Defrag Tools #177 - Windows Internals 7th Edition Part 1

In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about the new features of Sysinternals ProcDump v9.0
Multiple Dumps per trigger in multiple Dump Sizes:
Kernel Dump Support:
Complete Thread Stack – Kernel & User
Debugging the Kernel Dump
!process -1 17
Debugging the User Dump
~*k !pde.deep
nice feature with the kernel and user mode dump, but the UX with 2 Windbg instances is not so great. it would be nice if windbg detects both dumps and if user shows stack in UM dump, windbg gets the kernel stack parts on its own from the corresponding KM dump
Disappointing video. You need:
- bigger font on the PC
- make it bold! (Even I can do that)
- don't talk so fast (you're as bad as Sean Spicer)
- don't type so fast
- rehearse your presentation several times
Please do better next time.
Thanks for the new features. Please try to keep compatibility of the command line parameters. We never give Procdump to customers on its own, but always give a batch file with it. Changes in command line parameters requires a change of a batch file.
Great episode and great show. thank you!
is there any place where one can get documentation about the PDE Debugger Extension that Andrew has made? in the One drive i can only find the dll file. there were a few episodes where some examples on how to use it where shown, but other than that?
@Naor Christensen: run !pde.help to get the list of commands
Gr8! thx
At one point of the show you right click Sysinternals.zip.
There is "File Ownership" in context menu.
Andrew... how did you make it?
@Matt:When you device is Workplace managed, the tab shows up, to indicate if the fike is personal or corporate owned.