Windows Debugging: Practical Foundations

I am a software developer/tester for 2 years now. I have just recently started using WinDbg for debugging at work. I was looking for book that gives me a review of the concepts I already know in a form that will push me to learn more about Windbg. This book is the exact answer. I had read vaguely in my undergrad about the registers, but havent touched about them for a while. I was initially skeptical when windbg showed me assembly code. This book gave me the detail in a very clear way I needed. The most important aspect of the book ( most of it ) is its ease of the explanation. Doesnt use too techy words and is easy to grasp. And yes it is a extremely fast read and its size doesnt scare you. The only reason I took off one star is a program assembly code, that confused me (not yet clarified). In the book when explaining the function prolog and epilog, the assembly code seems to show that more than required space is created on the stack for the local var. As per the code there are 2 integers, but a whopping 216bytes are assigned on the stack as per the assembly code. When I reqrote the code myself and got the assembly code from Windbg, it showed just 8 bytes as expected are assigned to the stack, I was left wondering what was the difference in the program that I wrote and whose executable is available on the ftp:// site specified in the book. I dont know how much this book will be helpful for those who have never ever read about the concept of registers in the memeory and what they are vaguely used for. But I really liked the lucidness and reader-friendliness of the author's writing and I am going on to Memory dump analysis volume 1. Thanks Dmitry for such a nice book.

This book is clearly aimed to readers without ANY experience on debugging. In theory you don't even need to know C or ASM, but IMO, you should not buy this book if you don't have a biiiit of experience with C. To understand what you are debugging, most of the times you do the translation to C. Even if you don't write anything down, it's more likely that your mind will think in C than in 80x86 mnemonics. So, you have to understand a bit of C to read this book. If you don't know what a pointer is, this book is not for you. The good: it is very short and concise. It's exactly like a hands-on. No fluff here. No personal stories or things that you don't need to know. Just download the samples (compiled with and without symbols), and walk thru them using WinDBG. You will learn a bit of WinDBG, a bit of 80x86 mnemonics, and a bit of reverse engineering. That's what you will get from this book. The bad: I'm not a native English speaker, but I can detect when something is poorly written. This is the case. The grammar of the book is not good. There are a few mistakes here and there but they won't prevent you to learn. Sometimes the author assumes too much. It's obvious that he's very capable, so he forgets -sometimes- the very very basics. But don't be discouraged by that, all you need to do is stretch your mind a bit more. Chapter 3 (Number Representations) is not explained well for my taste. I think it won't end up being very clear for a newbie. But you can learn that anywhere from the web, and you don't need to understand EVERYTHING to follow the samples. My conclusion: if you are a total newbie and you never used a debugger before (for example, you don't know what a Stack Trace is), buy this book. You will not become an expert, but it is a very good start. After this one, you can try to read Advanced Windows Debugging [Hewardt/Pravat] and/or Reversing [Eliam]. If you don't know the basics presented in this book, you can't even think about reading more advanced ones. Think like this: you can understand everything in this book on a weekend. You will go from being a total newbie to understand something and being able to read more advanced books. For a newbie, it's worth the money. It's a jump-start on this subject and the author does a good job on explaining these very basics.

I almost deduced a 1/2 star from this title, mainly because some of the grammar is a little rough around the edges. However, putting that aside, I like the relevancy of the contents, and the educational value associated with the book. It will provide a solid foundation for your debugging efforts using WinDbg (An incredibly powerful debugger from Microsoft), and any other debugger for that matter. The book contains a nice overview and discussion of entities and abstraction which will help you tackle more advanced books on debugging, such as Frame Pointers, Function parameters, Pointers etc. In my opinion this is a well recieved addition to my collection of debugging resources. A 64bit flavour of the book is promised in the near future. Thank you.