Defrag Tools #131 - Windows 10 SDK

Sign in to queue

Description

In this episode of Defrag Tools, Andrew Richards and Chad Beeder walk you through the download of the Windows 10 SDK and the latest Sysinternals tools. We harvest the Debugging Tools for Windows, Windows Performance Toolkit, and Application Verifier files from the SDK.

Previous Versions:
Windows 7.0
Windows 8.0
Windows 8.1
Windows 8.1 Update

Resources:
Sysinternals
Windows 10 SDK
Defrag Tools OneDrive (SIEExtPub, PDE & Scripts)

Timeline:
[00:00] - Windows 10
[02:47] - The USB Stick/OneDrive "Lightsaber"
[04:26] - Sysinternals Suite
[04:12] - Windows 10 SDK
[08:44] - While we wait... configure ProcDump as the AeDebug Debugger (c:\dumps\procdump.exe -ma -i)
[11:42] - Install the Windows 10 SDK MSI files
[14:23] - Harvest the Windows 10 SDK files for xcopy use
[17:45] - c:\debuggers\dbghelp.dll vs. c:\windows\system32\dbghelp.dll
[20:58] - Defrag Tools OneDrive
[25:12] - Environment Variables and Registry Keys
[28:20] - Quick Summary
[31:09] - Email us your issues at defragtools@microsoft.com

Environment Variables - Symbols.cmd

md c:\My
md c:\My\Sym
md c:\My\SymCache
compact /c /s /i /q c:\My\Sym\
compact /c /s /i /q c:\My\SymCache\
setx /m DBGHELP_HOMEDIR C:\My
setx /m _NT_SYMBOL_PATH SRV*C:\My\Sym*https://msdl.microsoft.com/download/symbols
setx /m _NT_SYMCACHE_PATH C:\My\SymCache

Registry Entries - WinDbg -IA (PDE).reg

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.dmp]
@="WinDbg.DumpFile.1"

[HKEY_CLASSES_ROOT\.hdmp]
@="WinDbg.DumpFile.1"

[HKEY_CLASSES_ROOT\.mdmp]
@="WinDbg.DumpFile.1"

[HKEY_CLASSES_ROOT\.cab]
@="WinDbg.DumpFile.1"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1]
@="WinDbg Post-Mortem Dump File"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\DefaultIcon]
@="\"C:\\debuggers\\windbg.exe\",-3002"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell]
@="Open"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open]
@="Open x&64"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open\command]
@="\"C:\\debuggers\\windbg.exe\" -z \"%1\" -a pde.dll"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open_x86]
@="Open x&86"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open_x86\command]
@="\"C:\\debuggers_x86\\windbg.exe\" -z \"%1\" -a pde.dll"

Embed

Download

Download this episode

The Discussion

  • User profile image
    ScottyKarate

    Great to see you guys back.  I'm looking forward to "season 2" of the show.

    Andrew: you mentioned going through all of the dumps in your C:\Dumps folder.  That would be awesome.  Definitely do that episode!

  • User profile image
    Jaso

    Thanks gents! It's really good to have you back. How you're managing to do the shows a month before Win 10 rollout is beyond me! Well done guys and keep up the great work.

  • User profile image
    kihtraks

    A good refresher. Thanks for the video, guys!

  • User profile image
    Marc Sherman

    Also glad to see that you guys are back!

  • User profile image
    s3curity​Consult

    Yes, Andrew definitely go through what we should do with the dumps that are captured in C:\Dumps.  I got tons of crap in there and I always clean it out to save space but never really have time to go in and debug them that much,  Please show us again how to debug these dump files, because often I try to open the dumps in the debugger and it says "APPX" is not a valid win32 application, or sometimes apps don't have symbol files, and I really would love to see how you'd approach figuring out why these crashes and dumps are taking place, Would love to get back into debugging again, i'm getting rusty. Thanks for coming back

  • User profile image
    windev

    A debugging (C:\Dumps) episode it is then. Since 132, 133 and 134 have already been taped, this episode will be 135 - airing 27th July.

    Email us (defragtools@microsoft.com) a OneDrive link to any dumps you can't work out. I can't promise to look at them all, or for very long, but I'll try to give you the 1min answer.

  • User profile image
    Magic​Andre1981

    instead of installing the MSIs use admin install (https://msdn.microsoft.com/en-us/library/aa367541(v=vs.85).aspx). Here you don't need to remove them later again. I use this tool to do it via GUI: http://legroom.net/software/uniextract

     

  • User profile image
    Kiran Prabhu

    Good to see you guys back...
    Are you guys going to plan WPT session on new changes in version 10?

    From this Episode
    I tried below but the output is not as expected. what must be wrong?

    0:004> !wmitrace.strdump
    (WmiTrace) StrDump Generic
    LoggerContext Array & 0x0000000077067C20 [4 Elements]

    rest of the output is missing

    I am using windbg 10.0.10075.9 AMD64

  • User profile image
    kiranprabhu

    Sorry the question was from episode 29

  • User profile image
    artisticche​ese

    What is running on Andrew's laptop which keeps switching mouse pointer to "Working in Background" (hourglass) every 3s or so.

  • User profile image
    Ytterbium

    Would be good to a 'defrag' going deep

  • User profile image
    windev

    @artisticcheese: Yeah - that is a little weird. Hadn't noticed it. Will have to trace it and find out why!

  • User profile image
    windev

    @Kiran Prabhu: Send us the dump - We'll take a look. Might be a symbols issue.

  • User profile image
    danko andruszkiw

    Defrag tools one drive not working ???

  • User profile image
    pinscomputer

    you should add a link to defrag tools #88 & #89 since you did not discuss 2-tier symbol folder creation for the new SYM folder

  • User profile image
    daviangel

    Defrag tools one drive not working ???

    Ditto

    link to defrag tools one drive doesn't seem to be working anymore

    so do we really need those files or can we get them somewhere else?

     

Add Your 2 Cents