if (ms) blog++;

Random bits of (hopefully) useful technical information on Windows, with a focus on understanding and troubleshooting.

Browse by Tags

Related Posts
  • Blog Post: Analyzing User Mode Dumps

    So you’ve managed to get a dump from a process… now what? Dump analysis is a skill that requires a bit of knowledge of how processors work, how to read assembly language, how functions are called, what stacks and heaps are, and so on – it’s way beyond the scope of a blog to give you this set of skills...
  • Blog Post: Kernel-mode dump analysis

    I’ve already covered the different types of memory dump in a previous blog entry, so this is a quick dip into how we manually trigger a bugcheck to create a memory dump on demand, and also how we can take a look inside the kernel of a running OS without crashing it.   Crash Landing In the event...
  • Blog Post: Debugging Process Startup

    Attaching a debugger to a hung process or one that is running that we can cause to crash through an action is one thing… but sometimes a process will not even reach a running state and simply throw an error at the very start. If you’re lucky the error is caused by I/O and Process Monitor is able to give...
  • Blog Post: Pre-mortem debug analysis

    We’ve looked at generating dumps of processes, the kernel or the entire set of used physical memory pages – but there is another method to do debug analysis on the target directly rather than with a “snapshot” of what it looked like at one point in time, and sometimes this is very useful. The “live”...