New Joint Citrix/Microsoft Facebook Forum

Got a virtualization issue?.. Not sure if it’s a Microsoft or Citrix problem?. Jump on the new Facebook forum to discuss your issue, share ideas, opinions and information related to Citrix and Microsoft virtualization products.!/pages/Citrix-and-Microsoft-Support/113004065426683  


Debug Sleuth at Work: Hung Server…..Mystery of the unprocessed SMB work item.

Hello folks, Pushkar here. I recently worked on a case where the server was hung at “Applying User Settings” during the logon phase. You might ask what’s going to be new in this post, NTDebugging has bunch of posts covering such debug scenarios J. In my defense, this case was particularly interesting because it defied…


Expanding Netmon to aid in debugging

A walk-through of creating a Netmon parser in the context of a real case   As is obvious to frequent readers of our blog, our team logs a lot of time in our debugger of choice (for some windbg, for others kd).  However, a debugger is not always the best tool for the job, and…


Debugging a Bugcheck 0x109

My name is Nader Khonsari. I am an escalation engineer in Platforms Global Escalation Services. I want to share with you a recent experience where 64-bit Windows Server 2008 servers at a customer location were encountering bugcheck 0x109 blue screen crashes.   In 64-bit versions of the Windows kernel PatchGuard is present. If any driver…


Debugging services startup in Svchost from a kernel mode debug session

Windows shared services allow us to run system services together in a single service by having multiple DLLs run in a single process called Svchost. This allows Windows to have many services to run with the overhead of a single process.   You can find more information about shared services here and here.   I like…


I Want A Debugger Robot

Hi,   My name is Sabin from the Platforms Global Escalation Services team at Microsoft, and today I want to share with you a recent experience I had debugging an issue reported by an hardware manufacturer.   The customer was doing a reboot test for their new server product line. They found that after hundreds…


Part 3: Understanding !PTE – Non-PAE and X64

Hello, Ryan Mangipano (ryanman) again with part three of my series on understanding the output of the !PTE command. In this last installment I’ll continue our manual conversion of Virtual Addresses by converting a Non-PAE VA. Afterwards I’ll convert a VA from X64 Long Mode. Then I’ll discuss the TLB. If you haven’t read part one…


‘Hidden’ ETW Stack Trace Feature – Get Stacks All Over the Place!

  I’ve heard Mark R. say that “sometimes Microsoft gave me a gift” when coming across an interesting feature not in mainstream documentation.  How true that often the odd find can prove ultimately very valuable.  Such was the case when I read Bruce Dawson’s Stack Walking in Xperf blog entry. Here’s the excerpt that blew…


x64 Manual Stack Reconstruction and Stack Walking

My name is Trey Nash and I am an Escalation Engineer on the Core OS team.  My experience is as a software developer, and therefore my blog posts tend to be slanted in the direction of helping developers during the feature development, testing and the support phases. In this installment I would like to expand…


Uncovering How Workspaces Work in WinDbg

Author – Jason Epperly Workspaces have always been a little confusing to me. I knew how to bend them to do what I needed to get the job done, however they still remained a bit mysterious. Recently I decided to sort this out, just so I knew how they worked under the hood. But before I…