Defrag Tools: #63 - Windows 8.1 - SDK

Play Defrag Tools: #63 - Windows 8.1 - SDK
Sign in to queue


In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen walk you through the download of the Windows 8.1 SDK and the latest Sysinternals tools. We harvest the Debugging Tools for Windows, Windows Performance Toolkit, and Application Verifier files from the SDK. We also show some of the new WinDbg features.

Windows 8.1 SDK
Defrag Tools SkyDrive (inc. Scripts and ProcDumpExt)

[00:00] - The USB Stick "Lightsaber"
[01:20] - Sysinternals Suite
[03:13] - Environment Variables and Registry Keys
[05:48] - Windows 8.1 SDK
[08:56] - Harvest the files for xcopy use
[11:20] - ProcDumpExt
[11:51] - WinDbg - New Symbol messages
[12:55] - WinDbg - Auto-loads SOS (See Ep. #64 for a demo of SOS downloading)
[14:00] - Email us your issues at

Environment Variables (Symbols.cmd):

md c:\My
md c:\My\Sym
md c:\My\SymCache
setx /m _NT_SYMBOL_PATH SRV*C:\My\Sym*
setx /m _NT_SYMCACHE_PATH C:\My\SymCache

Registry Entries (WinDbg -IA.reg):

Windows Registry Editor Version 5.00





@="WinDbg Post-Mortem Dump File"



@="Open x&64"

@="\"C:\\debuggers\\windbg.exe\" -z \"%1\" -a procdumpext.dll"

@="Open x&86"

@="\"C:\\debuggers_x86\\windbg.exe\" -z \"%1\" -a procdumpext.dll"



The Discussion

  • User profile image

    Thanks for another exciting and up to date show.
    Near the end of this episode, you mentioned that procdumpext will automatically load sos.dll, and that if it fails will download and retry.
    I am a bit concerned about this functionality and am debating whether it is worth having this load.
    I regularly receive dumps from customers, and they are all running various versions with small differences in the minor version.
    I typically cannot match the version of my development machine so often need to manually load the appropriate version.
    On occasion, sos loads but does not function due to the mismatch version. To resolve it, I need to copy mscordacwks.dll from the customer site, rename it appropriate, and then run .cordll -ve -u -l.
    See here for more details:
    Due to this, I try to keep a copy of sos.dll and mscordacwks.dll for all of the versions that I come across.

    In this context, could you expand on your comments regarding how procdumpext finds the appropriate version of sos.dll and loads it?
    I suppose at worse, I could always .unload sos and replace it with what I need.
    But if it really is good enough now to automate this process then that will simplify my life as well as need to manually collect copies from various machines.
    In either case, I'll certainly give it a try later this week.

  • User profile image

    I may have found a bug in Windows 8.1.  Often while I am typing and actively using my computer is locking and going to the lock screen, This is not supposed to happen unless the computer is idle.  This never happened on this machine with windows 8.  Please investigate this issue and advise how I can send in POC for this issue.

  • User profile image

    Were codemachine links dangerous, or simply they were "not official" and so "not supported" by this site?

  • User profile image

    @Ben: To avoid ProcDumpExt executing .loadby sos mscorwks/clr & .cordll -l, after detecting the CLR present, make this environment variable and set it to 0.


    In a version of ProcDumpExt I'm running (v7.7), it doesn't do the loading if SOS is already loaded. I'll look in to releasing it after I make sure all the new functionality isn't Microsoft Internal.

  • User profile image

    @s3curityConsult: Not sure how to look in to this one.

    Send an email to and

    Gov, Chad, Larry and myself will talk to you about it.

  • User profile image

    @loverboy: What do you mean? Did they get stripped in a post?

    (Yes, codemachine has a great debugger extension)

  • User profile image

    I mean that there was a post linking to "codemachine's site download section" that was deleted.
    It contained the links for WPT and Debugging Tools .msi files.

  • User profile image

    @loverboy: No idea - they might have deleted it themselves. We wouldn't have culled that.

  • User profile image


    from what I know you are allowed to host the MSI files, if you don't modify them. Stripping out files like only xperf.exe and host them is not allowed.

  • User profile image

    OK, the website link was this one
    Someone deleted the post

  • User profile image

    @loverboy: My bad, I killed that comment, sorry about that. I thought it looked a little sketchy (the hosting of those Microsoft MSI's on a non-MS site, not sure as to if they could possibly be modified, etc) and errored on the side of caution...

  • User profile image
    maria  moreno

    I'm new to this site, but find it interesting. to hear about the problems with windows 8.1 is both disheartening and a relief to know I'm not the only one having them. I'm wondering if it was a good idea to upgrade to 8.1. Can I go back to windows 8 and should I?

Add Your 2 Cents