Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Jeff   (RSS)

How to modify an application behavior when you don't have the source

From time to time we need to help customers change the way an application interacts with the operating system or SDKs. The challenge is often the access to the code. Sometimes neither party may own the application in question and none of the parties have Read More...
Posted Friday, November 21, 2008 8:42 PM by ntdebug | 3 Comments
Filed under: ,

Remote kernel or user mode debugging of dumps or live systems

GES (Global Escalation Services) is not only responsible for helping our external customers, but we spend a great deal of time collaborating with engineers and developers around the world at our support and development sites. We often look at large dump Read More...
Posted Tuesday, October 28, 2008 7:43 PM by ntdebug | 2 Comments
Filed under: ,

Red alert! My Server is hung - what do I do?

So you have a dump from a hung server and you’re the first person on the scene. Your IT Manager is jumping up and down, the phone is ringing off the hook and people are hovering outside your cube. It’s game time and the pressure is on!!! Now what do you Read More...
Posted Friday, September 12, 2008 8:48 PM by ntdebug | 5 Comments
Filed under: , ,

How to Access the User Mode Debugger from the Kernel Debugger

In certain cases you may want to use a user mode debugger to debug a process from within the kernel debugger. It could be that you have an application that loads a kernel mode driver, and you want to be able to debug the user mode aspect of the application Read More...
Posted Friday, August 08, 2008 8:58 PM by ntdebug | 4 Comments
Filed under: ,

What Are the Odds?

Hi NTDebuggers, something rarely talked about are the odds of a problem being in one piece of code vs. another. From time to time we see some very strange debugs or symptoms reported by customers. The problems can be associated with anything from an internally Read More...
Posted Friday, July 25, 2008 8:44 PM by ntdebug | 2 Comments
Filed under: ,

Designing the Perfect Breakpoint

Written by Jeff Dailey. When it comes to live debugging, the breakpoint is king. Oftentimes solving a very complex problem in a production environment involves doing a local, non-production debug one of my own test machines. I’ll typically debug the process Read More...
Posted Wednesday, June 11, 2008 6:32 PM by ntdebug | 4 Comments
Filed under: ,

Windbg Tip: KN, .Frame , DV, and DT - It's so easy

Written by Jeff Dailey. Hello NTDebuggers, many of us take for granted some of the simple commands in the debugger that make life easy. I was thinking of several in particular that go great together. The first command would be kn . Kn will show the current Read More...
Posted Friday, June 06, 2008 2:25 PM by ntdebug | 3 Comments
Filed under: ,

NTDebugging Puzzler 0x00000006: Invalid Handle - can you handle it?

Hi NTDebuggers, this week’s puzzler just so happens to match its number: 0x000000006 = ERROR_INVALID_HANDLE. That said, let me give you a scenario and the challenge will be to provide the best action plan to isolate the problem. This should include an Read More...
Posted Monday, May 19, 2008 7:59 PM by ntdebug | 5 Comments
Filed under: , ,

How to track down High CPU in User Mode Applications - A live debug!

Written by Jeff Dailey. Hello NTDebuggers, I’d like to talk about a common issue we deal with on a regular basis. We are often tasked with finding what functions are using CPU within a user mode process / application. Typically a user will find an application Read More...
Posted Friday, May 16, 2008 2:07 AM by ntdebug | 6 Comments
Filed under: ,

NTDebugging Puzzler 0x00000005 (Better late than never)

Hello NTDebuggers, from time to time we see the following problem. It’s another access violation, and the debug notes below are from a minidump. Here is what we need to know… · Generally speaking what happened to cause this AV? · What method you would Read More...
Posted Tuesday, May 06, 2008 6:00 PM by ntdebug | 10 Comments
Filed under: , ,

How to have a colorful relationship with your dump files

Hello NTDebuggers… I look at a lot of dump files every day. This being the case I like to take full advantage of the customizable look and feel of windbg. I actually have an association setup between DMP files and a CMD file that loads my customized COLOR Read More...
Posted Friday, May 02, 2008 7:33 PM by ntdebug | 3 Comments
Filed under:

Announcement: ODbgExt (Open Debugger Extension) on CodePlex

Hello NTDebuggers, I’d like to announce something new for our community to share. We have decided to host an Open Source Debugger Extension project called ODbgExt on codeplex.com Right now it’s just the basic framework. This will be something we can work Read More...
Posted Tuesday, April 29, 2008 7:28 PM by ntdebug | 3 Comments
Filed under: , ,

NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Hello NTdebuggers, I'm very impressed with the depth of the answers we are seeing from our readers. As I stated in last week's response, this week's puzzler is going to be harder. With that said let's take it up a notch. One of the things that is really Read More...
Posted Monday, April 21, 2008 4:13 PM by ntdebug | 37 Comments
Filed under: , ,

More dump forensics, understanding !locks, in this case a filter driver problem

Written by Jeff Dailey: Hello NTDebuggers, one of the most important things to understand in kernel debugging hung servers is the output of !locks. There can be a lot of data and it’s not always clear what is going on. One of the things I like to do in Read More...
Posted Thursday, April 17, 2008 8:25 PM by ntdebug | 2 Comments
Filed under: , ,

Debug puzzler 0x00000002 “Attack of the crazy stack”

Hi NTDebuggers, I have another puzzler for you. We started crash2.exe under windbg and it crashed. Go figure! Sometimes we have a very limited amount of data available to figure out what went wrong. That being said, this week’s puzzler only gives you Read More...
Posted Monday, April 14, 2008 9:09 PM by ntdebug | 17 Comments
Filed under: , ,
More Posts Next page »
 
Page view tracker