Ntdebugging Blog
Microsoft Advanced Windows Debugging and Troubleshooting - Contributions to this blog are made by the Microsoft Global Business Support - Windows Serviceability team.
Reminder: Windows NT Debugging Blog Live Chat 2 Coming Soon!
Windows NT Debugging Blog Live Chat Microsoft Platform Global Escalation Services is hosting our...
Author: ntdebug Date: 03/02/2009
Debug Fundamentals Exercise 4: The GAMEOVER exercise
We are back with another addition to the debugging fundamentals series here in 2009! Regardless of...
Author: ntdebug Date: 02/27/2009
Windows NT Debugging Blog Live Chat 2
Windows NT Debugging Blog Live Chat Microsoft Platform Global Escalation Services is hosting our...
Author: ntdebug Date: 02/26/2009
Easily Resolving an Event Viewer Error using a Process Memory Dump
My name is Ryan Mangipano (ryanman) and I am a Sr. Support Escalation Engineer at Microsoft. Today I...
Author: ntdebug Date: 02/16/2009
Remote Debugging connecting to a Remote Stub using the Microsoft Debugging Tools for Windows
The Microsoft Debugging Tools for Windows provide a couple ways to create a remote debugging...
Author: ntdebug Date: 02/09/2009
Microsoft Windows Dynamic Cache Service
Excessive cached read I/O is a growing problem. For over one year we have been working on this...
Author: ntdebug Date: 02/06/2009
Challenges of Debugging Optimized x64 Code
If you have not had the luxury of debugging optimized x64 code as of yet, don’t wait much longer and...
Author: ntdebug Date: 01/09/2009
Debug Fundamentals Exercise 3: Calling conventions
Today’s exercise will focus on x86 function calling conventions. The calling convention of a...
Author: ntdebug Date: 12/05/2008
Debug Fundamentals Exercise 2: Some reverse engineering for Thanksgiving
Continuing our series on “Fundamentals Exercises”, we have some more reverse engineering for you!...
Author: ntdebug Date: 11/26/2008
How to modify an application behavior when you don't have the source
From time to time we need to help customers change the way an application interacts with the...
Author: ntdebug Date: 11/21/2008
Debug Fundamentals Exercise 1: Reverse engineer a function
Hello ntdebuggers! We’ve seen a lot of interest in our Puzzlers, and we’ve also seen requests and...
Author: ntdebug Date: 11/13/2008
Ntfs Misreporting Free Space (Part 2)
Continuing our discussion on the internals of disk usage, we will now shift our focus to internal...
Author: ntdebug Date: 10/30/2008
Remote kernel or user mode debugging of dumps or live systems
GES (Global Escalation Services) is not only responsible for helping our external customers, but we...
Author: ntdebug Date: 10/28/2008
Windows Hotfixes and Updates - How do they work?
Today I would like to talk about some of the work the Windows Serviceability (WinSE) team does...
Author: ntdebug Date: 10/21/2008
Unlocking some puzzles requires building a better key... board
Hi, this is Matt from the Windows Performance team. Sometimes we are presented with problems that...
Author: ntdebug Date: 10/10/2008
NDIS Case Study 1 - NDIS Packet Double Completion
Hi, this is Anurag again. Here is a case study of an NDIS driver causing a problem due to double...
Author: ntdebug Date: 09/30/2008
Some of our favorite debugging-related links
Today we’re posting links to some of our favorite debugging-related content on the web. Post your...
Author: ntdebug Date: 09/25/2008
NDIS - Part 1
Hi, my name Anurag Sarin, I am an escalation engineer in the Platforms Global Escalation Team. I...
Author: ntdebug Date: 09/19/2008
Transcript of Windows NT Debugging Blog Live Chat
For those of you that could not make the live chat on 8/13, here is the transcript of the chat...
Author: ntdebug Date: 08/14/2008
New Facebook group: “Escalation Engineers”
Are you the final tier of escalation at a company or group that supports software?Are you fluent in...
Author: ntdebug Date: 08/11/2008
How to Access the User Mode Debugger from the Kernel Debugger
In certain cases you may want to use a user mode debugger to debug a process from within the kernel...
