Ntdebugging Blog

Microsoft Advanced Windows Debugging and Troubleshooting - Contributions to this blog are made by the Microsoft Global Business Support - Windows Serviceability team.

When Special Pool is not so Special

Hi Everyone.  Richard here in the UK GES team bringing you an interesting case we saw recently...

Author: ntdebug Date: 11/04/2015

We Are Hiring – North Carolina and Texas

Would you like to join the world’s best and most elite debuggers to enable the success of Microsoft...

Author: ntdebug Date: 10/16/2015

Uncover the mystery of a bugcheck 0x24 (NTFS_FILE_SYSTEM)

  My name is Nan, I am an Escalation Engineer in Platforms Global Escalation Services in GCR....

Author: ntdebug Date: 04/30/2015

We Are Hiring Windows Escalation Engineers in Munich, Germany

Would you like to join the world’s best and most elite debuggers to enable the success of Microsoft...

Author: ntdebug Date: 01/15/2015

Disk Performance Internals

Abstract: My name is Ran Jiang. I am from the Platforms Global Escalation Services team in China....

Author: ntdebug Date: 12/09/2014

Driver Object Corruption Triggers Bugcheck 109

My name is Victor Mei, I am an Escalation Engineer in Platforms Global Escalation Services in...

Author: ntdebug Date: 11/20/2014

How to identify a driver that calls a Windows API leading to a pool leak on behalf of NT Kernel?

Hello my name is Gurpreet Singh Jutla and I would like to share information on how we can trace the...

Author: ntdebug Date: 09/12/2014

Windows Troubleshooting – Stop 9E Explained

What to do if a stop 9E occurs.  How you can solve the issue yourself.

Author: ntdebug Date: 08/27/2014

Windows Troubleshooting – Special Pool

The Windows Support team has a new YouTube channel, “Windows Troubleshooting”.  The first set...

Author: ntdebug Date: 08/27/2014

Bugchecking a Computer on A Usermode Application Crash

Hello my name is Gurpreet Singh Jutla and I would like to share information on how we can bugcheck a...

Author: ntdebug Date: 06/19/2014

Understanding ARM Assembly Part 3

My name is Marion Cole, and I am a Sr. Escalation Engineer in Microsoft Platforms Serviceability...

Author: ntdebug Date: 05/29/2014

Understanding ARM Assembly Part 2

My name is Marion Cole, and I am a Sr. Escalation Engineer in Microsoft Platforms Serviceability...

Author: ntdebug Date: 05/15/2014

NTFS Misreports Free Space (Part 3)

It’s been a while since my last post on this topic, and I wanted to take some time to update...

Author: ntdebug Date: 05/08/2014

Understanding Pool Corruption Part 3 – Special Pool for Double Frees

In Part 1 and Part 2 of this series we discussed pool corruption and how special pool can be used to...

Author: ntdebug Date: 12/31/2013

Event ID 157 "Disk # has been surprise removed"

Hello my name is Bob Golding and I would like to share information on a new error you may see in the...

Author: ntdebug Date: 12/27/2013

Understanding ARM Assembly Part 1

My name is Marion Cole, and I am a Sr. EE in Microsoft Platforms Serviceability group.  You may...

Author: ntdebug Date: 11/22/2013

The Compiler Did What?

I was recently investigating a crash in an application.  As I researched the issue I found a...

Author: ntdebug Date: 11/07/2013

Debugging a Generation 2 Virtual Machine

Hyper-V is based on the 440BX (PCI) chipset for emulation. The decision to use this chipset started...

Author: ntdebug Date: 10/24/2013

Performance Monitor Averages, the Right Way and the Wrong Way

Performance Monitor (perfmon) is the preferred tool to measure the performance of Windows...

Author: ntdebug Date: 09/30/2013

Missing System Writer Case Explained

I worked on a case the other day where all I had was a procmon log and event logs to troubleshoot a...

Author: ntdebug Date: 08/27/2013

Understanding Pool Corruption Part 2 – Special Pool for Buffer Overruns

In our previous article we discussed pool corruption that occurs when a driver writes too much data...

