Third-Party Tools for Windows XP Embedded

  • Article

 

Jon Fincher
Microsoft Corporation

February 2003

Applies to:
    Microsoft® Windows XP® with Embedded Service Pack 1

Summary: Learn about some of the tools available for creating components and configurations for Windows XP Embedded. (4 printed pages)

Contents

Introduction
Dependency Walker
FileMon
RegMon
InCtrl5
BootVis
Microsoft Debugging Tools

Introduction

There are a number of third-party tools that are useful for creating components and configurations for Microsoft® Windows® XP Embedded. This technical article is designed to act as a pointer to some of these tools (but not all). It provides a brief synopsis of each technology, provides information about how and why each should be used, and provides Uniform Resource Locators (URLs) to download locations and where one can find comprehensive documentation for each tool.

Dependency Walker

The Dependency Walker scans 32-bit and 64-bit Microsoft Windows modules and presents a hierarchical tree diagram of dependent modules. The modules can be .exe, .dll, .sys, .ocx, or other executable modules designed for running on Windows. The dependent modules are listed in a tree view under the calling module and are marked where they are duplicated higher in the tree. Full module information is also given.

On its own, Dependency Walker is a great tool for discovering the static dependencies of any Windows code module. However, the 2.0 and later versions also allow for the discovery of dynamically loaded modules through LoadLibrary() or GetProcAddress() function calls. Dependency Walker also includes a console mode and a useful graphical user interface (GUI), and it can include undecorated C++ module names.

Dependency Walker is a crucial tool for building components:

  • It lists all known dependencies of a module.
  • It provides a non-GUI console mode that allows Dependency Walker to be used in batch files, critical for automation.
  • Its profiling and child processes allow for iterative dependency searching.

You can download Dependency Walker 2.1 from http://www.dependencywalker.com.

FileMon

FileMon, created by Mark Russinovich, is a real-time file system-monitoring tool. When running, it logs all file system activity on the system in real time, including successful and unsuccessful attempts to open files, attempts to read and write to files, and changes to attributes. Log entries that match specific criteria can be included or excluded specifically, and there is a provision for highlighting entries. FileMon runs on all Windows operating systems from Microsoft Windows 95 through Microsoft Windows XP, including Microsoft Windows XP Embedded.

FileMon is useful in a number of ways:

  • When you are troubleshooting new components, you can run it on the embedded device to find missing files.
  • When you are building new components, you can use it to find required files that are accessed dynamically.
  • Log comparisons between a working and a non-working system can help you discover missing files.

You can download FileMon from https://www.sysinternals.com/ntw2k/source/filemon.shtml.

RegMon

RedMon, created by Mark Russinovich, is a real-time registry-monitoring tool. When running, it logs all registry activity on the system in real time, including successful and unsuccessful attempts to access registry keys, attempts to read and write to registry keys, and attempts to read and write to registry data. Like FileMon, log entries that match specific criteria can be included or excluded specifically, and there is a provision for highlighting entries. RegMon runs on all Windows operating systems from Windows 95 through Windows XP, including Windows XP Embedded.

RegMon is useful in a variety of ways:

  • When you are troubleshooting new components, you can run it on the embedded device to find missing registry keys and data.
  • When you are building new components, you can use it to find required registry keys that are accessed dynamically.
  • Log comparisons between a working and a nonworking system can help you discover missing registry keys and data.

You can download RegMon from https://www.sysinternals.com/ntw2k/source/regmon.shtml.

Note   Both FileMon and RegMon, like most utilities from Sysinternals, come with complete source code.

InCtrl5

InCtrl5, offered by PC Magazine, is a static system difference tool. When first run, InCtrl5 takes a static snapshot of your system, customizable to individual registry branches and .ini files. InCtrl5 runs on all Windows operating systems, including Microsoft Windows NT® Embedded and Windows XP Embedded runtimes. You can direct InCtrl5 to then run a program, or you can have it wait for you to manually make changes to the system. After InCtrl5 is run, it takes another static system snapshot, compares that snapshot to the previous one, and reports the differences. InCtrl5 offers a GUI for all aspects of its operation.

InCtrl5 is useful for both component creation and configuration modification. You can:

  • Use it to determine what third-party software installers do.
  • Use it to determine how device drivers are installed.
  • Find registry keys that are controlled by the Windows XP user interface.
  • Find out what happens when a program is first run.
  • Find out what system changes are made when settings are modified.

You can download InCtrl5 from http://www.pcmag.com/article2/0,4149,25126,00.asp.

Note   InCtrl5 comes complete with Delphi source code.

BootVis

Microsoft BootVis is a performance trace visualization tool for tracking boot performance. BootVis runs on Windows XP-&#150based; and Windows XP Embedded-&#150based; systems. BootVis offers a GUI to trace several performance parameters related to booting systems. BootVis can be configured to trace these parameters for rebooting, hibernating, and suspending systems.

BootVis is invaluable for tracing performance through the boot/reboot process. You can use BootVis to:

  • Determine where the boot process is spending its time.
  • Optimize your system for fast boot performance.
  • Optimize your system for fast suspend/resume or hibernate/resume performance.

You can download BootVis from the BootVis Web site. You can read more about boot, suspend, and hibernate performance issues at Fast Boot/Fast Resume Design.

Microsoft Debugging Tools

Microsoft Debugging Tools include the kernel debugger, which is a system-level symbolic debugger. The kernel debugger works as two different parts—the system to be debugged (called the Host) starts Windows with the kernel debugger enabled (all Windows NT&#150based; and Windows XP&#150based; systems ship with this capability). The system running the debugger (called the Remote) connects to the host through a communications port (COM port), universal serial bus (USB) port, or port 1394. The Remote system captures debug output and provides for debug-level control of the Host.

There are two versions of the debugger available, one for command-line control (kd.exe) and the second providing a GUI interface (windbg.exe). Both provide similar control over the Host and provide mechanisms for other computers to control the Remote debugger over the network. Both can be run with or without debugging symbols, although the presence of symbols leads to a richer and more productive debugging environment. If you use the Microsoft Debugging Tools to debug your own drivers or applications, it is recommended that you generate symbols as part of the build process for that driver or application.

Windows XP also provides the NT Symbolic Debugger (NTSD), which provides a command-line symbolic debugger for user-mode applications. The output from NTSD can be piped through the kernel debugger on the Host, providing both user-mode and kernel-mode remote debugging capabilities.

You can use the kernel debugger to:

  • Troubleshoot Stop error codes
  • Debug drivers
  • Monitor the boot process on headless devices

You can download the Microsoft Debugging Tools and symbols from this Microsoft Web site.

© Microsoft Corporation. All rights reserved.