Windows Troubleshooting – Special Pool

The Windows Support team has a new YouTube channel, “Windows Troubleshooting”.  The first set of videos cover debugging blue screens. In this video, Bob Golding, Senior Escalation Engineer, describes how the Special Pool Windows diagnostics tool catches drivers that corrupt memory. Bob also introduces how memory is organized in the system for allocating memory for…

1

Bugchecking a Computer on A Usermode Application Crash

Hello my name is Gurpreet Singh Jutla and I would like to share information on how we can bugcheck a box on any usermode application crash. Set the application as a critical process when the application crash is reproducible. We may sometimes need a complete memory dump to investigate the information from kernel mode on…

1

Debugging a Windows 8.1 Store App Crash Dump (Part 2)

In Part 1, we covered the debugging of a Windows Store Application crash dump that contains a Stowed Exceptions Version 1 (SE01) structure.   This post continues on from Part 1, covering the changes introduced in March 2014. These Windows Updates changed the way language exceptions (RoOriginateLanguageException) are recorded in Windows Store Application crash dump…

1

Debugging a Windows 8.1 Store App Crash Dump

Quality reports on the App Summary page Microsoft provides triage dumps of your Windows Store application’s crashes and hangs through the Quality section of the App Summary page on the Dev Center – Windows Store apps portal.   Back in June 2012, the Windows Store team posted an article on this feature and the basics…


ResAvail Pages and Working Sets

Hello everyone, I’m Ray and I’m here to talk a bit about a dump I recently looked at and a little-referenced memory counter called ResAvail Pages (resident available pages).   The problem statement was:  The server hangs after a while.   Not terribly informative, but that’s where we start with many cases. First some good…


Understanding Pool Corruption Part 2 – Special Pool for Buffer Overruns

In our previous article we discussed pool corruption that occurs when a driver writes too much data in a buffer.  In this article we will discuss how special pool can help identify the driver that writes too much data.   Pool is typically organized to allow multiple drivers to store data in the same page…


Understanding Pool Corruption Part 1 – Buffer Overflows

Before we can discuss pool corruption we must understand what pool is.  Pool is kernel mode memory used as a storage space for drivers.  Pool is organized in a similar way to how you might use a notepad when taking notes from a lecture or a book.  Some notes may be 1 line, others may…


Fixing an ICorDebugUnmanagedCallback induced hang

Hi debuggers, Andrew Richards here with a NTDebugging post that is a little different to what is usually posted.  Instead of talking about debugging, I’m going to talk about an issue I just faced while writing a debugger.   This debugger work is an extension of an upcoming article that I’ve written for MSDN Magazine…