Configuring a Hyper-V VM For Kernel Debugging

Yesterday’s blog prompted some questions about how to set up a debugger for a Windows OS running in a Hyper-V VM.  I was surprised that I wasn’t able to find good, publicly available, Microsoft issued documentation for this configuration.   The first step is to configure the Windows OS in the VM to enable a…

2

My Kernel Debugger Won’t Connect

Hello ntdebugging readers, the Debug Ninja is back again with a quick blog this holiday season.  I recently encountered a situation where the kernel debugger could not connect to a Windows Server 2008 R2 system running in a Hyper-V virtual machine.  The configuration appeared correct; however, the debugger would not connect to the VM.  …

3

Where Did My Disk I/O Go?

Hello, Mr. Ninja back again.  I recently discovered that although my team often tracks I/O from the file system through to the disk controller, we have never publicly documented the steps required to do this.  This seems like a great opportunity for a blog because most of the structures are known, and they are even…

4

Call Stacks for Pool Allocations

Hello, it’s the Debug Ninja back again for another NtDebugging Blog article.  For as long as I can remember user mode debuggers have had an easy way to get call stacks for heap allocations.  On more recent versions of Windows this has been as simple as using gflags +ust and umdh or !heap -k.  Kernel…


Debugging a CLOCK_WATCHDOG_TIMEOUT Bugcheck

Hi debuggers, Andrew Richards here for my first NT Debugging post. I thought I’d share a recent case that used a lot of discovery techniques to uncover the details of what was going on. Most bugchecks give you the information you need as arguments, but in the case of bugcheck 0x101, I had to go…

2

Determining The Interrupt Line For A Particular PCI-E Slot

Hi debuggers, this is Graham McIntyre again. These days I’m working more closely with hardware so I thought I’d share some hardware related debugging tips.  I recently debugged an issue where a PCI-E storage device failed to work after hot swapping it from one slot to another slot on the system without rebooting.  We determined…

5

What Is In A RHS Dump File Created By Windows Error Reporting

Hello all, East here.  I wanted to give you a hint on how to use a RHS dump to find what thread was part of the Windows Server 2008 R2 cluster RHS recovery deadlock.   First let me start off with letting you know that Windows Server 2008 R2 will create two types of user-mode…

3

Control Panel Policy and the Missing Icon

A customer recently reported a rather peculiar problem.  They were working on a roll out of Windows 7, and one of the policies they employed on their domain was the “Show only specified control panel applets” setting.  As its name implies, this policy allows an administrator to specify the names of any Control Panel icons…

1

Hunting for Bugs, but Found a Worm

Hi All, my name is Ron Riddle and I’m an Escalation Engineer on the core Windows team.  I worked an issue recently wherein a svchost.exe was crashing due to heap corruption; so, after enabling Page Heap and breaking out the services as needed, I received a user-mode dump that would show me the culprit.  I…

5

Uncovering How Workspaces Work in WinDbg

Author – Jason Epperly Workspaces have always been a little confusing to me. I knew how to bend them to do what I needed to get the job done, however they still remained a bit mysterious. Recently I decided to sort this out, just so I knew how they worked under the hood. But before I…

1