Tools for Your Debugging Toolbox

This article was just updated to include an internal Microsoft tool that is now public.

There are many free tools used to troubleshoot and debug software. Below I present a list of the tools that my peers and I use most of the time. Though most of the tools below are free Microsoft tools, not all are very well known.

If you’re a Microsoft Premier customer and think it’s a good idea for you and your team to learn from a Developer PFE about when and how these tools should be used (with demos), contact your TAM (Technical Account Manager) and tell him/her you’re interested on the PFE Developer Toolbox Chalk Talk. This Chalk Talk can be delivered on site or remotely and takes about 6 hours.

Also, if you want to see some interesting videos of a Developer PFE debugging an application take a look at these videos.

Note: This article includes most tools from this blog post plus some more.




–        Performance MonitorPAL

–        Process Monitor

–        Process Explorer

–        MPSReport

–        SPSReport

–        SPDisposeCheck

–        Dependency Walker

–        SQL Nexus

–        LogParser

–        Indihiang

–        PowerShell

–        Application Verifier

–        Logger/LogViewer




–        XPerf – Windows Performance Analyzer

–        PerfView – Low Level Profiler for .NET applications

–        DebugDiag – Debug Diagnostic

–        ProcDump – Process Dump

–        WinDbg – Windows Debugging Tools

–        WinDbg Scripts – Automate the Debugging

–        Netmon – Microsoft Network Monitor

–        Fiddler – HTTP Debugger Proxy

–        NP .NET Profiler – Lightweight profiler designed to assist in troubleshooting issues such as slow performance, memory related issues, and first chance exceptions in .NET applications





Performance Monitor


–        Use to get information about the application’s health.

–        Use to see if and when the suspicious symptom happens.

–        Save a log file. It can be analyzed later.

–        Part of the Windows Operating System.



PAL (Performance Analysis of Logs)


–        The PAL tool reads in a Performance Monitor counter log (any known format) and analyzes it using complex, but known thresholds (provided).

–        The tool generates an HTML based report which graphically charts important performance counters and throws alerts when thresholds are exceeded.

–        The thresholds are originally based on thresholds defined by the Microsoft product teams and members of Microsoft support, but continue to be expanded by this ongoing project.





Process Monitor


–        Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation

–        Reliable capture of process details, including image path, command line, user and session ID

–        Filters can be set for any data field, including fields not configured as columns

–        Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data

–        Process tree tool shows relationship of all processes referenced in a trace

–        Boot time logging of all operations





Process Explorer


–        Easy way to see information from processes.

–        What is each thread doing? Call stack is available.

–        How is the CPU usage? You can see the CPU usage, Kernel and User Mode.

–        You can see which program has a particular file or directory opened.

–        You can search for a specific handle or DLL among the processes running.







–        Check DLL’s versions, hotfixes, software updates.

–        Compare if two machines have the same drivers, registry settings and softwares.







–        Think of MPSReport for SharePoint.

–        The SPS Reporting Tool is utilized to gather detailed information regarding a systems current configuration.







–        The SPDisposeCheck utility will assist you dig through your custom SharePoint MSIL assemblies looking for areas in your code that may require “closer examination” and might lead to Dispose() related memory leaks.  

–        A manual code review is still required to cast out ‘false positives’ that the tool may produce in the output report




Best Practices:



Dependency Walker


–        Scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules

–        For each module found, it lists all the functions that are exported by that module.

–        Detailed information about each file including a full path to the file, base address, version numbers, machine type, debug information, and more.

–        Useful for troubleshooting system errors related to loading and executing modules.





SQL Nexus


–        You don’t need to be a DBA to use this tool. J

–        You can quickly and easily load SQL Trace files; T-SQL script output, including SQL DMV queries; and Performance Monitor logs into a SQL Server database for analysis.

–        Excellent tool for isolating problems on the SQL Server side.










–        Focused on managed heap

– Who allocates what

– What objects survive

– What is on the heap

– Who is holding on to objects

–        Instrumented application writes log

–        Separate tool to analyze log offline

–        Intrusive tool

–        By default, every allocation, every call is logged

–        Expect 10 – 100 x slowdown

–        Logging can be turned off selectively for speedup

–        Not a tool to measure where time is spent




How To: Use CLR Profiler





–        Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory






Forensic Log parsing:


Log Parser scripts:


Visual LogParser tools:





          – Based on LogParser

          – Great tool to analyze IIS logs

          – Generate great charts

          – User interface easy to interact

          – Downside: slower than running regular LogParser scripts







–        Why do you need to learn another scripting language?

–        Less code than JScript and VBScript to accomplish the same task.

–        Total integration with .NET Framework.

–        Great for administrators and developers.

–        In PFE we use PowerShell as the preferred programming language used to create tools!

    –     Alternative to LogParser tool.



PowerShell is part of Windows 7 and newer versions.


For other Windows versions you can download from:


PowerShell blog:



Application Verifier (for Native coded applications)


– When the application is using APIs correctly:

–        Unsafe TerminateThread APIs.

–        Correct use of Thread Local Storage (TLS) APIs.

–        Correct use of virtual space manipulations (for example, VirtualAlloc, MapViewOfFile).


– Whether the application is hiding access violations using structured exception handling.

– Whether the application is attempting to use invalid handles.

– Whether there are memory corruptions or issues in the heap.

– Whether the application runs out of memory under low resources.

– Whether the correct usage of critical sections is occurring.

– Whether an application running in an administrative environment will run well in an environment with less privilege.

– Whether there are potential problems when the application is running as a limited user.

– Whether there are uninitialized variables in future function calls in a thread’s context.









–        Logger.exe logs every API call done by the target application.

