Defrag Tools: #53 - Crashes, Hangs and Slow Performance
Description
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen show you the analysis of a crash. The crash happens when Favorites is clicked in Internet Explorer. We show Andrew's debugging and troubleshooting steps to solve the issue.
Resources:
Sysinternals Process Monitor
Sysinternals ProcDump
Debugging Tools for Windows
Windows Performance Toolkit
SkyDrive - procdumpext.dll
Timeline:
[00:00] - Windows 8.1 RTM!
[01:18] - Internet Explorer Favorites Crash
[01:50] - AeDebug - (procdump.exe -ma -i c:\dumps)
[02:00] - Open the dump in the Debugger
[02:15] - Review crash at the exception context - .ecxr
[03:32] - View the exception record - .exr -1
[03:58] - View the stack - k
[04:17] - Explorer - C:\Users\<user>\Favorites
[05:00] - Deleted suspicious file but still crashes
[05:07] - Back to the dump file to get more evidence
[06:05] - !procdumpext.dpx
[07:50] - Trace Registry activity with Process Monitor
[10:45] - Use Jump To to navigate to the key in RegEdit
[11:28] - Rename the key as the data seems to come from it (as seen in the dump)
[12:22] - Success!
[13:25] - Email us your issues at defragtools@microsoft.com
Download
Download this episode
- MP3 (12.5 MB)
- Low Quality MP4 (76.8 MB)
- Mid Quality WMV (45.2 MB)
- High Quality MP4 (166.4 MB)
- Mid Quality MP4 (116.7 MB)
- High Quality WMV (160.8 MB)
More episodes in this series
Defrag Tools: #55 - Bugcheck 0xAB Crash
Related episodes
Welcome to the Inside Show
Defrag Tools #172 - Application Hangs
Defrag Tools #131 - Windows 10 SDK
Defrag Tools #94 - Sysinternals Strings, FindStr, !pde.ssz
Defrag Tools: #87 - Windows 8.1 Update
Defrag Tools: #53 - Crashes, Hangs and Slow Performance
WinDbg Default Workspace
Defrag Tools #194 - Windows Upgrade - Application and Device Inventory Files
Access Violation C0000005 - Execute
Access Violation C0000005 - Read or Write
The Discussion
-
loverboy Could you kindly explain (=write down here) what
!procdumpext.dpx
does exactly? -
MagicAndre1981 [06:05] - !procdumpext.dpx
this is my favorite command. I love it
I used it earlier this day to find a DLL which crashes GPO editor:
@loverboy
run !ProcDumpExt.help to get the help and this shows you this:
!dpx - Equivalent of dps, dpp, dpa and dpu (combined); also class types (dt) and trap frames (kV)
-
loverboy OK, thanks
But, using more words and building a phrase to explain its effect? -
Tom video download links (MP3, MP4, Mid Quality WMV, High Quality MP4 etc.) don't seem to be working (tried IE & Chrome)
-
JohnLudlow IE10 works for me at the moment, but in Chrome they don't appear as clickable links. It's almost as if they are behind some other transparent element, and I'm clicking on that rather than the links
-
Duncanma @JohnLudlow: that is exactly what has happened. I have a fix in the works right now, will post in a moment once it is live.
-
Duncanma The new fix appears to have made it around, problem is resolved in my testing across IE, Chrome and Firefox.
-
Tom Yes - all working now
(I should have said I was using IE11) -
windev @loverboy: Every pointer between @rsp/@esp and the stack base (by default), is looked at
If the contents look like a string (ANSI or Unicode), you see dpa or dpu output.
If the contents look like a symbol, you see dps output.
If the contents look like a vftable (class or structure), you see dpt (doesn't exist) output.
Failing one of these, the pointer is followed and the same is tried again (up to 4 pointers away). -
loverboy @windev
Oh. That's an explanation!
Thanks Andrew ;) -
Bruce Leggett Is it possible to allow IE to update automatically similar to Google Chrome so users always have the most up to date versions with bug fixes?
-
windev @Bruce Leggett: You just need to change your Windows Update policy to auto-apply the changes (I do this on my server at home, it just applies them and reboots whenever something is posted).
https://support.microsoft.com/kb/328010