You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a computer named C02 in the company.

Windows Vista has been installed on C02. You start C02 and have a hardware device attached to the computer. Since you are the technical support, the company assigns a task to you. The company wants you to debug the creation of the functional device object (FDO) for the hardware device. Which routine should you debug?

You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. For Windows XP, a device driver is created by you. This device driver runs on uniprocessor systems only. A system thread and a deferred procedure call (DPC) are created by the driver. The DPC is invoked by a repeating timer. Both the thread and the DPC must process entries from the same work queue. You must make sure that the system thread and the DPC are synchronized. Which IRQ Level (IRQL) should be used?

You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. You are in charge of an application service. Because of heap corruption, it crashes intermittently. When it occurs, you have to detect the heap corruption. Of the following tolls, which one should be used?

You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. You are in charge of an application. Two processes are contained in this application. Several custom dynamic link libraries (DLLs) need to be loaded by both of the processes. The DLL entry point is named DllMain. A third-party DLL is loaded by DllMain.

You have to avoid loader deadlock and make sure that the application is able to use the third-party DLL at all times. What action should you perform in DllMain?

You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. Now you receive an order from the company. The company plans to update a device driver on a Windows system. A copy of the device driver file is downloaded from the Internet by you, but you are not sure whether the device driver is legitimate.

Therefore, you have to validate the device drivers digital signature. Of the following tools, which one should be used?

You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a computer named C02 in the company.

Windows Vista has been installed in C02. Sometimes the computer performs slowly. At the time that the computer has a slow performance, you notice that 90 percent of the CPU is used by the System process. You identify the high CPU usage is caused by the System process thread. The thread has the start address ntkrnlpa.exe|ExpWorkerThread. You have to find out which functions the thread calls and how much CPU time each function uses. Which tool should you choose to use?

You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a complete kernel dump that was generated on an unresponsive computer. You debug the kernel dump by using WinDbg.

You receive the following output from WinDbg.

kd> kv

ChildEBP RetAddr Args to Child

f9bfeed8 f98857fa 000000e2 00000000 00000000 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])

f9bfeef4 f9885032 00644d40 010000c6 00000000 i8042prt!I8xProcessCrashDump+0x237 (FPO: [Non-Fpo])

f9bfef3c 8054093d 815c84c8 81644c88 00010009 i8042prt!I8042KeyboardInterruptService+0x21c (FPO: [Non-Fpo])

f9bfef3c f9e9938a 815c84c8 81644c88 00010009 nt!KiInterruptDispatch+0x3d (FPO: [0,2] TrapFrame @ f9bfef60)

WARNING: Stack unwind information not available. Following frames may be wrong.

f9bfefd0 80540f7d f9e998a0 00000000 00000000 pldkrl+0x38a

f9bfeff4 80540c4a f7627b50 00000000 00000000 nt!KiRetireDpcList+0x46 (FPO: [0,0,0])

f9bfeff8 f7627b50 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a (FPO: [Uses EBP] [0,0,1])

80540c4a 00000000 00000009 bb835675 00000128 0xf7627b50

kd> .trap f9bfef60

ErrCode = 00000000

eax=ffdff980 ebx=ffdff000 ecx=f9e9938a edx=f9e998a0 esi=00000000 edi=806d02e2

eip=f9e9938a esp=f9bfefd4 ebp=ffdff980 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0000 es=e8ae fs=0000 gs=c20e efl=00000246

pldkrl+0x38a:

f9e9938a ebfe jmp pldkrl+0x38a (f9e9938a)

You have to find out what is causing the computer to become unresponsive. So what is causing the problem?

You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a colleague named Jason in the company. He has a computer which is named C01. Windows Server 2003 x64 Edition is run by C01. Now the computer crashes. After he opens the crash dump file, he finds that an illegal instruction exception has been caused by a kernel-mode device driver. Since you are the technical support, he asks you to find out whether the device driver is corrupt. Of the following WinDbg commands, which one should be used?

You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is an application for you to troubleshoot. This application runs on Windows Vista computers. The application does not close all of the files it has open. You have to find out the files that the application has open currently. So which tool should be used?

You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. You develop a hardware device driver for Windows Vista.

You need to view a report. The report displays a timeline of the following device driver activity: Processor time spent in interrupt service routine (ISR), deferred procedure calls (DPCs) and the corresponding call stack. Which of the following tools should be used?