extension that achieved just
that. Fortunately, before taking this approach, I did some research and found that an extension like that already exists and is called SDbgExt (developed by Skywing). In addition to extended security information it includes a lot of other excellent commands such as:
* VC STL support
* Symbol commands
* Security commands
One of the commands in the security category is called objsec. The objsec command can be used to dump out the security descriptor of a kernel mode object using the associated user mode handle value. Let's take a look at an example of how to use the objsec extension command. I used notepad.exe as the target application (on a XP SP2 machine).
Prior to running the example, copy the debugger DLL (sdbgext.dll) into the WinExt folder of the debugger installation path. On my machine for example it would be located in the following folder:
C:\Program Files\Debugging Tools for Windows\winext
Launch an instance of notepad.exe under the debugger using the following command line:
C:\> ntsd notepad.exe
Once started, fix the symbols using:
.symfix
.reload
Issue the handle command to get a list of currently opened handles in the process:
0:001> !handle
Handle c
Type File
Handle 770
Type Section
...
...
...
Handle 7cc
Type Semaphore
Handle 7d0
Type WindowStation
Handle 7d4
Type Desktop
Handle 7d8
Type Event
Handle 7dc
Type Mutant
Handle 7e0
Type Directory
Handle 7e4
Type Key
Handle 7e8
Type WindowStation
Handle 7ec
Type Port
Handle 7f0
Type Directory
Handle 7f4
Type File
Handle 7f8
Type Directory
Handle 7fc
Type KeyedEvent
37 Handles
Type Count
Event 5
Section 4
File 4
Port 2
Directory 3
Mutant 8
WindowStation 2
Semaphore 3
Key 4
Desktop 1
KeyedEvent 1
Pick a handle that you are interested in and use the objsec extension command on that handle. For example, I choose the Directory event with a handle of 7f0:
0:001> !sdbgext.objsec 7f0
The object type is Directory
Security descriptor for object handle 7F0:
Owner: BUILTIN\Administrators
Primary group: NT AUTHORITY\SYSTEM
Revision: 1, Control: DaclPresent
Dacl: Revision 2 Size 48 bytes used, 8 bytes free, 2 ACEs present
Ace: Index 0 Flags: <empty> Type: AccessAllowedAce SecurityPrincipal: Everyone
AccessMask: Query Traverse ReadControl
Ace: Index 1 Flags: <empty> Type: AccessAllowedAce SecurityPrincipal: NT AUTHORITY\SYSTEM
AccessMask: Query Traverse CreateObject CreateSubdirectory Delete ReadControl WriteDac WriteOwner
Sacl: not present
The information resulting from executing the objsec extension command shows the security descriptor associated with the kernel object represented by process relative handle 7f0. Information such as owner, all the access control entries as well as access masks are displayed.
It is often necessary to analyze the security descriptor of any given object (for example when debugging access denied errors) and the objsec command of the sdbg extension DLL gives that power without having to revert to kernel mode debugging.
For more information on this excellent debugger extension, please see the following links:
http://www.valhallalegends.com/skywing/
http://www.nynaeve.net/?p=6
Until next time.
Cheers,
Mario
-
The Microsoft company store in Redmond greatly expanded on their selection of technical books. As part of that expansion they brought in Advanced Windows Debugging. All books appear to be sold at a discount (range varies depending on the book).
-
Amazon is still reporting the book as being on pre-order. I've heard numerous accounts of buyers stating that they had received an email from Amazon that the book will be shipped on 12/17/2007. This date is a misestimate as Amazon will be receiving copies of the book by end of this week or beginning of next week. The same timeframe should apply to other channels such as local bookstores.
Thanks!
Mario
-
In chapter 13 of Advanced Windows Debugging we discussed the process by which a company can sign up for Windows Error Reporting. The WER service is a great mechanism to gauge the health of your application in the wild. It also allows you access to valuable information that can be used to debug problems postmortem. One of the requirements for establishing an account with WER is to obtain a code signing digital ID. While it is recommended practice to obtain ownership of code using this digital ID it also costs right around $400 to obtain. To remove the pricing obstacle and allow more companies the chance to participate in WER, VeriSign is now offering what is called an organizational Digital ID for the low cost of $99. This digital ID is used only as a mechanism to establish a WER account and cannot be used to sign binaries. Another limitation is that hardware submissions are not allowed using this digital ID. Even in light of these limitations, it is a great way to get on board with WER for a relatively low cost.
More details on digital certificates for WER can be found here:
http://www.verisign.com/code-signing/msft-organizational-certificates/index.html