Virtual Machine Managment Hangs on Windows Server 2012 R2 Hyper-V Host

Hi, my name is Christian Sträßner from the Global Escalation Services team based in Munich, Germany. Today we will look at a hang scenario that involves user and kernel dump analysis.  Also, we will demonstrate how to analyze a hang from both user and kernel modes without forcing a crash dump of the machine.  …

3

Bugchecking a Computer on A Usermode Application Crash

Hello my name is Gurpreet Singh Jutla and I would like to share information on how we can bugcheck a box on any usermode application crash. Set the application as a critical process when the application crash is reproducible. We may sometimes need a complete memory dump to investigate the information from kernel mode on…

2

Understanding Pool Corruption Part 3 – Special Pool for Double Frees

In Part 1 and Part 2 of this series we discussed pool corruption and how special pool can be used to identify the cause of such corruption.  In today’s article we will use special pool to catch a double free of pool memory.   A double free of pool will cause a system to blue…

1

Great power. Great responsibility.

When it comes to the registry, administrators are given great power to manually configure Windows to suit their needs, but even slight, seemingly innocuous changes to a particular key or value can have a drastic impact on basic operations of the system, even affecting its ability to boot properly.   I recently had the pleasure…

1

Debugging a Generation 2 Virtual Machine

Hyper-V is based on the 440BX (PCI) chipset for emulation. The decision to use this chipset started years ago with Connectix Virtual PC.  The advantage of using an emulated chipset based on a popular motherboard like the 440BX, along with associated peripherals, is the compatibility with a large number of operating systems.   Windows Server…

1

ResAvail Pages and Working Sets

Hello everyone, I’m Ray and I’m here to talk a bit about a dump I recently looked at and a little-referenced memory counter called ResAvail Pages (resident available pages).   The problem statement was:  The server hangs after a while.   Not terribly informative, but that’s where we start with many cases. First some good…

0

Understanding Pool Corruption Part 2 – Special Pool for Buffer Overruns

In our previous article we discussed pool corruption that occurs when a driver writes too much data in a buffer.  In this article we will discuss how special pool can help identify the driver that writes too much data.   Pool is typically organized to allow multiple drivers to store data in the same page…

1

Understanding Pool Corruption Part 1 – Buffer Overflows

Before we can discuss pool corruption we must understand what pool is.  Pool is kernel mode memory used as a storage space for drivers.  Pool is organized in a similar way to how you might use a notepad when taking notes from a lecture or a book.  Some notes may be 1 line, others may…

8

Debugging a Network Connectivity Issue – TrackNblOwner to the Rescue

Hello Debug community this is Karim Elsaid again.  Today I’m going to discuss a recent interesting case where intermittently the server is losing access to the network.  No communication (even pings) can be done from / to the server when the issue hits.   We went through the normal exercise and asked the customer to…

0

Debugging a Debugger to Debug a Dump

Recently I came across an instance where my debugger did not do what I wanted.  Rarely do computers disobey me, but this one was unusually stubborn.  There was no other option; I had to bend the debugger to my will.   There are many ways to make a computer program do what you want.  If…

1