Windows debugging made easy
Looking through the results, the engineer found an Exchange search function was consuming many of the cycles. The sluggishness was caused by the fact that a number of users had humongous mailboxes, which when they searched through them, would spike the server load. The admin instructed the users to reduce the size of their mailboxes, or organize them better. As a result of such tidying up on the users’ part, server performance improved.
Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com
In a third case, Russinovich’s wife had complained that the Windows Photo Gallery would hang after showing a movie. The bug was particularly annoying to her, as she was showing friends some home movies. A friend of hers even quipped, “This never happens with a Mac.”
Russinovich reran the Photo Gallery software while capturing all the processes in Process Monitor. “When in doubt run Process Monitor,” he advised. He matched the time of the hang with all the processes running at that time. While most of the processes were routine, he found an unusual system call, ironically enough, to an Apple QuickTime object, which was the source of program hang. “Sure enough, it was from that company that doesn’t know how to write Windows software,” he joked.
Russinovich also showed the audience how to rid a machine of a bad case of malware. This example also came from a user submission, detailing how the infected computer had a particularly thorough piece of malware that blocked all attempts to run any sort of diagnostic, anti-virus or system administration tools.
One way around the block, Russinovich advised, consisted of running another program he had written called Desktops, which lets the user set up four virtual desktops for the computer. The user can then switch among the desktops, each of which ran independently of the others. While not a diagnostic tool per se, Desktops could be used to repair the malware-riddled computer. The malware monitored any activity on the main desktop, but it was unaware of the other desktops, one of which Russinovich used to run anti-virus tools.
Finally, no debugging session would be complete without diagnosing the infamous Windows Blue Screen of Death (BSOD) error. Despite the severity of the problem, “It is incredibly easy to do crash analysis” on a BSOD, he said. Russinovich explained that such a crash happens when something goes wrong within the operating system’s kernel memory space, such as a device driver that tries to access memory allotted to another program. Because Windows’ first priority is “to protect data,” it will shut down as soon as a program acts outside allotted memory space, he said.
After a system crash, Microsoft will offer an analysis upon reboot of the machine, which can point to drivers that need to be updated or other fixes. Even if this help message proves unhelpful, the administrator can check for the crash dump file that Windows produces when it crashes, Russinovich said. This is either found in the Windows directory, or in a subdirectory called Minidump. A program called Windows Debugger can examine the file and provide more information about what possibly caused the crash.