How to manually translate virtual addresses into physical ones

In previous posts we talked about virtual address space and how virtual memory is managed.  I’ve never posted anything about virtual address translation though, and for the ones interested on the details behing this operation I recommend reading the chapter 7 – Memory Management (specifically the Address Translation section) of the Windows Internals 4th Edition…

0

A new phase…

Even though this has been a strictly technical channel (I’ve never posted about anything else other than technical stuff) I know a lot of friends read it and so I decided to open an exception on this post and use it to publish something about me that also has a direct effect on how often and what type of content I will be able to keep…

3

Kernel dump analysis – Bugcheck 0xA (IRQL_NOT_LESS_OR_EQUAL)

Yet another kernel memory dump to be analyzed – The bugcheck this time is the 0xA – IRQL_NOT_LESS_OR_EQUAL.   To better understand what this message means we would need a little background on Windows Internals but basically when executing anything at a interrupt request level (IRQL) = 2 or higher (in normal circumstances instructions get executed at…

2

Kernel dump analysis – Bugcheck 1E (KMODE_EXCEPTION_NOT_HANDLED)

It’s been a long time since my last post, but for some reason lately I’ve been receiving so many nice feedbacks about the blog and the other posts that I feel really motivated again to post a new article.  See how important your feedback is for me? J Ok, normally I post about user mode…

3

How to attach a debugger from the creation time of the Worker Process (w3wp.exe)

Normally the answer for this would be as simple as use the file image execution options (through direct editing the registry or using gflags.exe from Debugging Tools For Windows) and set the “debugger” option to you preferred debugger tool and this would do the job.  At least this is the way we do for troubleshooting…

0

Real case: Application Pool’s worker process (w3wp.exe) crashing during recycling

I was teaching a workshop in London last week and one of the students brought a very interesting issue he had been working on for some time and based on the dump analysis he was not able to point to anything different from our own code (Microsoft’s modules) as the ones causing the crash.  He…

0

Tip: How many users are hitting my web site?

This is a question we hear very often from our customers, in forums or through distribution lists.  The reason we keep hearing the same question over the time is very simple:  There isn’t a definitive answer for that – At least not for IIS since it’s not exactly driven by the number of users hitting…

2

Logparser fails when using the ChartType option

I’m posting this as I couldn’t find this solution documented anywhere (including within MSFT through the discussions around logparser).    Problem: After I installed the Office 2007, my logparser queries which use the parameter “ChartType” no longer work returning the following error:   Error: invalid parameter “chartType”   The solution?  Logparser depends on the Office Web Components to create the charts.  Just intall them…

1

How to Extract SQL info from a thread stack

In the post about troubleshooting Asp.Net poor performance I showed you how to identify one possible cause for high response times when processing Asp.Net pages – the cause we explored on that post was a database server taking too long to respond.  We were able to verify all the information about the SQL side of…

0

How to identify the process and thread being called in a COM call from a thread stack

I’ve just published a post on how to manually identify which classic ASP page is being processed by a specific thread.  Following the same idea you can also identify COM calls being made by a thread.   As always, first identify the thread doing the COM call you want investigate and then look at the thread…

2