Kernel debugger begone: Microsoft emits update for DTrace on Windows 10

Only Insiders need apply for now

A fresh version of the Windows take on DTrace will allow developers to chase down those pesky low-level bugs without exposing the posterior of their systems to miscreants.

The disabling of PatchGuard is no longer required in the updated version, according to Hari Pulapaka, group manager for the Windows kernel.

Since the Windows kernel now uses Virtualization-base Security (VBS), which isolates memory from the OS, the kernel debugger requirement has been dropped. Dropping that requirement means, in turn, that PatchGuard can be left on, making life less complicated for developers on the hunt for that mystery memory leak.

The downside? Just as the first version of DTrace for Windows required 19H1, this update needs the version with all those kernel goodies, in this case the still-not-released 20H1 (aka Windows 10 2004). A developer would therefore need to opt into the Windows Insider programme and debug using build 19041.21 or higher in order to use the new toys.

A glimpse at msinfo32.exe will confirm if VBS is up and running – look for the "Virtualization-based security" option set to "Running".

As well as ARM64 support (in preview mode) for the vanishingly small number of Windows 10 users on that chippery, the update also includes support for usermode stackwalk (ustack) rather than just kernel mode from the preview.

"Like stack," Pulapaka wrote, "ustack facility is fully compatible with open source DTrace specification."

Live dumps can also be called from DTrace scripts to spew out the state of play at a failure point and it is also now possible to create new Event Tracing for Windows (ETW) events when needed from within the script itself.

While the removal of the requirement that PatchGuard be disabled in order to let the DTrace update run riot behind the scenes is good news, it is a little irksome that developers must use a preview version of Windows 10 to have a go.

It also highlights just how much has changed under the hood in the upcoming 20H1/2004 release of Windows 10. ®

Similar topics

Other stories you might like

Biting the hand that feeds IT © 1998–2022