Author: Mario Hewardt & Daniel Pravat
Publisher: Addison Wesley, 2007
Pages: 840
ISBN: 978-0321374462
Aimed at: Anybody needing a very low-level approach to Windows debugging
Rating: 4.5
Pros: Lots of detail - gets you right inside
Cons: Lacks an overall framework
Reviewed by: Harry Fairhead

This book is about serious Windows debugging. It's not about what you do when you have a minor bug in a program and it isn't about debugging strategy. Most bugs can be found by simple code inspection using the debugger built into the IDE. This approach is so successful and so common that many programmers don't even realise that there is a deeper alternative.

This book is all about debugging at the level of machine code to find out what is really going wrong.

The first thing to say is that this is about debugging Windows and as such it assumes that you know how Windows works. It does explain a lot of the internals but only in isolation and without an overall framework to slot the new information into it is going to seem like tough going.You also need to be happy with bits, bytes and some machine code.

The second thing to say is that this is not about debugging using Visual Studio - that's the easy sort of debugging and covered in other books. It also isn't about the philosophy, methodology or mental state you need to be in to debug. It certainly doesn't cover bug tracking or management.

It starts off by considering what tools are available and this is where we first meet the low-level debuggers that are going to be key to inspecting what is really happening. You can pick from a user or kernel mode debugger but in most cases you won't need the complexity of the dual machine setup that the remote debugging of the kernel debugger needs. From here we have a careful consideration of getting symbols into your dumps and code inspections - this make debugging at this low level much easier.

The second part of the book looks at the sort of problems that occur - stack problems, heap problems, security, interprocess communications, resource leaks and synchronization. All are of course discussed from the Windows point of view but there is a lot of material that is general.

Part Three deals with advanced topics - writing debugger extensions, 64-bit debugging, power tools and Vista. Of course the book misses out on Windows 7 but this isn't a huge problem. If you can cope with the technicalities of this sort of debugging you should be able to generalise from Vista to Windows 7.

This is not a book that every Windows programmer needs. It's very low level and gets you right inside what is going on. However the ideas and techniques described will give you a good background in how Windows operates and how you can debug and reverse engineer applications.

If you need a low-level book on Windows debugging, this is it. Highly recommended.