Kernel Debugging

The distinction between user mode software and kernel mode software is relevant to testing. In most cases when application software contains a crashing bug, the application itself may crash but the operating system will usually keep running. However when kernel mode software, often device drivers, crashes the entire operating system may be brought down. In a Windows environment this is sometimes called the blue screen of death (BSOD) because of the color of the error screen displayed after a system crash. Ordinary debugging is the process of determining the cause of a software application failure. Ordinary debugging can be accomplished in several ways because after a crash the host machine is still operating and the crashed program can be examined. For example in a Windows environment, testers can use the cdb.exe (command line debugger) or use the integrated debugging capabilities of the Visual Studio integrated development environment. Kernel debugging is the process of determining the cause of an operating system crash. Kernel debugging requires special tools because after a system crash there is no way to directly examine the host machine.
In a Windows environment, a common kernel debugging tool is the kdb.exe (kernel debugger) command line program. Unix variants usually have similar programs, for example, kdbg for use with the Linux kernel. The kdb.exe tool is somewhat tricky to use and so in Windows environment most kernel debugging is performed using the windbg.exe tool which provides a GUI interface around both cdb.exe (for application debugging) and kdb.exe (for kernel debugging). There are two ways to capture an image of a crashed test host machine for analysis by the windbg.exe / kdb.exe tool. First, a tester can configure the test host to save an image of itself after a system crash, typically as a file named MEMORY.DMP directly on the host. Then after a crash, the test host machine is restarted and the memory image can be analyzed using the kdb.exe tool. The second alternative is to connect the test host machine to a second machine, using an RS-232 interface with a null modem cable. Then when the test host crashed, its memory image is sent to the second machine where it can be analyzed.
In a Windows environment, to perform kernel debugging a tester must have a .pdb file (program database) which is specific to the operating system running on the test host machine. The .pdb file can be downloaded from a publicly available database of such files maintained by Microsoft, or in the situation where the test host machine is connected to a second analysis machine, the analysis machine can access the library of .pdb files over the Internet via a Web server maintained by Microsoft. In some situations software testers are responsible for generating and capturing system crash dumps and then turning these dumps over to developers for analysis. In other situations, testers are responsible for both collecting and analyzing crash dump data.
This entry was posted in Software Test Automation. Bookmark the permalink.