Browse by Tags

Related Posts
  • Blog Post: Understanding the temporary drive on Windows Azure Virtual Machines

    Special thanks to our WATS Linux experts- Joao Madureira, Vittorio Franco Libertucci and Patrick Catuncan for reviewing this post. When you create a VM in Windows Azure you are provided with a temporary storage automatically. This temporary storage ...read more
  • Blog Post: Bugchecking a Computer on A Usermode Application Crash

    Hello my name is Gurpreet Singh Jutla and I would like to share information on how we can bugcheck a box on any usermode application crash. Set the application as a critical process when the application crash is reproducible. We may sometimes need a complete ...read more
  • Blog Post: Debugging a Windows 8.1 Store App Crash Dump (Part 2)

    In Part 1 , we covered the debugging of a Windows Store Application crash dump that contains a Stowed Exceptions Version 1 (SE01) structure.   This post continues on from Part 1, covering the changes introduced in March 2014. These Windows Updates ...read more
  • Blog Post: Debugging a Windows 8.1 Store App Crash Dump

    Quality reports on the App Summary page Microsoft provides triage dumps of your Windows Store application’s crashes and hangs through the Quality section of the App Summary page on the Dev Center - Windows Store apps portal.   Back in June 2012, ...read more
  • Blog Post: Call Stacks for Pool Allocations

    Hello, it's the Debug Ninja back again for another NtDebugging Blog article.   For as long as I can remember user mode debuggers have had an easy way to get call stacks for heap allocations.   On more recent versions of Windows this has been ...read more
  • Blog Post: Debugging a Crash, Found a Trojan

    Hi, I'm Manish from Global Escalation Services. I would like to present a multiple random bug check issue, which was caused by malicious code (trojan) running on the machine. This is the walkthrough of how we found the virus on the server. In this particular ...read more
  • Blog Post: Troubleshooting Pool Leaks Part 1 – Perfmon

    Over the years the NTDebugging Blog has published several articles about pool memory and pool leaks.  However, we haven’t taken a comprehensive approach to understanding and troubleshooting pool memory usage.  This upcoming series of articles ...read more
  • Blog Post: What Did Storport Do With My I/O?

    In a previous article I showed how to track an I/O request from the filesystem, through the class driver, and to the storage driver.  In that article I concluded with " From this data we can usually assume that the request has been sent to the ...read more
  • Blog Post: Configuring a Hyper-V VM For Kernel Debugging

    Yesterday's blog prompted some questions about how to set up a debugger for a Windows OS running in a Hyper-V VM.   I was surprised that I wasn't able to find good, publicly available, Microsoft issued documentation for this configuration.   ...read more
  • Blog Post: My Kernel Debugger Won't Connect

    Hello ntdebugging readers, the Debug Ninja is back again with a quick blog this holiday season.   I recently encountered a situation where the kernel debugger could not connect to a Windows Server 2008 R2 system running in a Hyper-V virtual machine ...read more
  • Blog Post: Don't Believe Everything You Read

    Recently, I was contacted by a customer who was advised by an ISV to set a registry value under one of the sub keys in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\.  Let's call it UseQuantumComputing = 1 (value name has been ...read more
  • Blog Post: How the Clipboard Works, Part 1

    Recently I had the opportunity to debug the clipboard in Windows, and I thought I’d share some of the things I learned.   The clipboard is one of those parts of Windows that many of us use dozens (hundreds?) of times a day and don’t really think ...read more
  • Blog Post: Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on Windows Server 2012

    What is a bug check 0x133? Starting in Windows Server 2012, a DPC watchdog timer is enabled which will bug check a system if too much time is spent in DPC routines. This bug check was added to help identify drivers that are deadlocked or misbehaving.  ...read more
  • Blog Post: Hotfix to Enable Mini-Filter Performance Diagnostics With XPerf for Windows Server 2008R2

    Greetings ntdebugging community, Bob here again and today I would like to let everyone know about a new feature implemented in Windows Server 2008 R2’s kernel and filter manager binaries released in knowledge base article 2666390 .   Beginning with ...read more
  • Blog Post: Debugging a Network Connectivity Issue - TrackNblOwner to the Rescue

    Hello Debug community this is Karim Elsaid again.  Today I’m going to discuss a recent interesting case where intermittently the server is losing access to the network.  No communication (even pings) can be done from / to the server when the ...read more
  • Blog Post: Troubleshooting Pool Leaks Part 2 – Poolmon

    In our previous article we discussed how to identify a pool leak using perfmon.  Although it may be interesting to know that you have a pool leak, most customers are interested in identifying the cause of the leak so that it can be corrected.  ...read more
  • Blog Post: Debugging Backwards: Proving root cause

    Matt Burrough here again.   On rare occasions when debugging, we'll actually know (or strongly suspect) what the root cause of a problem is at the beginning of our analysis - but we still need to investigate to confirm our assertion.   The following ...read more
  • Blog Post: Understanding File System Minifilter and Legacy Filter Load Order

    Hello, my name is Fred Jeng from the Global Escalation Services team. For today’s post, I want to go over how Windows 7 and Windows Server 2008 R2 load file system mini-filters in a mixed environment when legacy filters are also present. I recently came ...read more
  • Blog Post: How To Deadlock Yourself (Don’t Do This)

    Some APIs should come with a warning in big red letters saying “ DANGER! ”, or perhaps more subtly “ PROCEED WITH CAUTION ”.  One such API is ExSetResourceOwnerPointer . Although the documentation contains an explanation of what limited activity ...read more
  • Blog Post: Troubleshooting Pool Leaks Part 7 – Windows Performance Toolkit

    In Part 1 of this series we identified a pool leak in non paged pool.  In Part 2 and Part 3 of this series we identified what pool tag was leaking.  In Part 5 and Part 6 we got call stacks showing the memory being allocated.  In this article ...read more
  • Blog Post: Stop 0x19 in a Large Pool Allocation

    Hello all, Scott Olson here again to share another interesting issue I recently debugged with pool corruption and found that using special pool does not work with large pool allocations ( pool allocations greater than a PAGE_SIZE ).   Here is an ...read more
  • Blog Post: How the Clipboard Works, Part 2

    Last time , we discussed how applications place data on the clipboard, and how to access that data using the debugger.   Today, we'll take a look at how an application can monitor the clipboard for changes.   Understanding this is important ...read more
  • Blog Post: Great power. Great responsibility.

    When it comes to the registry, administrators are given great power to manually configure Windows to suit their needs, but even slight, seemingly innocuous changes to a particular key or value can have a drastic impact on basic operations of the system ...read more
  • Blog Post: Case of the Unexplained Services exe Termination

    Hello Debuggers! This is Ron Stock from the Global Escalation Services team and I recently worked an interesting case dispatched to our team because Services.exe was terminating. Nothing good ever happens when Services.exe exits. In this particular case ...read more
  • Blog Post: Troubleshooting Pool Leaks Part 5 – PoolHitTag

    In Part 4 we narrowed the source of the leaked pool memory to the specific driver which is allocating it, and we identified where in the driver this allocation was taking place.  However, we did not capture contextual information such as the call ...read more