ETW (Event Tracing For Windows) – what it is and useful tools

Event Tracing for Windows is the standard way to trace used by all features of Windows. Like the article Improve Debugging And Performance Tuning With ETW explains, ETW is “a general-purpose, high-speed tracing facility provided by the operating system. Using a buffering and logging mechanism implemented in the kernel, ETW provides a tracing mechanism for…

1

Windows Error Reporting and CLR integration

Windows Error Reporting (WER) monitors and collects information on crashes and hangs on Windows platforms newer that Windows XP. The information collected can be sent to a server for investigation (read more in my previous WER article). When creating reports, WER generates some parameters to bucket-ize the failures. Since the OS doesn’t know anything about…

16

Zoom in: what’s wrong with my process?

There are situations when we want to look closely at a process that is running in production environment – when a crash happens or when it just behaves badly (consumes too much memory, too much CPU, it hangs etc). There are multiple tools that can tell us what is wrong: –          Event log (Window Key…

1

Can’t load sos when looking at a dump

I sometimes hear people complain that they tried to open a dump file in windbg, but couldn’t get sos running. First, make sure that you are loading the dump with the corresponding debugger – open an x86 dump with an x86 debugger and an x64 one with the x64 debugger. (To learn more about memory…


Access Violation in a simple C++ program

I wrote a simple C++ program that removes the duplicate spaces in a string. The function doing the work is RemoveDupSpaces: char* RemoveDupSpaces(char *s) {       char *a = s; char *b = s;       while(*a != ‘\0’) {             while(*a != ‘ ‘ && *a != ‘\0’) *b++ = *a++;             // copy one…


Attach debugger across different logon sessions

Attaching a debugger to a service/application in a different logon session might be a little tricky. Every time a successful authentication occurs on the machine, a new logon session is created. So, when you log on interactively => the system creates a new logon session. When you connect to a machine remotely and authenticate =>…