Defrag Tools: #53 - Crashes, Hangs and Slow Performance

In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen show you the analysis of a crash. The crash happens when Favorites is clicked in Internet Explorer. We show Andrew's debugging and troubleshooting steps to solve the issue.
Resources:
Sysinternals Process Monitor
Sysinternals ProcDump
Debugging Tools for Windows
Windows Performance Toolkit
SkyDrive - procdumpext.dll
Timeline:
[00:00] - Windows 8.1 RTM!
[01:18] - Internet Explorer Favorites Crash
[01:50] - AeDebug - (procdump.exe -ma -i c:\dumps)
[02:00] - Open the dump in the Debugger
[02:15] - Review crash at the exception context - .ecxr
[03:32] - View the exception record - .exr -1
[03:58] - View the stack - k
[04:17] - Explorer - C:\Users\<user>\Favorites
[05:00] - Deleted suspicious file but still crashes
[05:07] - Back to the dump file to get more evidence
[06:05] - !procdumpext.dpx
[07:50] - Trace Registry activity with Process Monitor
[10:45] - Use Jump To to navigate to the key in RegEdit
[11:28] - Rename the key as the data seems to come from it (as seen in the dump)
[12:22] - Success!
[13:25] - Email us your issues at defragtools@microsoft.com
Could you kindly explain (=write down here) what
!procdumpext.dpx
does exactly?
[06:05] - !procdumpext.dpx
this is my favorite command. I love it
I used it earlier this day to find a DLL which crashes GPO editor:
@loverboy
run !ProcDumpExt.help to get the help and this shows you this:
!dpx - Equivalent of dps, dpp, dpa and dpu (combined); also class types (dt) and trap frames (kV)
OK, thanks
But, using more words and building a phrase to explain its effect?
video download links (MP3, MP4, Mid Quality WMV, High Quality MP4 etc.) don't seem to be working (tried IE & Chrome)
IE10 works for me at the moment, but in Chrome they don't appear as clickable links. It's almost as if they are behind some other transparent element, and I'm clicking on that rather than the links
@JohnLudlow: that is exactly what has happened. I have a fix in the works right now, will post in a moment once it is live.
The new fix appears to have made it around, problem is resolved in my testing across IE, Chrome and Firefox.
Yes - all working now
(I should have said I was using IE11)
@loverboy: Every pointer between @rsp/@esp and the stack base (by default), is looked at
If the contents look like a string (ANSI or Unicode), you see dpa or dpu output.
If the contents look like a symbol, you see dps output.
If the contents look like a vftable (class or structure), you see dpt (doesn't exist) output.
Failing one of these, the pointer is followed and the same is tried again (up to 4 pointers away).
@windev
Oh. That's an explanation!
Thanks Andrew ;)
Is it possible to allow IE to update automatically similar to Google Chrome so users always have the most up to date versions with bug fixes?
@Bruce Leggett: You just need to change your Windows Update policy to auto-apply the changes (I do this on my server at home, it just applies them and reboots whenever something is posted).
https://support.microsoft.com/kb/328010