OSes

This article is more than 1 year old

Kernel debugger begone: Microsoft emits update for DTrace on Windows 10

Only Insiders need apply for now

Tue 28 Jan 2020 // 17:30 UTC

A fresh version of the Windows take on DTrace will allow developers to chase down those pesky low-level bugs without exposing the posterior of their systems to miscreants.

The disabling of PatchGuard is no longer required in the updated version, according to Hari Pulapaka, group manager for the Windows kernel.

Since the Windows kernel now uses Virtualization-base Security (VBS), which isolates memory from the OS, the kernel debugger requirement has been dropped. Dropping that requirement means, in turn, that PatchGuard can be left on, making life less complicated for developers on the hunt for that mystery memory leak.

The downside? Just as the first version of DTrace for Windows required 19H1, this update needs the version with all those kernel goodies, in this case the still-not-released 20H1 (aka Windows 10 2004). A developer would therefore need to opt into the Windows Insider programme and debug using build 19041.21 or higher in order to use the new toys.

A glimpse at msinfo32.exe will confirm if VBS is up and running – look for the "Virtualization-based security" option set to "Running".

As well as ARM64 support (in preview mode) for the vanishingly small number of Windows 10 users on that chippery, the update also includes support for usermode stackwalk (ustack) rather than just kernel mode from the preview.

"Like stack," Pulapaka wrote, "ustack facility is fully compatible with open source DTrace specification."

Live dumps can also be called from DTrace scripts to spew out the state of play at a failure point and it is also now possible to create new Event Tracing for Windows (ETW) events when needed from within the script itself.

While the removal of the requirement that PatchGuard be disabled in order to let the DTrace update run riot behind the scenes is good news, it is a little irksome that developers must use a preview version of Windows 10 to have a go.

It also highlights just how much has changed under the hood in the upcoming 20H1/2004 release of Windows 10. ®

Topics

Special Features

Vendor Voice

Resources

OSes

Kernel debugger begone: Microsoft emits update for DTrace on Windows 10

Only Insiders need apply for now

More about

More about

Narrower topics

Broader topics

More about

More about

More about

Narrower topics

Broader topics

TIP US OFF

Other stories you might like

Want to keep Windows 10 secure? This is how much Microsoft will charge you

Microsoft gets new Windows boss as Start Menu man Parakhin 'to explore new roles'

German state ditches Windows, Microsoft Office for Linux and LibreOffice

Reducing the cloud security overhead

How a single buck bought bragging rights in the battle to port Windows 95 to NT

Windows Format dialog waited decades for UI revamp that never came

Microsoft confirms memory leak in March Windows Server security update

Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online

US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products

Microsoft gives Hyper-V ceilings a Herculean hike

Microsoft squashes SmartScreen security bypass bug exploited in the wild

Microsoft drags Windows Subsystem for Android into the trash

About Us

Our Websites

Your Privacy