Clik here to view.
Understanding File System Minifilter and Legacy Filter Load Order
Hello, my name is Fred Jeng from the Global Escalation Services team. For today’s post, I want to go over how Windows 7 and Windows Server 2008 R2 load file system mini-filters in a mixed environment...
View ArticleClik here to view.
Debugging a Network Connectivity Issue - TrackNblOwner to the Rescue
Hello Debug community this is Karim Elsaid again. Today I’m going to discuss a recent interesting case where intermittently the server is losing access to the network. No communication (even pings)...
View ArticleClik here to view.
Commitment Failures, Not Just a Failed Love Story
I was working on a debug the other day when I ran the “!vm” command and saw that the system had some 48,000 commit requests that failed. This was strange as the system was not out of memory and the...
View ArticleClik here to view.
Interpreting Event 153 Errors
Hello my name is Bob Golding and I would like to share with you a new event that you may see in the system event log. Event ID 153 is an error associated with the storage subsystem. This event was new...
View ArticleClik here to view.
Our Bangalore Team is Hiring - Windows Server Escalation Engineer
Would you like to join the world’s best and most elite debuggers to enable the success of Microsoft solutions? As a trusted advisor to our top customers you will be working with to the most experienced...
View ArticleClik here to view.
Remoting Your Debug Crash Cart With KDNET
This is Christian Sträßner from the Global Escalation Services team based in Munich, Germany. Back in January, my colleague Ron Stock posted an interesting article about Kernel Debugging using a serial...
View ArticleClik here to view.
Another Who Done It
Hi my name is Bob Golding, I am an EE in GES. I want to share an interesting problem I recently worked on. The initial symptom was the system bugchecked with a Stop 0xA which means there was an...
View ArticleClik here to view.
We Are Hiring in the US and India – Windows Escalation Engineers
Would you like to join the world’s best and most elite debuggers to enable the success of Microsoft solutions? As a trusted advisor to our top customers you will be working with to the most experienced...
View ArticleClik here to view.
How To Deadlock Yourself (Don’t Do This)
Some APIs should come with a warning in big red letters saying “DANGER!”, or perhaps more subtly “PROCEED WITH CAUTION”. One such API is ExSetResourceOwnerPointer. Although the documentation contains...
View ArticleClik here to view.
Troubleshooting Pool Leaks Part 1 – Perfmon
Over the years the NTDebugging Blog has published several articles about pool memory and pool leaks. However, we haven’t taken a comprehensive approach to understanding and troubleshooting pool memory...
View ArticleClik here to view.
Troubleshooting Pool Leaks Part 2 – Poolmon
In our previous article we discussed how to identify a pool leak using perfmon. Although it may be interesting to know that you have a pool leak, most customers are interested in identifying the cause...
View ArticleClik here to view.
Troubleshooting Pool Leaks Part 3 – Debugging
In our previous articles we discussed identifying a pool leak with perfmon, and narrowing the source of the leak with poolmon. These tools are often preferred because they are easy to use, provide...
View ArticleClik here to view.
Troubleshooting Pool Leaks Part 4 – Debugging Multiple Users for a Tag
In our previous articles we discussed various techniques for identifying a pool memory leak and narrowing the scope of the leak to an individual pool tag. Knowing the leaking pool tag is often...
View ArticleClik here to view.
Troubleshooting Pool Leaks Part 5 – PoolHitTag
In Part 4 we narrowed the source of the leaked pool memory to the specific driver which is allocating it, and we identified where in the driver this allocation was taking place. However, we did not...
View ArticleClik here to view.
Breaking down the "Cl" in !irp
Hey there NTDEBUGGERS my name is Randy Monteleone and today we are going to talk about IRPs. In the past we have talked about the IRP structure in passing and showed a field here and there that can be...
View ArticleClik here to view.
Troubleshooting Pool Leaks Part 6 – Driver Verifier
In part 5 we used poolhittag to get call stacks of pool being allocated and freed. This information is often essential to identifying the cause of a memory leak; however it is not always feasible to...
View ArticleClik here to view.
Troubleshooting Pool Leaks Part 7 – Windows Performance Toolkit
In Part 1 of this series we identified a pool leak in non paged pool. In Part 2 and Part 3 of this series we identified what pool tag was leaking. In Part 5 and Part 6 we got call stacks showing the...
View ArticleClik here to view.
Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on...
What is a bug check 0x133?Starting in Windows Server 2012, a DPC watchdog timer is enabled which will bug check a system if too much time is spent in DPC routines. This bug check was added to help...
View ArticleClik here to view.
Use Caution When Implementing IPC for Performance Counters
Recently I was working with a developer who had created performance counters that work in Performance Monitor but are never collected in a user defined data collector set. The customer explained that...
View ArticleClik here to view.
Case of the Unexplained Services exe Termination
Hello Debuggers! This is Ron Stock from the Global Escalation Services team and I recently worked an interesting case dispatched to our team because Services.exe was terminating. Nothing good ever...
View Article