Configuring Windows Debugging Settings

Postmortem Debugging

• Configure System Crash Dump Options

• UI: Windows Settings->About->Advanced Tab->Startup and Recovery Settings

• Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl

• Configuring postmortem debugger: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

• Debugger=REG_SZ:[DebuggerCmd] value: specify postmortem debugger where [DebuggerCmd] is invocation command

  • 1^st %ld: replaced with the Process ID
  • 2^nd %ld: replaced with the Event Handle
  • Ex: "C:\debuggers\windbg.exe" -p %ld -e %ld -g
• Auto=REG_SZ:[0|1] value: configure automatic debugging behavior
  • 0: disable auto invoke and show user interaction dialog
  • 1: enable auto invoke and hide user interaction dialog
• .\AutoExclusionList\[ExeName]=dword:00000001 value: exclude [ExeName] from automatic debugging e.g.
  • "DWM.exe"=dword:00000001

• AeDebug default registry entries
  

  Text Only

  HKEY_LOCAL_MACHINE
    SOFTWARE
      Microsoft
        Windows NT
          CurrentVersion
            AeDebug
              Auto = 1
              AutoExclusionList
                DWM.exe = 1
  

• (Reference)

Windows Debugging Tips

GFlags

Global Flags Editor (WindowsSDK\Debuggers\x64\gflags.exe) enables/disables advanced windows diagnostic settings/registry keys

• features
  

• advanced debugging settings e.g. break on process launch

• page heap allocation monitoring/verification
• kernel object reference tracing

• [!warning] gflags.exe must be run as admin to set windows debug settings

• GFlags Reference

SysInternals

Collection of useful system troubleshooting tools

• WinObj shows all the OS objects
• SigCheck -a sftvolwin7.sys: verify valid signature and shows file version info
• TCPView: see all network traffic
• Procmon: count occurrences; result will collate all errors