Hotfix to Enable Mini-Filter Performance Diagnostics With XPerf for Windows Server 2008R2

Greetings ntdebugging community, Bob here again and today I would like to let everyone know about a new feature implemented in Windows Server 2008 R2’s kernel and filter manager binaries released in knowledge base article 2666390.   Beginning with this update, a minifilter that is adversely affecting system performance can be identified in Windows 2008…


For testing purposes only, and other desktop watermarks

Hi all, Matt here again.  One of our team’s main functions is to work with our development teams to create hotfixes when customers run into issues that can only be resolved through a code change.  The developers will often prepare a private test fix that either tests the proposed change, or adds additional instrumentation to…


The Mystery of Lsass.exe Memory Consumption, (When all components get involved)

Hi All, this is Karim Elsaid and I’m a Support Escalation Engineer working with the Dubai platforms support team.  Recently I was working on a very challenging and interesting case, and I wanted to share that experience with you.   One of our customers was experiencing a problem on all his Domain Controllers (Running x86…


Expanding Netmon to aid in debugging

A walk-through of creating a Netmon parser in the context of a real case   As is obvious to frequent readers of our blog, our team logs a lot of time in our debugger of choice (for some windbg, for others kd).  However, a debugger is not always the best tool for the job, and…


Windows Performance Toolkit – Xperf

I recently came across a very interesting profiling tool that is available in Vista SP1 and Server 08 called the Windows Performance Analyzer. You can use this tool to profile and diagnose different kinds of symptoms that the machine is experiencing. This tool is built on top off the Event Tracing for Windows (ETW) infrastructure….


TalkBackVideo Understanding handle leaks and How to use !htrace to find them

Written by Jeff Dailey   Hello, my name is Jeff Dailey, I’m an Escalation Engineer for the Global Escalation Services Platforms team.   I’d like to show you how to debug and find leaking handles within your application or other process.  We can do this with the !htrace command in windbg .  Windbg is the Microsoft…


Hung Window?, No Source?, No Problem!! Part 2

Written by Jeff Dailey   Hello, my name is Jeff, I’m a escalation engineer on the Microsoft CPR (critical problem resolution) platforms team.   This blog entry is part 2 of my Hung Window?, No source?, No problem!! Part 1 blog.   In this lab we will be debugging a problem involving multi threaded applications and synchronization…


Hung Window?, No source?, No problem!! Part 1

Written by Jeff Dailey   Hello, my name is Jeff, I’m a escalation engineer on the Microsoft CPR Platforms team.   This blog entry is a follow on for how to detect a hung window.   This process and training lab is right out of our CPR Training curriculum.  In order to do the lab I have…


Detecting and automatically dumping hung GUI based windows applications..

Written by Jeff Dailey  My name is Jeff,  I’m an Escalation Engineer on CPR Platforms team.  Following Tate’s blog on scoping hangs I’d like discus a common category of hangs and some creative ways to track them down.  I will be providing a couple of labs to go with this post that you can run and…


Understanding Pool Consumption and Event ID: 2020 or 2019

  Hi!  My name is Tate.  I’m an Escalation Engineer on the Microsoft Critical Problem Resolution Platforms Team.  I wanted to share one of the most common errors we troubleshoot here on the CPR team, its root cause being pool consumption, and the methods by which we can remedy it quickly!   This issue is…