Browse by Tags
All Tags »
Debugging (RSS)
All of these are for kernel mode, these are just commands I use often that don't troubleshoot a particular problem, but are helpful in getting a general picture of the system. If you have a specific issue you're trying to understand, drop a note and I'll
Read More...
So this book has been getting mentioned around by a lot of reputable contacts internally so my teammate picked up a couple copies and I've been browsing it since. Browsing? Like all books in this category (Windows Internals, C++ Programming, etc) I don't
Read More...
Just some more tricks/tools I use frequently... Scale-to-Fit in Perfmon If you deal a lot with perfmon you know you can have a ton of different counters in one line graph or in one bar graph and that the scale is usually 0-100 which really isn't applicable
Read More...
So when your an app developer or someone in my position where you need to track down memory leaks one of the tools to use is Htrace once you've identified it's a handle leak . I just wanted to put this post out there to show that I found you can use Htrace
Read More...
Backstory: With the advent of Windows Vista there are changes made in how the operating system determines if it can take a kernel memory dump or not. Starting in Vista the amount of memory allocated for kernel mode could vary dynamically . If the pagefile
Read More...
You might find yourself debugging an issue and a thread you are interested in is paged out. Here's the steps to use to page in the stack for the kernel side and user side... Be careful when doing this on a live machine that you want to release after debugging
Read More...
Sometimes a system just goes offline or reboots and we cannot catch it in the debugger or it is not a stop error (bugcheck) so that machine just reboots from underneath you. One technique you can use is to set a breakpoint on nt!NtSetSystemPowerState.
Read More...
Say you want to check something out in KD but you don't have a debugger attached, like !vm perhaps, or you want to attach to a user mode process like LSASS and dump the threads running and their current state? Well there's is solution, obviously everything
Read More...
Ran into another issue today where I needed to set and IFEO for the particular instance of SVCHOST.exe running terminal service. Here is the easiest way of doing so: 1) Make a copy of SVCHOST.exe on the server, name it Mysvchost.exe and leave it in %Systemroot%\system32\
Read More...
Some might call me a control freak, but when I have the opportunity to investigate a machine myself or provide instructions via the phone/mail to the end-user you know what I'm going to choose. One of the easier ways that I find is to use remote.exe which
Read More...
Ran into a case today where each time we tried to start sidebar.exe it would fail silently. No crash to investigate, no error, so where to next? First I set an IFEO for sidebar.exe to launch windbg.exe when started, by doing this it stops at the initial
Read More...
You may run into instances where a machine becomes "hard hung", I usually can tell when a machine is in this state because the "num lock" and "caps lock" key don't work. So what can you do in these instances? Well Windows has the ability to create a manual
Read More...
