Defrag Tools #172 - Application Hangs
Defrag Tools #173 - Troubleshooting with the Windows Sysinternals Tools, 2nd Edition
Play Defrag Tools #173 - Troubleshooting with the Windows Sysinternals Tools, 2nd Edition
Description
In this episode of Defrag Tools, Andrew Richards and Chad Beeder are joined by Aaron Margosis, the co-author of the Sysinternals book -- now in its 2nd Edition!
Troubleshooting with the Windows Sysinternals Tools, 2nd Edition
Resources:
Defrag Tools: #81 - Aaron Margosis
Windows Sysinternals Administrator's Reference
Troubleshooting with the Windows Sysinternals Tools, 2nd Edition
Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog
Download
More episodes in this series
Defrag Tools #174 - Security Baseline, Policy Analyzer and LGPO
Related episodes
Defrag Tools #178 - Sysinternals ProcDump v9.0
Defrag Tools #164 - Sysinternals for Nano Server - Mark Russinovich
Defrag Tools #163 - Virtual Hard Disk (VHD) - Sysinternals Disk2VHD
Tech Pros Rejoice - Sysinternals Live Launches
Docker Desktop Integration with WSL
Supporting Windows Forms and WPF in .NET Core 3
Updating the WinForms Designer for .NET Core 3.0
Windows-X Menu
Overview of Windows Machine Learning
Windows Machine Learning: Hello World (MNIST Edition)
The Discussion
-
claudiamcse Thank you for sharing! Great video. I look forward to reading the book!
-
Luke Hi,
Have you ever used windgb extention cmkd.dll from http://www.codemachine.com/cmkd.html to extract the first four arguments passed to calls on x64n stacks, like so?
0:000> !cmkd.stack -p
Call Stack : 7 frames
## Stack-Pointer Return-Address Call-Site
00 000000a408c7fb28 00007ffda95b1148 ntdll!NtWaitForSingleObject+a
Parameter[0] = 0000000000000034
Parameter[1] = 0000000000000000
Parameter[2] = 0000000000000000
Parameter[3] = (unknown)
01 000000a408c7fb30 00007ff7e44c13f1 KERNELBASE!WaitForSingleObjectEx+98
Parameter[0] = 0000000000000034
Parameter[1] = 00000000ffffffff
Parameter[2] = 0000000000000000
Parameter[3] = 00007ff7e44cba28
02 000000a408c7fbd0 00007ff7e44c3fed ConsoleApplication2!main+41
Parameter[0] = (unknown)
Parameter[1] = (unknown)
Parameter[2] = (unknown)
Parameter[3] = (unknown)
Is this extention safe?
Thx,
Luke -
ChadBeeder @Luke: I haven't used that debug extension, but I have met the Codemachine guys, and I have no reason to think it wouldn't work as advertised.
-
MariaHamilton I use it all the time @Luke. I am mainly analyzing crash dumps rather than debugging live x64 systems, though (it's unusual that a problem only turns up on x64 boxes, so if I have to debug something I tend to do it on an x86 one).