How to modify an application behavior when you don't have the source

  From time to time we need to help customers change the way an application interacts with the operating system or SDKs.  The challenge is often the access to the code.  Sometimes neither party may own the application in question and none of the parties have access to the source.   Luckily, the Microsoft Research team…

3

Remote kernel or user mode debugging of dumps or live systems

  GES (Global Escalation Services) is not only responsible for helping our external customers, but we spend a great deal of time collaborating with engineers and developers around the world at our support and development sites.  We often look at large dump files, but in some cases we perform a live debug to determine root…

3

Red alert! My Server is hung - what do I do?

So you have a dump from a hung server and you’re the first person on the scene. Your IT Manager is jumping up and down, the phone is ringing off the hook and people are hovering outside your cube.  It’s game time and the pressure is on!!!  Now what do you do?    Well take…

5

How to Access the User Mode Debugger from the Kernel Debugger

In certain cases you may want to use a user mode debugger to debug a process from within the kernel debugger.    It could be that you have an application that loads a kernel mode driver, and you want to be able to debug the user mode aspect of the application and then break into the…

4

What Are the Odds?

  Hi NTDebuggers, something rarely talked about are the odds of a problem being in one piece of code vs. another.   From time to time we see some very strange debugs or symptoms reported by customers.  The problems can be associated with anything from an internally written application, a Microsoft product running on Windows, or…

2

Designing the Perfect Breakpoint

  Written by Jeff Dailey.     When it comes to live debugging, the breakpoint is king.  Oftentimes solving a very complex problem in a production environment involves doing a local, non-production debug one of my own test machines.  I’ll typically debug the process or code in question to get a good idea of how…

4

Windbg Tip: KN, .Frame , DV, and DT - It's so easy

Written by Jeff Dailey. Hello NTDebuggers, many of us take for granted some of the simple commands in the debugger that make life easy. I was thinking of several in particular that go great together.  The first command would be kn.  Kn will show the current call stack and includes the stack frame number to the…

3

NTDebugging Puzzler 0x00000006: Invalid Handle - can you handle it?

Hi NTDebuggers, this week’s puzzler just so happens to match its number: 0x000000006 = ERROR_INVALID_HANDLE.   That said, let me give you a scenario and the challenge will be to provide the best action plan to isolate the problem.  This should include an explanation of what types of code problems cause invalid handles.     Scenario 1…

5

How to track down High CPU in User Mode Applications - A live debug!

  Written by Jeff Dailey.   Hello NTDebuggers,  I’d like to talk about a common issue we deal with on a regular basis.   We are often tasked with finding what functions are using CPU within a user mode process / application.  Typically a user will find an application that is using more CPU then they…

6

NTDebugging Puzzler 0x00000005 (Better late than never)

Hello NTDebuggers, from time to time we see the following problem.  It’s another access violation, and the debug notes below are from a minidump.      Here is what we need to know…   ·         Generally speaking what happened to cause this AV? ·         What method you would use to isolate root cause of the…

10