Andrew Richards

Back to Profile: windev


  • Defrag Tools: #8 - Mark Russinovich

    @SteffenZeidler: each core has a thread for idle processing. These are represented by PID 0 (which doesn't really exist). The threads consume working set as the threads need to be paged in to work.

    Process Explorer has history support. New history columns were added about a year ago. Instead of being numbers they are graphs. There is no explicit api that gives you the history. The closest thing is being an ETW consumer and polling the system with the tooltip32 API.

    ProcDump is designed to not change the state of the target. If you wrote your own MiniDumpCallback DLL (-d <dll>) you might be able to force the flush of the ETW buffers  - it'd only work if the target didn't needed to execute any of it's threads (as they will be all suspended).

  • Defrag Tools: #8 - Mark Russinovich

    @StanS: There are a few more and then on to non-Mark tools.

  • Defrag Tools: #8 - Mark Russinovich

    @C64: Visual Studio 2008 SP1 is used to compile the tools so that the tools use MSVCRT v9.0 - which is shipped with Windows XP/Windows 2003.

  • Defrag Tools: #8 - Mark Russinovich

    @RyanRies: 6th edition Part 2 RTMed today, so it will be printed and available soon.

  • Defrag Tools: #8 - Mark Russinovich

    @siodmy: We are going to do a big series on xPerf which will cover logging for all applications.  I'll add Logparser to the list of applications to be covered in a future episode.

  • Defrag Tools: #7 - VMMap

    @Roger: They all come from the Microsoft Company Store (the shop on Redmond campus, as opposed to the retail shops we now have). You'll have to come visit campus!

  • Defrag Tools: #6 - RAMMap

    @James G: I use a vhd for the show and it only runs during taping (so I don't add features to the install without you seeing it). The next time I prepare for a show, I'll make sure to give it some time to do the updates. Can't set a bad example can I!

    The show will be weekly for at least another ~10 weeks based on the current episode recording schedule. We tape a few at a time if it is the same topic.

    Next is vmmap, then we have a special edition, then inbox tools. After that in a yet to be decided order is 3+ on Windows Performance Toolkit, 2+ on Procdump, 4+ on Debugging Tools for Windows, Network Monitor, Fiddler and PsTools. In the maybe bucket is audio, video, printing and device troubleshooting (1 each). We will also probably do a live show on Channel 9 Live at Build.

    Lots and lots of shows to watch!  If your favorite tool isn't in that list, drop us an email at or write a comment and we'll add it to the list or move it forward.

  • Defrag Tools: #5 - Autoruns and MSConfig

    @Debojyoti: xPerf (WPT) profiling can help you here.  We'll go over this in detail on a future episode but the gist is:

    xperf -on Diag+Latency -stackwalk Profile+CSwitch+ReadyThread+ThreadCreate -BufferSize 1024 -MinBuffers 256 -MaxBuffers 256 -MaxFile 256 -FileMode Circular

    echo Press a key when you want to stop...
    xperf -stop -d result.etl

    Look at the result.etl with xperfview.exe

  • Defrag Tools: #6 - RAMMap

    @siodmy: The repurposed of 0-4 is expected. It is the 5-7 that matter. You are getting enough memory pressure on 5 (1.6Gb -- x8 reused) to raise interest at least. Adding a few gigs will definitely help in those times - its not critical though.

  • Defrag Tools: #6 - RAMMap

    @Phililp Saunders: It's from the Windows Internals books/David Solomon kernel course.  It is copyrighted to them, so I can't make it available for download Sad

  • Defrag Tools: #4 - Process Monitor - Examples

    @Tom Hall: Procmon may indeed be looked for by crysis. Some games don't like you looking at the I/O operations as they think you are trying to hack the game. All you can do iscrebiit (to unload the driver) and then play the game. Smiley

  • Defrag Tools: #1 - Building your USB thumbdrive

    @Joe:  If you have a enough space, definitely set the path to the USB Stick. I'd definitely do this if I was using one of those self-powered 2" harddisks. You'd use X:\My\... instead of C:\My\...

    _NT_SOURCE_PATH is used by Process Monitor and VMMap (and more).

    If you are internal to Microsoft, set the _NT_SOURCE_PATH and _NT_SYMBOL_PATH to the same value. The internal symbol server can download source code, as well as symbols and executables (images).

    _NT_SYMCACHE_PATH is used by Windows Performance Toolkit (xPerf)

    I'll dive deep in to these environment variables again when I do the VMMap, WPT and Debugging Tools episodes.