See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Brad Rutkowski's Blog
Business up front
Party in the back
Vista and Lognhorn
Windows Server 2008
Browse by Tags
Brad Rutkowski's Blog
Debugging Terminal Service not listening. (Isolating an instance of SVCHOST)
Ran into another issue today where I needed to set and IFEO for the particular instance of SVCHOST.exe running terminal service. Here is the easiest way of doing so: 1) Make a copy of SVCHOST.exe on the server, name it Mysvchost.exe and leave it in %Systemroot%\system32\ 2) Open regedit and go to HKLM...
6 Apr 2007
The case of sidebar.exe not starting. Oh Snap!
Ran into a case today where each time we tried to start sidebar.exe it would fail silently. No crash to investigate, no error, so where to next? First I set an IFEO for sidebar.exe to launch windbg.exe when started, by doing this it stops at the initial breakpoint. Secondly I enabled loader snaps...
30 Mar 2007
Dial in your debugging skills with this book.
So this book has been getting mentioned around by a lot of reputable contacts internally so my teammate picked up a couple copies and I've been browsing it since. Browsing? Like all books in this category (Windows Internals, C++ Programming, etc) I don't read it cover to cover, if you do you should earn...
25 Jan 2008
Kernel stack not resident (Using .pagein)
You might find yourself debugging an issue and a thread you are interested in is paged out. Here's the steps to use to page in the stack for the kernel side and user side... Be careful when doing this on a live machine that you want to release after debugging as paging in certain section of memory can...
30 Aug 2007
Not getting kernel memory dumps in Windows Vista or Windows 2008?
Backstory: With the advent of Windows Vista there are changes made in how the operating system determines if it can take a kernel memory dump or not. Starting in Vista the amount of memory allocated for kernel mode could vary dynamically . If the pagefile is not big enough, switching to minidump at dump...
16 Oct 2007
Got a handle leak? Use !Htrace to help find the leaking stacks non-invasively.
So when your an app developer or someone in my position where you need to track down memory leaks one of the tools to use is Htrace once you've identified it's a handle leak . I just wanted to put this post out there to show that I found you can use Htrace against a usermode process like LSASS below...
13 Nov 2007
Some useful debugging commands
All of these are for kernel mode, these are just commands I use often that don't troubleshoot a particular problem, but are helpful in getting a general picture of the system. If you have a specific issue you're trying to understand, drop a note and I'll see if there is a command to help you out. ...
2 Apr 2008
Did you know there is live noninvasive debugging?
Say you want to check something out in KD but you don't have a debugger attached, like !vm perhaps, or you want to attach to a user mode process like LSASS and dump the threads running and their current state? Well there's is solution, obviously everything doesn't work when its noninvasive, but you can...
13 Apr 2007
Let me drive! Using remote.exe to connect to a client.
Some might call me a control freak, but when I have the opportunity to investigate a machine myself or provide instructions via the phone/mail to the end-user you know what I'm going to choose. One of the easier ways that I find is to use remote.exe which is part of the debugging package. I'm just going...
4 Apr 2007
These are a few of my favorite things... (Part 4)
Just some more tricks/tools I use frequently... Scale-to-Fit in Perfmon If you deal a lot with perfmon you know you can have a ton of different counters in one line graph or in one bar graph and that the scale is usually 0-100 which really isn't applicable in some cases. Now you can just alt click the...
22 Nov 2007
How to catch shutdowns that don’t go to debugger or cause bugchecks
Sometimes a system just goes offline or reboots and we cannot catch it in the debugger or it is not a stop error (bugcheck) so that machine just reboots from underneath you. One technique you can use is to set a breakpoint on nt!NtSetSystemPowerState. This function is the last thing called during ANY...
25 Aug 2007
My computer is hard hung, now what can I do?
You may run into instances where a machine becomes "hard hung", I usually can tell when a machine is in this state because the "num lock" and "caps lock" key don't work. So what can you do in these instances? Well Windows has the ability to create a manual crash dump. Manual crash dumps will always have...
23 Oct 2006
© 2014 Microsoft Corporation.
Privacy & Cookies