Author: ntdebug Date: 08/22/2013

Understanding Pool Corruption Part 1 – Buffer Overflows

Before we can discuss pool corruption we must understand what pool is.  Pool is kernel mode...

Author: ntdebug Date: 06/14/2013

Another Who Done It

Hi my name is Bob Golding, I am an EE in GES. I want to share an interesting problem I recently...

Author: ntdebug Date: 05/31/2013

Remoting Your Debug Crash Cart With KDNET

This is Christian Sträßner from the Global Escalation Services team based in Munich, Germany.  ...

Author: ntdebug Date: 05/09/2013

Interpreting Event 153 Errors

Hello my name is Bob Golding and I would like to share with you a new event that you may see in the...

Author: ntdebug Date: 04/30/2013

Commitment Failures, Not Just a Failed Love Story

I was working on a debug the other day when I ran the “!vm” command and saw that the system had some...

Author: ntdebug Date: 04/16/2013

Understanding File System Minifilter and Legacy Filter Load Order

Hello, my name is Fred Jeng from the Global Escalation Services team. For today’s post, I want to go...

Author: ntdebug Date: 03/25/2013

Don't Believe Everything You Read

Recently, I was contacted by a customer who was advised by an ISV to set a registry value under one...

Author: ntdebug Date: 03/06/2013

Debugging a Debugger to Debug a Dump

Recently I came across an instance where my debugger did not do what I wanted.  Rarely do...

Author: ntdebug Date: 02/27/2013

How to Setup a Debug Crash Cart to Prevent Your Server from Flat Lining

This is Ron Stock from the Global Escalation Services team and I recently had the task of live...

Author: ntdebug Date: 01/31/2013

Case of the Unexplained Services exe Termination

Hello Debuggers! This is Ron Stock from the Global Escalation Services team and I recently worked an...

Author: ntdebug Date: 01/30/2013

Use Caution When Implementing IPC for Performance Counters

  Recently I was working with a developer who had created performance counters that work in...

Author: ntdebug Date: 12/31/2012

Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on Windows Server 2012

What is a bug check 0x133? Starting in Windows Server 2012, a DPC watchdog timer is enabled which...

Author: ntdebug Date: 12/07/2012

Troubleshooting Pool Leaks Part 7 – Windows Performance Toolkit

In Part 1 of this series we identified a pool leak in non paged pool.  In Part 2 and Part 3 of...

Author: ntdebug Date: 11/30/2012

Troubleshooting Pool Leaks Part 6 – Driver Verifier

In part 5 we used poolhittag to get call stacks of pool being allocated and freed.  This...

Author: ntdebug Date: 10/31/2012

Breaking down the "Cl" in !irp

Hey there NTDEBUGGERS my name is Randy Monteleone and today we are going to talk about IRPs. In the...

Author: ntdebug Date: 10/29/2012

Troubleshooting Pool Leaks Part 5 – PoolHitTag

In Part 4 we narrowed the source of the leaked pool memory to the specific driver which is...

Author: ntdebug Date: 09/28/2012

Troubleshooting Pool Leaks Part 4 – Debugging Multiple Users for a Tag

In our previous articles we discussed various techniques for identifying a pool memory leak and...

Author: ntdebug Date: 09/28/2012

Troubleshooting Pool Leaks Part 3 – Debugging

In our previous articles we discussed identifying a pool leak with perfmon, and narrowing the source...

Author: ntdebug Date: 08/31/2012

Troubleshooting Pool Leaks Part 2 – Poolmon

In our previous article we discussed how to identify a pool leak using perfmon.  Although it...

Author: ntdebug Date: 08/30/2012

Troubleshooting Pool Leaks Part 1 – Perfmon

Over the years the NTDebugging Blog has published several articles about pool memory and pool...

Author: ntdebug Date: 07/31/2012

How To Deadlock Yourself (Don’t Do This)

Some APIs should come with a warning in big red letters saying “DANGER!”, or perhaps more subtly...

Author: ntdebug Date: 07/19/2012

Next>