Defrag Tools: #63 - Windows 8.1 - SDK

Sign in to queue

Description

In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen walk you through the download of the Windows 8.1 SDK and the latest Sysinternals tools. We harvest the Debugging Tools for Windows, Windows Performance Toolkit, and Application Verifier files from the SDK. We also show some of the new WinDbg features.

Resources:
Sysinternals
Windows 8.1 SDK
Defrag Tools SkyDrive (inc. Scripts and ProcDumpExt)

Timeline:
[00:00] - The USB Stick "Lightsaber"
[01:20] - Sysinternals Suite
[03:13] - Environment Variables and Registry Keys
[05:48] - Windows 8.1 SDK
[08:56] - Harvest the files for xcopy use
[11:20] - ProcDumpExt
[11:51] - WinDbg - New Symbol messages
[12:55] - WinDbg - Auto-loads SOS (See Ep. #64 for a demo of SOS downloading)
[14:00] - Email us your issues at defragtools@microsoft.com

Environment Variables (Symbols.cmd):

md c:\My
md c:\My\Sym
md c:\My\SymCache
setx /m _NT_SYMBOL_PATH SRV*C:\My\Sym*http://msdl.microsoft.com/download/symbols
setx /m _NT_SYMCACHE_PATH C:\My\SymCache

Registry Entries (WinDbg -IA.reg):

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.dmp]
@="WinDbg.DumpFile.1"

[HKEY_CLASSES_ROOT\.hdmp]
@="WinDbg.DumpFile.1"

[HKEY_CLASSES_ROOT\.mdmp]
@="WinDbg.DumpFile.1"

[HKEY_CLASSES_ROOT\.cab]
@="WinDbg.DumpFile.1"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1]
@="WinDbg Post-Mortem Dump File"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\DefaultIcon]
@="\"C:\\debuggers\\windbg.exe\",-3002"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell]
@="Open"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open]
@="Open x&64"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open\command]
@="\"C:\\debuggers\\windbg.exe\" -z \"%1\" -a procdumpext.dll"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open_x86]
@="Open x&86"

[HKEY_CLASSES_ROOT\WinDbg.DumpFile.1\shell\Open_x86\command]
@="\"C:\\debuggers_x86\\windbg.exe\" -z \"%1\" -a procdumpext.dll"

Embed

Download

The Discussion

  • User profile image
    Ben

    Thanks for another exciting and up to date show.
    Near the end of this episode, you mentioned that procdumpext will automatically load sos.dll, and that if it fails will download and retry.
    I am a bit concerned about this functionality and am debating whether it is worth having this load.
    I regularly receive dumps from customers, and they are all running various versions with small differences in the minor version.
    I typically cannot match the version of my development machine so often need to manually load the appropriate version.
    On occasion, sos loads but does not function due to the mismatch version. To resolve it, I need to copy mscordacwks.dll from the customer site, rename it appropriate, and then run .cordll -ve -u -l.
    See here for more details: http://blogs.msdn.com/b/dougste/archive/2009/02/18/failed-to-load-data-access-dll-0x80004005-or-what-is-mscordacwks-dll.aspx
    Due to this, I try to keep a copy of sos.dll and mscordacwks.dll for all of the versions that I come across.

    In this context, could you expand on your comments regarding how procdumpext finds the appropriate version of sos.dll and loads it?
    I suppose at worse, I could always .unload sos and replace it with what I need.
    But if it really is good enough now to automate this process then that will simplify my life as well as need to manually collect copies from various machines.
    In either case, I'll certainly give it a try later this week.

  • User profile image
    s3curity​Consult

    I may have found a bug in Windows 8.1.  Often while I am typing and actively using my computer is locking and going to the lock screen, This is not supposed to happen unless the computer is idle.  This never happened on this machine with windows 8.  Please investigate this issue and advise how I can send in POC for this issue.

  • User profile image
    loverboy

    Were codemachine links dangerous, or simply they were "not official" and so "not supported" by this site?

  • User profile image
    windev

    @Ben: To avoid ProcDumpExt executing .loadby sos mscorwks/clr & .cordll -l, after detecting the CLR present, make this environment variable and set it to 0.

    setx PROCDUMPEXT_LOADCORDLL 0

    In a version of ProcDumpExt I'm running (v7.7), it doesn't do the loading if SOS is already loaded. I'll look in to releasing it after I make sure all the new functionality isn't Microsoft Internal.

  • User profile image
    windev

    @s3curityConsult: Not sure how to look in to this one.

    Send an email to defragshow@microsoft.com and defragtools@microsoft.com.

    Gov, Chad, Larry and myself will talk to you about it.

  • User profile image
    windev

    @loverboy: What do you mean? Did they get stripped in a post?

    (Yes, codemachine has a great debugger extension)

  • User profile image
    loverboy

    @Andrew
    I mean that there was a post linking to "codemachine's site download section" that was deleted.
    It contained the links for WPT and Debugging Tools .msi files.

  • User profile image
    windev

    @loverboy: No idea - they might have deleted it themselves. We wouldn't have culled that.

  • User profile image
    Magic​Andre1981

    @loverboy

    from what I know you are allowed to host the MSI files, if you don't modify them. Stripping out files like only xperf.exe and host them is not allowed.

  • User profile image
    loverboy

    OK, the website link was this one
    http://codemachine.com/downloads.html
    Someone deleted the post

  • User profile image
    gduncan411

    @loverboy: My bad, I killed that comment, sorry about that. I thought it looked a little sketchy (the hosting of those Microsoft MSI's on a non-MS site, not sure as to if they could possibly be modified, etc) and errored on the side of caution...

  • User profile image
    maria  moreno

    I'm new to this site, but find it interesting. to hear about the problems with windows 8.1 is both disheartening and a relief to know I'm not the only one having them. I'm wondering if it was a good idea to upgrade to 8.1. Can I go back to windows 8 and should I?

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.