1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XP Debugging mode

Discussion in 'Windows Vista / 7 / 8 Client Exams' started by salv236, Feb 18, 2010.

  1. salv236

    salv236 Nibble Poster


    Wondering if anyone has had any experience using debug mode in the advanced boot options in XP. From what i understand of the process this is used by the kernel to disable some windows resources and gives detailed information. debugging software located on another machine connected via a serial cable to extract the information that it discovers.

    My question is does this can the debugging take place locally on a machine?
    If local debugging is possible edoes it dump a log file somewhere on the system partition?
    Certifications: none
    WIP: MCSE XP/2K3
  2. dmarsh

    dmarsh Terabyte Poster

    Remote debugging provides more flexibility, this allows you to completely stop the remote machine and control it remotely.

    However you can interactively debug the local machine also, this is more limited as kernel state can change during debugging because programs like the debugger are still running.

    You can also examine a minidump or full dump using the debugger. However this is past machine state, so its not really interactive debugging.

    The dump files are written to the system partition, the swap file is also used to help produce the dump.

    Pick up the Windows Internals book to get the full information.
    Last edited: Feb 18, 2010
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  3. supernova

    supernova Gigabyte Poster

    You can also force crash dumps by configuring the "Crash on Control Scroll" via a registry key

    a USB keyboard: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters
    a PS2 keyboard: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
     Add Value and add the following registry entry:
    Name: CrashOnCtrlScroll
    Data Type: REG_DWORD
    Value: 1
    This will course windows to create a dump of the kernel memory space or full memory, depending on system settings, when you press Control + Scroll. you can then use tool such as MS windbg to debug through the information
    Certifications: Loads
    WIP: Lots

Share This Page