I co-authored an article with Durvesh Raut on WinDbg (Windows Debugger) for the Q3’2010 edition of Security Acts magazine. The article is an introduction to using WinDbg for user mode and kernel mode debugging and crash dump analysis on the Windows platform.

Introduction (from the published article)

Security testing has become an important part of the testing life cycle and is being adopted by more and more organizations as a formal practice rather than relying on random testing or findings in this context. This is a big challenge for the testing community, as with this expectation in place testers have to become comfortable with a lot of things which were earlier known only to the developers or security researchers. One such area is the world of debuggers.

Security testers often come across crashes of applications or the underlying operating system while playing with the input vectors of a software application/interface. Some testers, who know about the existence of debuggers and their basic installation, go ahead and enable the same to capture the crash dumps. Most of the times, they assume that the analysis of these dumps is the responsibility of developers and/or security researchers. An initial analysis by the tester reporting the crash could be very useful for analysis and could go a long way in selling the bug and stressing on its severity. A tester with this knowledge can make the corresponding bug reports much more useful by reporting specifics of the bug.
As an example, which of the following sounds better to you? :
“With software net installed, the system goes into infinite loop of rebooting and crashing.”
“Invalid Memory Access in ABC driver of software net causes the system to go into infinite loop of rebooting and crashing.” (Followed with a crash dump and initial analysis pointing to the probable function)

This article aims at providing basic know-how of the Windows Debugger (WinDbg) for those who would be interested in filling this knowledge gap and are dealing with software testing on the Windows platform. The authors have tried to make the article as simple as possible so that the subject will reach those who may shy away from learning these concepts due to the complexity involved.

The article is available as a PDF file here (~ 2 MB): WinDbg – A Primer on the Windows Debugger for Security Testers

You can also download the complete magazine  from the Security Acts website after a small registration process.

Rahul Verma

Leave a Reply

Your email address will not be published. Required fields are marked *