–        LogViewer.exe displays the API calls logged by Logger.exe

–        With LogViewer.exe you can specific APIs that were called, filtering the output.



Logger/LogViewer are part of the Debugging Tools For Windows:


Command reference for Logexts.dll extension:


Calling Logexts.dll from WinDbg:








–        A very efficient tracing infrastructure provided by Windows

–        Enables high volume of tracing with minimal performance degradation

–        Can be used in User Mode and Kernel Mode


–        Provides many different graphical views of trace data including:

–        CPU Sampling

–        CPU and Disk utilization by process and thread

–        Interrupt service routine and deferred procedure call using

–        Hard faults

–        Disk I/O Detail

     –    Call stacks








–        Tool for quickly and easily collecting and viewing time and memory performance data.

–        Like XPERF, it is based on ETW (Event Tracing for Windows)

     – 2 modes of execution:

–            Optimizing Time.

–            Optimizing Memory.

–        Access to call stacks and Garbage Collector information.

–        Low Level compared to other Profilers.









–        You can create rules in order to collect dumps under specific conditions.

–        Crash rule – used for exceptions.

–        Performance rule – used for performance problems in any application, based on any Performance Monitor counter (like Procdump but with more options and UI). Also used for hangs or performance problems in IIS, based on internal ETW events.

–        Memory and Handle Leak rule – for memory leaks coming from native code.

–        Manual Dump collection – used in cases when the rules don’t apply, like performance.

–        Automated Analysis feature – DebugDiag can debug the dump for you and present a report with the findings! The dump files don’t need to be collected with DebugDiag.




How to use the Debug Diagnostics tool to troubleshoot a process that has stopped responding in IIS


How to use the IIS Debug Diagnostics tool to troubleshoot a memory leak in an IIS process


How to use the IIS Debug Diagnostics Tool to troubleshoot an IIS process that stops unexpectedly


How to use the Debug Diagnostics Tool to troubleshoot high CPU usage by a process in IIS


A client application may intermittently receive an error message when a client application tries to create a COM+ component





–        Enables you to collect dump files when a specific application is consuming high CPU.

–        You choose the CPU threshold to trigger the dump.

–        Excellent for intermitent high CPU scenarios.







–        Free and powerful Microsoft debugger.

–        More powerful than Visual Studio.

–        Enables user mode debugging and kernel debugging.

–        Post-Mortem debugging (dump analysis) and live debugging.

–        Downside: More difficult to use than Visual Studio but worth learning.




Psscor2.dll – debugger extension:


Sosex.dll – debugger extension:



WinDbg Scripts


–        Scripts are used to automate the debugging session.

–        WinDbg Scripts are created with the WinDbg script language which is similar to C.

–        WinDbg Scripts are great for small scripts.







–        Use it when you suspect the bottleneck is network related.

–        Collects logs from network activity.

–        Easy way to visualize HTTP, TCP/IP and other types of network communication.









–        Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet.

–        If you think the network might be the bottleneck for the poor performance of your web application you can use Fiddler or Netmon.




Instructional videos:


NP .NET Profiler

–   Easy to use .NET Profiler, easier to use than Visual Studio.

–   Used for issues such as slow performance, memory related issues, and first-chance exceptions in .NET applications.

–   It can troubleshoot the following types of .NET applications:

  • ASP.NET Web Applications
  • .NET Windows Applications (WCF, WPF and WF )
  • .NET Console Applications
  • .NET Window Services
  • .NET COM+ Components
  • Azure Service





If you have a free tool you’d like to share feel free to do that via Comments below.

Comments (8)

  1. Barry Kelly says:

    Re Xperf / Windbg: have you seen this article:…/xperf-symbol-loading-pitfalls – re performance regressions in dbghelp.dll when used with Xperf?

  2. Hi Barry,

    I was not aware of that (thanks for sharing it! :)) and never had this situation happening to me.

    Here is why:

    a) When collecting a trace/dump file (whether it's XPerf, DebugDiag, UMDH, PerfView, etc…) you don't need symbols.

    b) When analyzing a trace/dump file then you'll need to setup the symbols.

    What I do is to use the same symbols folder/path I use for WinDbg/DebugDiag when analyzing the trace, so most, if not all symbols that I need, are already local in my machine.



  3. Txomin says:


  4. Bruce Dawson says:

    Rafarah, you misunderstood the problem which my blog post (pointed to by Barry Kelly) describes. Even if the symbols are on your machine then xperfview may not be able to load them — if dbghelp.dll is not in its path.

    Even if xperfview is able to load symbols it may be painfully slow — recent versions of dbghelp.dll can run up to 150x slower than older versions (2.5 hours to transcode a single PDB file versus one minute) when used by xperfview.

  5. Bruce, thanks for clarifying that.

    Since I haven't experience this issue (maybe because of the version of XPerf I've been using) I don't have much to say about it, so I suggest to reach these guys:…/askpfeplat  

    They have many posts about XPerf and may have more information about this problem.

  6. MaheshK says:

    Really useful. thanks for sharing.

  7. Nicolas D. says:

    I could not live without the API Monitor of Rohitab (

    It logs WINAPI access in real time for your applications.

    Curiously, almost no one know it, but the only tools from Microsoft that had such quality are the sysinternals one. Ok was not MS initially… :p


  8. For those not having access to SQL Server Profiler, there's an express edition version that is free and open source. The original project on Google Code seems to have been removed by the developer after they got bought or something, but someone shared an archive of the source on GitHub, no binaries this time around but the source is available. It's nowhere as feature rich as the official MS version, but it was handy for SQL trace profiling as a free tool:…/sqlexpressprofiler