Go ahead and download the beta version of Debugging Tools for Windows (should contain the symbols for explorer.exe). Then, capture a usermode dump when you experience the explorer hang and debug into it.
Here's the link to the debug tools install package:
The third edition of Inside Microsoft Windows 2000 is intended for advanced computer professionals (both developers and system administrators) who want to understand how the core components of the Microsoft Windows 2000 operating system work internally.
With this knowledge, developers can better comprehend the rationale behind design choices when building applications specific to the Windows 2000 platform. Such knowledge can also help developers debug complex problems. System administrators can benefit from
this information as well because understanding how the operating system works under the covers facilitates understanding the performance behavior of the system and makes it easier to troubleshoot system problems when things go wrong. After reading this book,
you should have a better understanding of how Windows 2000 works and why it behaves as it does.
The book are delivered with a cd that include all the tools on the sysinternal web site.
By the way; also included in the Mell developer tools collection are;
Both the debugging book and inside windows 2000 are very helpful when learning the "nuts and bolts"..
(another debugging tools i wold recomend are SoftIce)
also when using debuggers..
How do I change the default debugger that the operating system will use when a crash occurs?
When an application crashes, Windows 2000 looks in the registry key HKEY- _LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug , and Windows 98 looks in the [AeDebug] section of WIN.INI to determine what they should call to debug the
application. If no values are in the key, Windows 2000 reports the address of the crash. If an access violation caused the crash, Windows 2000 also reports the memory location that the process couldn't read or write. Windows 98 displays the standard crash
dialog box, and if you click the Details button, it will list the module, address, and registers at the time of the crash.
Three possible string values can be placed in the AeDebug key or section.
If Auto is set to 0 (zero), the operating system will generate the standard crash dialog box and enable the Cancel (Windows 2000) or Debug (Windows 98) button if you want to attach the debugger. If
Auto is set to 1 (one), the debugger is automatically started. The Debugger value specifies the debugger the operating system will start on the crashed application. The only requirement for the debugger is that it supports attaching to a process.
The UserDebuggerHotKey value identifies the key that will be used to break into the debugger. .
You can set the AeDebug key manually, but Dr. Watson (Windows 2000 only), WinDBG, and the Visual C++ debugger allow you to set it through various means. Dr. Watson and WinDBG use the -I command-line switch that will set them as the default debugger.
To set the Visual C++ debugger as the debugger the operating system will call, on the Debug tab in the Options dialog box, check Just-In-Time Debugging.
If you do look at the AeDebug key, the value that's entered for Debugger looks like a string passed to the
wsprintf API function: "drwtsn32 -p %ld -e %ld -g." That's exactly what it is. The -p is the process ID for the crashing process, and the -e is an event handle value that the debugger needs to signal when its debug loop gets the first thread exit debug
event. Signaling the event handle tells the operating system that the debugger attached cleanly.
Developers need the right information to design applications and systems using Microsoft software and technologies. The Microsoft eLearning
Library (MELL) Developer Edition provides high-level technical training and reference materials to help developers, educators, and students learn real-world skills on today's technologies such as Microsoft Visual Studio® .NET and Extensible Markup Language
(XML) Web services—and it also helps them prepare for professional certification.
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.