Download this episode
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen show you the analysis of a hang. The hang happens in Explorer when Windows-E is pressed - the folder window never appears. We show Andrew's debugging steps to solve the issue.
Debugging Tools for Windows
SkyDrive - procdumpext.dll
SkyDrive - sieextpub.dll
[00:00] - Explorer Hang
[01:35] - Open the dump in the Debugger
[01:59] - List Threads - "~"
[02:20] - List thread stacks - ~*k
[02:46] - List thread stacks - !procdumpext.deep 20
[03:23] - Review of Thread #2
[04:03] - Review of Thread #5
[05:21] - Look for Unicode strings - dpu <addr> <addr>
[06:36] - Internet Explorer Security Zones
[07:08] - Loader Lock (Ldr* routines)
[08:30] - Review of Thread #6
[09:21] - Look for Unicode strings - dpu <addr> <addr>
[10:30] - Display Unicode strings - du <addr>
[12:56] - Force Symbol Load - .reload /f
[13:28] - Use grep to filter to 3rd Party Modules - !procdumpext.grep export lm
[13:56] - RBVirtualFolder64 is from Roxio - lmvm RBVirtualFolder64
[14:21] - Look for Unicode strings - !procdumpext.dpx -du
[14:50] - Large Dispositions (caused by no symbols)
[15:46] - List exported functions - x <module>!*
[16:25] - Unassemble - u RBVirtualFolder64!DllRegisterServer
[18:12] - Loader Lock (Ldr* routines)
[18:45] - Critical Section Lock Ownership - !locks
[24:04] - It's a Deadlock!
[24:27] - Easy Analysis - !sieextpub.critlist
[26:02] - Only do kernel32 synchronization object creation while holding the Loader Lock!
[27:50] - Summary
[29:35] - Email us your issues at email@example.com
Available formats for this video:
Actual format may change based on video formats available and browser capability.
Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.