Browse by Tags


  • Blog Post: Debugging a Network Connectivity Issue - TrackNblOwner to the Rescue

    Hello Debug community this is Karim Elsaid again.  Today I’m going to discuss a recent interesting case where intermittently the server is losing access to the network.  No communication (even pings) can be done from / to the server when the issue hits.   We went through the normal exercise...
  • Blog Post: Case of the Unexplained Services exe Termination

    Hello Debuggers! This is Ron Stock from the Global Escalation Services team and I recently worked an interesting case dispatched to our team because Services.exe was terminating. Nothing good ever happens when Services.exe exits. In this particular case, client RDP sessions were forcibly disconnected...
  • Blog Post: Troubleshooting Pool Leaks Part 7 – Windows Performance Toolkit

    In Part 1 of this series we identified a pool leak in non paged pool.  In Part 2 and Part 3 of this series we identified what pool tag was leaking.  In Part 5 and Part 6 we got call stacks showing the memory being allocated.  In this article we are going to discuss a tool that combines...
  • Blog Post: Troubleshooting Pool Leaks Part 6 – Driver Verifier

    In part 5 we used poolhittag to get call stacks of pool being allocated and freed.  This information is often essential to identifying the cause of a memory leak; however it is not always feasible to configure a live kernel debug to obtain this information.  Fortunately there are alternative...
  • Blog Post: Troubleshooting Pool Leaks Part 5 – PoolHitTag

    In Part 4 we narrowed the source of the leaked pool memory to the specific driver which is allocating it, and we identified where in the driver this allocation was taking place.  However, we did not capture contextual information such as the call stack leading up to this code.  Also, we didn...
  • Blog Post: Troubleshooting Pool Leaks Part 4 – Debugging Multiple Users for a Tag

    In our previous articles we discussed various techniques for identifying a pool memory leak and narrowing the scope of the leak to an individual pool tag.  Knowing the leaking pool tag is often sufficient to identify the cause of the problem and find a solution.  However, there may be a scenario...
  • Blog Post: Troubleshooting Pool Leaks Part 3 – Debugging

    In our previous articles we discussed identifying a pool leak with perfmon , and narrowing the source of the leak with poolmon .  These tools are often preferred because they are easy to use, provide verbose information, and can be run on a system without forcing downtime.  However, it is not...
  • Blog Post: Troubleshooting Pool Leaks Part 2 – Poolmon

    In our previous article we discussed how to identify a pool leak using perfmon.  Although it may be interesting to know that you have a pool leak, most customers are interested in identifying the cause of the leak so that it can be corrected.  In this article we will begin the process of identifying...
  • Blog Post: Troubleshooting Pool Leaks Part 1 – Perfmon

    Over the years the NTDebugging Blog has published several articles about pool memory and pool leaks.  However, we haven’t taken a comprehensive approach to understanding and troubleshooting pool memory usage.  This upcoming series of articles is going to tackle pool leaks from the basics to...
  • Blog Post: Identifying Global Atom Table Leaks

    Hi, it's the Debug Ninja back again with another debugging adventure.   Recently I have encountered several instances where processes fail to initialize, and a review of available resources showed that there was no obvious resource exhaustion.   A more in depth review found that there were...
  • Blog Post: Where Did My Disk I/O Go?

    Hello, Mr. Ninja back again.   I recently discovered that although my team often tracks I/O from the file system through to the disk controller, we have never publicly documented the steps required to do this.   This seems like a great opportunity for a blog because most of the structures are...
  • Blog Post: Interpreting a WHEA error for a MCA fault

    Howdy fellow debuggers! This is Graham McIntyre, I am an Escalation Engineer in Platforms Global Escalation Services.   We get questions from time to time from customers who experience a WHEA bugcheck 0x124, or system event, for help in interpreting the error record. The information applies to Windows...
  • Blog Post: x64 Manual Stack Reconstruction and Stack Walking

    My name is Trey Nash and I am an Escalation Engineer on the Core OS team. My experience is as a software developer, and therefore my blog posts tend to be slanted in the direction of helping developers during the feature development, testing and the support phases. In this installment I would like...
  • Blog Post: Challenges of Debugging Optimized x64 Code

    If you have not had the luxury of debugging optimized x64 code as of yet, don’t wait much longer and fall behind the times!   Due to the x64 fastcall-like calling convention coupled with the abundance of general purpose registers, finding variable values at arbitrary points in a call stack can be...
Page 1 of 1 (14 items)