Defrag Tools: #56 - Explorer Hang

Play Defrag Tools: #56 - Explorer Hang
Sign in to queue


In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen show you the analysis of a hang. The hang happens in Explorer when Windows-E is pressed - the folder window never appears. We show Andrew's debugging steps to solve the issue.


Debugging Tools for Windows
SkyDrive - procdumpext.dll
SkyDrive - sieextpub.dll

[00:00] - Explorer Hang
[01:35] - Open the dump in the Debugger
[01:59] - List Threads - "~"
[02:20] - List thread stacks - ~*k
[02:46] - List thread stacks - !procdumpext.deep 20
[03:23] - Review of Thread #2
[04:03] - Review of Thread #5
[05:21] - Look for Unicode strings - dpu <addr> <addr>
[06:36] - Internet Explorer Security Zones
[07:08] - Loader Lock (Ldr* routines)
[08:30] - Review of Thread #6
[09:21] - Look for Unicode strings - dpu <addr> <addr>
[10:30] - Display Unicode strings - du <addr>
[12:56] - Force Symbol Load - .reload /f
[13:28] - Use grep to filter to 3rd Party Modules - !procdumpext.grep export lm
[13:56] - RBVirtualFolder64 is from Roxio - lmvm RBVirtualFolder64
[14:21] - Look for Unicode strings - !procdumpext.dpx -du
[14:50] - Large Dispositions (caused by no symbols)
[15:46] - List exported functions - x <module>!*
[16:25] - Unassemble - u RBVirtualFolder64!DllRegisterServer
[18:12] - Loader Lock (Ldr* routines)
[18:45] - Critical Section Lock Ownership - !locks
[24:04] - It's a Deadlock!
[24:27] - Easy Analysis - !sieextpub.critlist
[26:02] - Only do kernel32 synchronization object creation while holding the Loader Lock!
[27:50] - Summary
[29:35] - Email us your issues at



Download this episode

The Discussion

  • User profile image

    Thx Andrew for bringing this to the public.

    'really good explanation of what to do when the symbols are missing.

    FYI, this all happened because some Roxio DVD player software shipped with my Dell. I never used it and eventually a Windows Update did me in.

    'sure is nice to have family access to a debugging expert Smiley




  • User profile image

    Great episode, thanks for taking the time to go through this Smiley

  • User profile image

    Excellent show. You introduced me to !procdumpext.deep, which will be handy.<br><br>The context switches needed to debug are fascinating: From the low levels of dumping Unicode strings in an address range to the higher levels of understanding DllMain loader lock issues. I find these videos great for bridging these gaps.

Add Your 2 Cents