[PowerShell Script] Isolating the Threads Consuming High CPU

When helping my customers with scenarios in which the symptom is high CPU, I very often end up with only a dump file from the application consuming high CPU and nothing else. When you have a high CPU scenario and you have dump files, you need a Performance Monitor log in order to see the…


[PowerShell Script] PowerDbg v2.3 – Using PowerShell to Control WinDbg

It has been a while since my previous blog post. I’ve been busy with other tasks, including the new PowerDbg version 2.3. There’s a lot of new stuff on this new version and my estimate is that about 80% of the most used Windbg commands have been covered so far. J Let me present the…


[Recommended Books] Awesome Debugging Book

I’ve been exchanging e-mails with Mario Hewardt and Daniel Pravat, authors of the upcoming debugging book “Advanced Windows Debugging”.   I must tell you: this post is to share my excitement with this book!   The book covers everything you can imagine regarding native debugging! Take a look at the table of contents:   Part…


[PowerShell Script] Saving a Module from a .NET Method Call

This is my first script using the PowerDbg functions. It’s a good example of how to use PowerDbg to build your own scripts. PowerDbgScriptSaveModule.ps1 is the PowerShell version of my Windbg script Save_Module.txt   Actually it does more than the previous version: it automatically saves the module that uses a specific method call. Then you…


[PowerShell Script] PowerDbg – Using PowerShell to Control WinDbg

[Note: According to Lee Holmes (one of the PowerShell creators) recommendation I changed the name convention. The images were not updated.]   Sometime ago a colleague of mine, Vandy Rodrigues, from the Messaging team, was enthusiastic to tell me about PowerShell and why I should learn it. I must admit to my readers that my…


Understanding "Magic" Pointers and Offsets

With this blog post I try to explain how “magic” pointers and offsets work. I just copied the term “magic” to refer to these kinds of pointers or offsets:   dd poi(0x129514 + 0x18) + 0x8 L2 du poi(0x0007de95) du poi(poi(poi(0x129514 + 0x9c)) + 0x4) dd poi(0x129514 + 0x34)   To use an analogy: it…


NetWiz – Tool to Assist Users in Using NMCap from Netmon 3

Last year my colleague Yuri Diogenes, a network specialist, asked me if I wanted to create a tool with him. He had this idea for a very user friendly tool that users could use to configure NMCap, that is part of Netmon 3. Actually, it was a great idea! The NetWiz tool was created to…


[Windbg Script] Disassembling Routines and Searching for Instructions

Sometimes you cannot avoid reading the disassembled code to look for a specific assembly instruction. You may want to see if a particular function is doing some specific operation, using some specific register, or calling other functions. You can do that using the disassembling window or using a dead listing and looking for specific instructions;…


Sherlock – Tool for Blocker Script analysis – SQL Server 2000 and 7.0

This blog article is about an old tool that never got a kb article (for some reason), but now has its own space here.   A few years ago, back in 2004, I was creating a tool for SQL Server 2000 and 7.0 to help me analyze blocking scenarios. It was my first C# application….