Kernel-mode dump analysis

I’ve already covered the different types of memory dump in a previous blog entry, so this is a quick dip into how we manually trigger a bugcheck to create a memory dump on demand, and also how we can take a look inside the kernel of a running OS without crashing it.   Crash Landing…

0

Analyzing User Mode Dumps

So you’ve managed to get a dump from a process… now what? Dump analysis is a skill that requires a bit of knowledge of how processors work, how to read assembly language, how functions are called, what stacks and heaps are, and so on – it’s way beyond the scope of a blog to give…

0

User-mode dump creation (Vista onwards)

The ADPlus method of creating dumps is still valid after Windows Server 2003, however there is an easier way to have the OS create the same data which was introduced in Windows Vista…   Hung Jury For processes that are hung or consuming lots of CPU time, you can use Task Manager to create hang…

0

User-mode dump creation (pre-Vista)

For applications that are crashing or hanging, you will need to have the Debugging Tools for Windows present on the machine, and use the script ADPlus.vbs to attach the command line debugger (cdb.exe) to create dump files. To keep the examples simple I will assume the tools were installed in the folder C:\Debuggers, and the…

0

Goodness gracious, great walls of fire

Ask most people what the default rules should look like for a network firewall and they will likely say “drop” or “stealth” – i.e. if the source address:port & destination address:port combination is not matched then the traffic is silently ignored. This is often perceived as being more secure than rejecting the connection attempts, based…

0

Windows System Resource Manager (WSRM) – does exactly what it says on the tin

Originally introduced in Enterprise and Datacenter editions of Windows Server 2003, this feature is now in-box for Standard and upwards SKUs of Windows Server 2008. As with other features, it is added through Server Manager / Features > Add Feature, and is cunningly named “Windows System Resource Manager” – note that it has a pre-requisite…

2

Hyper-V Virtual Networks

The most common questions that I get on Hyper-V setups relates to the networking configuration, and it seems to be common thing to get wrong, so I’ll try to go through the 3 types of virtual network we have, and how they differ.   A private network can only be used by the child partitions,…

2

HTTP.SYS / Cryptographic Services / LSASS.EXE deadlock

NOTE: This issue has been subsequently fixed in KB 2379016 A computer that is running Windows Vista or Windows Server 2008 stops responding at the “Applying User Settings” stage of the logon process.(This blog entry is left for reference.) A recent case I had brought this issue to my attention, so I thought it useful to…

11

Be kind, rewind (but don’t reboot)

One very common belief I have come across is that rebooting Windows somehow “cleans” the system and returns it to normal speed after some performance degradation (and further that reinstalling the OS periodically does some magical cleaning too). For the most part, this is complete nonsense. Shutting down Windows will terminate all processes & services…

0

It’s not what you’ve got, it’s how you use it that counts…

Soapbox time. ”If it ain’t broke, fix it until it is.” Tuning, tweaking, trimming, optimizing… however you refer to it, you should approach it the same way. This is not specific to Windows, software or even computers – in order to improve performance of “a system” you must first observe it to identify where the…

0