Book review: Advanced Windows Debugging (Mario Hewardt and Daniel Pravat)

Ever so often, somebody sends me a book, and most of the time I glance through it and say, "Eh."

But not this time.

Advanced Windows Debugging will make you the envy of your friends (if your friends are computer nerds). Even the section with the "Oh come on every moron knows this already" title Basic Debugger Tasks has stuff that I didn't know. Fortunately, you don't have to slog through the stuff you already do know in order to find it, because the nifty new debugger commands are set off in the snippets of debugger conversation. (And by debugger conversation, I mean output of a debugger based on the Windows debug engine, debuggers like ntsd, kd and windbg.)

Once you get past the "basics", you still have loads more ahead of you. The book covers debugging scenarios like a corrupted heap, a deadlock, or 100% CPU usage, as well as debugging tasks, like following the trail of an LPC request from the client to the server, peeking at the token count of a semaphore, and reconstructing a partially-corrupted stack—and illustrates each investigation with both discussion and annotated debugger output. All the things that seasoned developers take for granted (because they have become instinctual after years of experience) are spelled out for you. Learn more from the book's web site, not unsurprisingly named

I'm keeping this book on my shelf. You can borrow it, but I'm going to insist that you return it when you're done.

Comments (19)
  1. JonDR says:

    I have some books like that. When someone wants to borrow one of those, I insist that they must leave one shoe for collateral. No one so far has left the building without returning the book.  (This may not work with the Java coders on second floor, but their interests and my library don’t often coincide).

  2. AsmGuru62 says:


    I am getting this book for sure.

    I am under the impression that Win32 development is pretty much over by now. With all the .NET hype and new frameworks coming each month. :-)

  3. Sean says:

    "This may not work with the Java coders on second floor"

  4. Stephen Jones says:

    At $47 wouldn’t it be cheaper to buy Linux?

  5. Wolf Logan says:

    "At $47 wouldn’t it be cheaper to buy Linux?"

    Now you have two problems.

  6. John says:

    "At $47 wouldn’t it be cheaper to buy Linux?"

    It would also be cheaper to buy a banana, but I don’t think either one of those would help you learn advanced Windows debugging techniques.  Though I suppose a banana might make for a good snack during debugging sessions…

  7. mikeb says:

    Ahhh, a book that will fill the void left by John Robbins deciding not to do a new update of "Debugging Windows" for native code (

    This book at first glance looks like it goes into incredible low-level detail.  Nice.

  8. Skip says:

    That looks good.  Parsing the table of contents, the only real hole I see is using windbg, etc., on managed code.  Maybe it’s in there but non-obvious?  I’ll have to look for the book at a B&M store and see what’s there.

  9. Bob Snyder says:

    Judging from the sample chapter, it looks as though the book is very well-written and thorough in its presentation. I will probably buy a copy. Thanks for pointing it out, Raymond.

    But the fact that such a book is necessary in the first place causes me to think that the software industry needs some fresh ideas. No application programmer should ever have to muck around with the stuff shown in the sample chapter. It is utterly grotesque that we are still dealing with this stuff.

    I program using the Win32 API every day. It is the best solution available for my needs. But I can’t wait for something radically better to come along. Programming used to be fun. I feel confident that someday it will be fun again. But in the meantime, I think I can see why very few college students are taking up Computer Science these days. Most people woudl rather read an IRS Auditor Training Manual than a book on Windows Debugging.

    [Naturally the book doesn’t cover the easy cases, the stuff you can debug from an IDE. If you let people write in a language in which memory corruption is possible, then you have to be able to debug the consequences, and often the consequences are extremely subtle. -Raymond]
  10. alex.r. says:

    Unlike some people, I don’t follow blogs just so I can leave trollish comments.

    Wow, I didn’t realize such people existed. Are you from the future?

    Even if you don’t use these techniques, understanding them helps you understanding the underlying system you’re programming for. That always helps, using a type-safe language or not.

  11. JM says:

    "At $47 wouldn’t it be cheaper to buy Linux?"

    I have nothing to add, I just wanted to repost that comment to emphasize its spectacular inaneness. And I say that as a fervid Linux fan.

    Oh, and I am so getting this book. If Raymond Chen *and* Mark Russinovich are impressed with it, there’s no way you can possibly go wrong. And I say that as an avid Raymond hater.

    I’m kidding, I’m kidding. Unlike some people, I don’t follow blogs just so I can leave trollish comments.

  12. Jonathan says:

    Skip: Windbg on managed code is very limited and non-trivial. You’re usually better off usual Visual Studio (or Rascal, the lightweight version).

    Bob Snyder: .NET programming might prove to be a pleasant surprise for you.


  13. JC says:

    Thanks Raymond : I saw this book some days ago on Amazon and I was really considering buying this book and I just decided I’ll buy it in the next days.

    As AsmGuru said, there was a steadily decreasing number of updated resources regarding advanced debugging and non-managed/.NET stuff in general : glad to see some authors still care about it.

  14. I came across this book but bought it after this review. My thinking was “If RaymondC likes a debugging book, it must be awesome”.

    Raymond – the power you have is awesome and scary. If I were a technical book author, I would be making a beeline to you door :)

    [Okay, let’s test that theory. “I read this awesome book by Raymond Chen. You should buy a copy!” Let’s see if that helps my sales rank. -Raymond]
  15. JenK says:

    On the one hand, I now work in a job where I don’t need to run wdeb. (I even run a RELEASED OS as standard practice!)

    On the other hand, I spent 4 years where my "list for new testers" included, "Read RaymondC’s tips on debugging Windows".  

    *Forwards review to friends*

  16. Anon says:

    Weren’t you one of the technical reviewers for Undocumented Dos?

    There was a bit in that that actually made me laugh out loud. They described how Windows instanced the Current Directory Structure and commented that in the first edition they tried to load their nasty reverse enginneered redirector into a Windows Dos box. It loaded and that Dos box mounted the redirected ‘network’ drive. They checked in another Dos box and found that the redirected drive didn’t show up there. Which is not surprising once you know that each Dos box has a different intance of the CDS. The funny part is that one of the technical reviewers of the first edition commented “only an idiot would expect that to work”.

    Which I like the idea of – the idea that unless you can work out that the CDS is instanced and thus that redirectors are per Dos box, neither of which is obvious to 99.99999% of the population, you’re an idiot.

    [It’s blatantly obvious that the CDS is instanced. Here, watch: Open two DOS boxes. In each one, CD to a different directory. Holy cow, you can do that! -Raymond]
  17. Tim says:

    I bought this book after hearing about it here and it’s superb. I was looking for something to complement the Windows Internal book and this is it!

    I also want to say thank-you for all the time and effort you so clearly put into this blog. It’s very much appreciated.


  18. says:

    Book recommendations

Comments are closed.

Skip to main content