Defrag Tools #135 - Debugging User Mode Crash Dumps Part 1

Play Defrag Tools #135 - Debugging User Mode Crash Dumps Part 1
Sign in to queue


In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to determine the root cause of various application crashes which have occurred on Andrew's computer.

[00:00] - Intro... how we got these dump files (ProcDump)
[02:15] - Dump #1: An internal MSIT tool which crashed. Make sure to match the architecture (x86/x64).
[04:33] - Exception context record and stored CLR exception - get back to where the problem happened
[08:42] - .lastevent tells you which thread the problem was on and the exception code
[09:29] - Looking at the exception record with .exr
[10:30] - Looking up error codes - !err (from PDE) vs. !error
[12:45] - Using the SOS.dll debugger extension for managed code
[14:42] - !pe to print exception on a CLR dump
[16:49] - Dump #2: Another CLR exception in an MSIT tool
[17:25] - !dso (Dump Stack Objects) and using PDE to grep the output
[19:37] - !do (Dump Object) to dump CLR objects
[20:48] - Dump #3 and #4: Some more CLR exceptions in MSIT tools
[21:36] - Dump #5: CLR Unauthorized Access Exception to a NamedPipeServerStream
[23:53] - Dump #6: A native code access violation in csisyncclient.exe
[26:33] - Pointer math - dereferencing a null pointer
[28:21] - ub (unassemble backwards) and u (unassemble) to look at the assembly code and see where the null pointer came from
[30:05] - lmvm (list module verbosely with mask) to view version and date of loaded binaries
[30:56] - !dpx du (scrape the call stack looking for Unicode strings) - found a reference to a log file
[33:58] - Summary & recap
[36:58] - Email us your issues at



Download this episode

The Discussion

  • User profile image

    Awesome fun times!  Thanks guys!  This was really useful.  Past episodes have been great for covering why various parts of Windows work as they do.  This time it was great to see a rapid fire approach on how to troubleshoot that built off (many) past episodes.  I know you've done episodes like this before (episodes 53 - 57) but different examples are always helpful.  It's great to see the "if x, then y" thought process and the various windbg commands to use.

    Looking ahead, could you  spend a few minutes some time on heuristics / rules of thumb?  I find myself looking at issues and thinking "is that normal?"  Specifically, episode 59 has a nice discussion around 15:42 where you're talking about how long ISRs and DPCs should take.  Can you think of any more stuff like that offhand?  I'm not sure if it's possible to cover general rules of thumb with no context but I thought I'd throw it out there.

    Thanks again for another great episode!

  • User profile image

    @ScottyKarate: Yeah, it's hard to know what general rules of thumb to talk about, without looking at it within a specific context of a particular problem. We will definitely try to keep that in mind for future shows, though.

  • User profile image

    Nice detailed video and good that you mentioned the initial plumbing steps :). I got a question. How come you just typed character 'd' in the command prompt and pressed enter, and then it showed up the contents of the directory? How to setup that? Thanks.

Add Your 2 Cents