Working on an Application Compatibility Issue? Let us Help!

This isn’t our typical debugging type article however I found the information very useful for the developer community. Windows 7 is slated to launch in the next few weeks. If your applications aren’t quite ready for Windows 7 and having you’re having issues we may be able to help you out! Last Monday we launched…


Part 1 – ETW Introduction and Overview

Introduction:   Event Tracing for Windows (ETW) is a system and software diagnostic, troubleshooting and performance monitoring component of Windows that has been around since Windows 2000. However, it wasn’t until Windows Vista that major components of the OS were updated to heavily use ETW tracing; making it much more practical and useful. ETW is…


GES Team



CSI Debugging – Uncovering the cause of a Server Hang

My name is Nischay Anikar from the Escalation Engineer team in Global Escalation Services. In today’s post I’ll present a weird problem I worked through with a client. When we started to work on the problem, we found the following: Ping to the box worked. Keyboard was responding. Shares on the system were accessible remotely….


Upcoming Ntdebugging Blog Schedule

Debuggers – This is the list of the upcoming articles “in the works”. The Story of a Hung Box ETW_BlogPost_ETW Introduction and Overview ETW_BlogPost_Exploring and Decoding ETW… ETW_BlogPost_MethodsOfTracing Got Stack?   No. We ran out and kv won’t tell me why! Part 2: Got Stack?   No. We ran out and kv won’t tell me why! WMI:…


Using Xperf to investigate slow I/O issues

Debuggers, Here’s another short video of the type of triage possible with Xperf, this time Bob shows us how to track down a slow I/O issue. Since I/O Manager is instrumented at IoCallDriver and IoCompleteRequest we can often use this information to diagnose a Slow I/O or SAN issue. The steps to enable the tracing…


Debugging a Bugcheck 0xF4

My name is Ryan Mangipano (ryanman) and I am a Sr. Support Escalation Engineer at Microsoft.  Today’s blog will be a quick walkthrough of the analysis of a bugcheck 0xF4 and how I determined that the action plan going forward should consist of enabling pool tagging on this system.   I began my review with…


Debug Nugget: DumpConfigurator Utility

Hi – my name is Naresh and I am a Sr. Escalation Engineer on the Microsoft GES platforms team. Today I’m discussing a simple, yet powerful GUI tool used to configure a Windows system locally or remotely for a memory dump. The name of the tool is DumpConfigurator.hta and it can be accessed from CodePlex. …


Who is restarting my server?

Hello – This is Omer and I recently came across a case where the customer reported that they could not reboot into safe mode using their custom image. Whenever they booted into safe mode, the machine would get to the logon screen, wait for 5 seconds and then reboot regardless of any user input. Nothing…


Reversing in Reverse, Part 2: More Linked-List Pool Corruption

Hello – It’s Ryan again with the second installment of my list corruption walkthrough. The previous blog post is here – Reversing in Reverse: Linked-List Pool Corruption, a Complete Walkthrough (Part 1)  In part one we walked through the analysis of a memory.dmp collected during a bugcheck caused by pool corruption. The post also discussed doubly linked lists and demonstrated an unconventional…