On any given day that is past say 7 days of uptime, I have 100 - 300 windows open, not kidding, here is a shot of my current task bar ... there shouldn't be anything msft confidential there, at least that you'd actually be able to read more than 4 or 5 letters of ... I know by heart I have 41 rows, so that's 204 windows open there ... I turn off that "group similar taskbar buttons" "feature", and the buttons show up in order, so a given "job" usually has task buttons around each other (in fact the last 6 buttons there are for this blog post) ... so what does this have to do with explorer ...

The basic upshot of this computing lifestyle choice is that my heart skips a beat and then visceral pain sets in whenever explorer AVs (Access Violation) ... explorer is what controls the start bar, and when it restarts the task buttons will be in a random order ... for the *nix types, this is like your window manager core dumping ... it's awefulness.

Right so getting to thread degraded mode ... my own term, for when you simply freeze the AV'd thread in a process, and allow the process to continue on its merry way.  You can do this because maybe the thread may not be doing something particularly useful, ergo it is "not a very serious AV", or maybe call it a "slight AV".  The process often (sometimes?) continues to function.

How to use thread degraded mode:

First, you will have to prepare your machine for initiating thread degraded mode ...

You will need to get a user mode debugger (there may already be a ntsd.exe in your system32, which should work, but no one uses that anchient one) go get a good version, which for an x86 box installs from this exe (i think).  Install it to C:\debuggers, everyone else around here seems to.

Navigate to this registry key (read more about it):
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug"
Create registry string (REG_SZ) value with a name of "Debugger" and value of
"C:\debuggers\ntsd -p %ld -g -G -e %ld"
If it already has a value you may want to save it.

You only have to do those steps once, and now you are ready to run in thread degraded mode, if the need should arise.

The next time explorer (or any application) crashes / AVs on you, you will get an option to debug the process ... select "Debug" or "Yes" or whatever ... this will open a debugger attached to explorer ( you'll probably have to alt-tab to find this new debugger window, because the task bar will be frozen/unresponsive while you debug it ;).

The debugger will open with the AV'ing thread as the current thread, so use "~f<enter>" (that is a tilde), to freeze this thread.  Then "g<enter>" will let the task bar come back to you (maybe).  At this point you should be praying that the thread you froze isn't holding any crucial critical sections or locks, and that things will return to "normal" ... your mileage may vary ... greatly.

It will look like this:
    0:008> ~f
    0:008> g

After you 'g' it, it will start printing this kind of thing in the debugger ...
    System 0: 1 of 84 threads are frozen
    System 0: 1 of 84 threads were frozen
    System 0: 1 of 84 threads are frozen
That's just explorer letting you know it loves you for not letting go, and putting it on life support.

Oh the crash was in MSN Desktop Search, but I don't fault (intended ;) them because I'm running the first beta of the software released in Dec 2004, I've heard they've had an update since then.

Anyway, as of approximately 8:20 AM (PST) yesterday (wed) morning, I've been running in thread degraded mode ... as I finish this post I've got 4 frozen threads ... there were a few more threads with "issues" but I don't have time to blog about them right yet ...