Browse by Tags


  • Blog Post: How to modify an application behavior when you don't have the source

    From time to time we need to help customers change the way an application interacts with the operating system or SDKs. The challenge is often the access to the code. Sometimes neither party may own the application in question and none of the parties have access to the source. Luckily, the Microsoft Research...
  • Blog Post: Remote kernel or user mode debugging of dumps or live systems

    GES (Global Escalation Services) is not only responsible for helping our external customers, but we spend a great deal of time collaborating with engineers and developers around the world at our support and development sites. We often look at large dump files, but in some cases we perform a live debug...
  • Blog Post: Red alert! My Server is hung - what do I do?

    So you have a dump from a hung server and you’re the first person on the scene. Your IT Manager is jumping up and down, the phone is ringing off the hook and people are hovering outside your cube. It’s game time and the pressure is on!!! Now what do you do? Well take a deep breath, get a cup of...
  • Blog Post: How to Access the User Mode Debugger from the Kernel Debugger

    In certain cases you may want to use a user mode debugger to debug a process from within the kernel debugger. It could be that you have an application that loads a kernel mode driver, and you want to be able to debug the user mode aspect of the application and then break into the kernel to follow the...
  • Blog Post: What Are the Odds?

    Hi NTDebuggers, something rarely talked about are the odds of a problem being in one piece of code vs. another. From time to time we see some very strange debugs or symptoms reported by customers. The problems can be associated with anything from an internally written application, a Microsoft product...
  • Blog Post: Designing the Perfect Breakpoint

    Written by Jeff Dailey. When it comes to live debugging, the breakpoint is king. Oftentimes solving a very complex problem in a production environment involves doing a local, non-production debug one of my own test machines. I’ll typically debug the process or code in question to get a good...
  • Blog Post: Windbg Tip: KN, .Frame , DV, and DT - It's so easy

    Written by Jeff Dailey. Hello NTDebuggers, many of us take for granted some of the simple commands in the debugger that make life easy. I was thinking of several in particular that go great together. The first command would be kn . Kn will show the current call stack and includes the stack frame number...
  • Blog Post: NTDebugging Puzzler 0x00000006: Invalid Handle - can you handle it?

    Hi NTDebuggers, this week’s puzzler just so happens to match its number: 0x000000006 = ERROR_INVALID_HANDLE. That said, let me give you a scenario and the challenge will be to provide the best action plan to isolate the problem. This should include an explanation of what types of code problems cause...
  • Blog Post: How to track down High CPU in User Mode Applications - A live debug!

    Written by Jeff Dailey. Hello NTDebuggers, I’d like to talk about a common issue we deal with on a regular basis. We are often tasked with finding what functions are using CPU within a user mode process / application. Typically a user will find an application that is using more CPU then they expect...
  • Blog Post: NTDebugging Puzzler 0x00000005 (Better late than never)

    Hello NTDebuggers, from time to time we see the following problem. It’s another access violation, and the debug notes below are from a minidump. Here is what we need to know… · Generally speaking what happened to cause this AV? · What method you would use to isolate root cause of the failure...
  • Blog Post: How to have a colorful relationship with your dump files

    Hello NTDebuggers… I look at a lot of dump files every day. This being the case I like to take full advantage of the customizable look and feel of windbg. I actually have an association setup between DMP files and a CMD file that loads my customized COLOR workspace each time I double click on a dump...
  • Blog Post: Announcement: ODbgExt (Open Debugger Extension) on CodePlex

    Hello NTDebuggers, I’d like to announce something new for our community to share. We have decided to host an Open Source Debugger Extension project called ODbgExt on codeplex.com Right now it’s just the basic framework. This will be something we can work on together as a community. Think of it as a debugger...
  • Blog Post: NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

    Hello NTdebuggers, I'm very impressed with the depth of the answers we are seeing from our readers. As I stated in last week's response, this week's puzzler is going to be harder. With that said let's take it up a notch. One of the things that is really cool about be an Escalation Engineer in GES/CPR...
  • Blog Post: More dump forensics, understanding !locks, in this case a filter driver problem

    Written by Jeff Dailey: Hello NTDebuggers, one of the most important things to understand in kernel debugging hung servers is the output of !locks. There can be a lot of data and it’s not always clear what is going on. One of the things I like to do in order to better understand the output is to...
  • Blog Post: Debug puzzler 0x00000002 “Attack of the crazy stack”

    Hi NTDebuggers, I have another puzzler for you. We started crash2.exe under windbg and it crashed. Go figure! Sometimes we have a very limited amount of data available to figure out what went wrong. That being said, this week’s puzzler only gives you a few clues. Given this week’s debugger output, what...
  • Blog Post: NTDebuggers Debug Puzzler 0x00000001 "Where did my process go?"

    Hello NTDebuggers, in the spirit of Click and Clack (The Tappet brothers), a favorite troubleshooting show of mine, we thought it would be fun to offer up some Debug puzzlers for our readers. That said, this week’s Debug Puzzler is in regard to Dr. Watson . I’m sure most of you have seen Dr. Watson...
  • Blog Post: The Case of the Low Hanging Filter Driver Fruit

    Written By Jeff Dailey: Not all our cases are crashes, leaks, or high CPU. Sometimes the problems we are faced with are purely a question of why a given application runs slow on a particular version of Windows versus another version of windows. I n other cases an application may just start running...
  • Blog Post: Wanted: Windows Internals subject matter experts

    Microsoft is looking for five Windows Internals subject matter experts to come work on a very special five to eight day project on the Redmond campus during the month of May 2008. Candidates must have good communications skills, be non Microsoft employees, have 5+ years experience with windows, be familiar...
  • Blog Post: TalkBackVideo Understanding handle leaks and How to use !htrace to find them

    Written by Jeff Dailey Hello, my name is Jeff Dailey, I’m an E scalation E ngineer for the Global Escalation Services P latforms team. I’d like to show you how to debug and find leaking handles within your application or other process. We can do this with the !htrace command in windbg . Windbg...
  • Blog Post: Talkback video: Desktop Heap

    Hello, Matthew here again. Starting today, my team will be bringing you content in the form of videos, as well blog posts. We’ll be hosting these videos on Channel 9 , and we’ll link them from the ntdebugging blog. One way that we’ll be using video is as a means of highlighting topics...
  • Blog Post: Hung Window?, No Source?, No Problem!! Part 2

    Written by Jeff Dailey Hello, my name is Jeff, I’m a escalation engineer on the Microsoft CPR (critical problem resolution) platforms team. This blog entry is part 2 of my Hung Window?, No source?, No problem!! Part 1 blog . In this lab we will be debugging a problem involving multi threaded applications...
  • Blog Post: Hung Window?, No source?, No problem!! Part 1

    Written by Jeff Dailey Hello, my name is Jeff, I’m a escalation engineer on the Microsoft CPR Platforms team. This blog entry is a follow on for how to detect a hung window . This process and training lab is right out of our CPR Training curriculum. In order to do the lab I have prepared for you...
  • Blog Post: Detecting and automatically dumping hung GUI based windows applications..

    Written by Jeff Dailey My name is Jeff, I’m an Escalation Engineer on CPR Platforms team. Following Tate’s blog on scoping hangs I’d like discus a common category of hangs and some creative ways to track them down. I will be providing a couple of labs to go with this post that you can run and debug...
Page 1 of 1 (23 items)