Author: ntdebug Date: 08/08/2008
Windows NT Debugging Blog Live Chat
Microsoft Platform Global Escalation Services is hosting our first live group debug chat session for...
Author: ntdebug Date: 08/07/2008
How can I find out why the Cluster Resource Monitor dumped – Access Violation
Hello, my name is John Marlin, and I am a Support Escalation Engineer on the Microsoft Platform...
Author: ntdebug Date: 08/01/2008
What Are the Odds?
Hi NTDebuggers, something rarely talked about are the odds of a problem being in one piece of code...
Author: ntdebug Date: 07/25/2008
Data Execution Protection in Action
Hello, my name is Graham, and I’m an escalation engineer on the Platforms Global Escalation Team. I...
Author: ntdebug Date: 07/23/2008
Exam preparation information for Exam 71-660
Exam 71-660 TS: Windows Internals Published: October 10, 2008 (in development) Language(s): English...
Author: ntdebug Date: 07/18/2008
NTFS Misreports Free Space?
I have recently seen a number of issues where customers called in to report a significant difference...
Author: ntdebug Date: 07/03/2008
Tracking Down a Multi-Process Deadlock
Hello, my name is Louis Shanks and my story starts off with a tricky little deadlock issue that I...
Author: ntdebug Date: 07/01/2008
Join us on Facebook
We’ve set up a new Facebook group named “Windows Debugging” as a community for Windows Debugging...
Author: ntdebug Date: 06/30/2008
How it Works: DLL Injection
Introduction Hi everyone, this is Bob again. I recently worked on an issue where the interaction of...
Author: ntdebug Date: 06/20/2008
Designing the Perfect Breakpoint
Written by Jeff Dailey. When it comes to live debugging, the breakpoint is king. Oftentimes solving...
Author: ntdebug Date: 06/11/2008
Windbg Tip: KN, .Frame , DV, and DT - It's so easy
Written by Jeff Dailey. Hello NTDebuggers, many of us take for granted some of the simple commands...
Author: ntdebug Date: 06/06/2008
How to debug WOW64 applications?
Hello, my name is Venkatesh Ganga, and I’m an Escalation Engineer on the Microsoft Platform Global...
Author: ntdebug Date: 06/03/2008
NTDebugging Puzzler 0x00000007: Interlocked functions
Today, we will have some fun with interlocked functions. The following section of code is reentrant....
Author: ntdebug Date: 06/02/2008
Beefier Breakpoints Using Debugger Scripts
Written by Ron Stock I recently collaborated with a third-party vendor which required me to track...
Author: ntdebug Date: 05/30/2008
Platforms GES Team Photos
Platforms GES - Texas Platforms GES - North Carolina
Author: ntdebug Date: 05/29/2008
Corrupt Page Table Pages Caught in the MDL
Hello all, Scott Olson here again to share another interesting issue I worked on a while back. The...
Author: ntdebug Date: 05/22/2008
Understanding NTFS Compression
As our group’s file systems expert, I see most of the common problems associated with the...
Author: ntdebug Date: 05/20/2008
NTDebugging Puzzler 0x00000006: Invalid Handle - can you handle it?
Hi NTDebuggers, this week’s puzzler just so happens to match its number: 0x000000006 =...
Author: ntdebug Date: 05/19/2008
How to track down High CPU in User Mode Applications - A live debug!
Written by Jeff Dailey. Hello NTDebuggers, I’d like to talk about a common issue we deal with on a...
Author: ntdebug Date: 05/15/2008
Smoking Gun Pool Corruption
Hello, my name is Ron Stock and I’m an Escalation Engineer on the Microsoft Platforms Global...
Author: ntdebug Date: 05/13/2008
Tracking down MmSt paged pool usage
A trend that I’ve noticed recently are cases involving paged pool depletion with high MmSt tag usage...
Author: ntdebug Date: 05/08/2008
Work Queues and Dispatcher Headers
Introduction Hi everyone, Bob here again with a description of Work Queues and Dispatcher Headers....
Author: ntdebug Date: 05/07/2008
NTDebugging Puzzler 0x00000005 (Better late than never)
Hello NTDebuggers, from time to time we see the following problem. It’s another access violation,...
Author: ntdebug Date: 05/06/2008