Windows Explored

Everyday Windows Desktop Support, Advanced Troubleshooting & Other OS Tidbits

Archive for May 1st, 2012

Quickly Configure Symbol Information for Process Monitor & Process Explorer

Posted by William Diaz on May 1, 2012


I often find myself running Process Monitor and Process Explorer on user workstations. But to get the most of either of these tools, you really need to configure symbols so you can accurately read thread and stack information when doing a deeper analysis of a process. This can often be a nuisance because I am a cut and paste type of guy and even after doing it numerous times, I still have trouble recalling the Microsoft symbol path. On top of that, many times I run these tools with the user connected so speed is a necessity. To work around that, I decided to write a small script that I can run from a file server that will do it for me. Run the script before your start either tool.

There is one prerequisite, however: you need the full dbghelp.dll from the Windows Debugging Tools as the debug help DLL in system32 is not sufficient. If you are running on both 32 and 64 bit systems, you will need to get both the 64 bit and 32 bit versions. Store them away on network share and modify the script below to look to that share. In my case, we are still a mixed environment so I renamed the 32 bit dbghelp to dbghelp32.dll while the 64 bit version remains unchanged and created two different scripts. The respective DLL will copied into a folder C:\DbgHelp on the local system .

I also added a 5 second duration for new open and close processes and threads.

const HKEY_CURRENT_USER = &H80000001
strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
 
‘Process Explorer 64
 
strKeyPath = "Software\Sysinternals\Process Explorer"
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath

strValueName = "DbgHelpPath"
strValue = "C:\DbgHelp\dbghelp.dll"
oReg.SetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue

strValueName = "SymbolPath"
strValue = "http://msdl.microsoft.com/download/symbols"
oReg.SetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue

strValueName = "HighlightDuration"
dwValue = 5000
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue

‘Process Monitor 64

strKeyPath = "Software\Sysinternals\Process Monitor"
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath

strValueName = "DbgHelpPath"
strValue = "C:\DbgHelp\dbghelp.dll"
oReg.SetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue

strValueName = "SymbolPath"
strValue = "http://msdl.microsoft.com/download/symbols"
oReg.SetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue

‘Copy full dbghelp.dll 64 bit to folder DbgHelp.

Set oFSO = CreateObject("Scripting.FileSystemObject")
 
If Not oFSO.FolderExists( "C:\DbgHelp") Then
Set objFolder = oFSO.CreateFolder("C:\DbgHelp")
End If

Set FSO = CreateObject("Scripting.FileSystemObject")
FSO.CopyFile "\\Server1\TechTools\dbghelp.dll", "C:\DbgHelp\"

Posted in Troubleshooting Tools | Tagged: , | Leave a Comment »

Investigating & Resolving Message Delays in Outlook with WinDbg

Posted by William Diaz on May 1, 2012


The problem starts after the user has had their Windows profile recreated but continues to experience some Outlook performance issues. Each time she clicks the New button in Outlook to create a new message, there is a 5 to 10 second delay before the blank message opens. There is also a 10+ second delay after she clicks send and Outlook becomes unresponsive for that time. I connect to her and quickly look at the Office Outlook registry for any unapproved 3rd party add-ins and see nothing out of the ordinary. I decide to dump the Outlook process when the hang is encounter and turn to Process Explorer. This is a simple matter of right-clicking the process and choosing Create Dump when it is in an unresponsive state. Actually, I collect two dumps, the other with Procdump in hang mode. I do this to ensure that the dumps are consistent; if the dumps are not similar then I may need to collect more until a pattern emerges.

I copied the dumps to my workstation and opened them with WinDbg and run the !analyze –v –hang command. The stack for both dumps are similar. With the exception of the NRTExchn component (our DMS add-in for Outlook), these are all MS modules. Normally, this wouldn’t excite me but something stands out like a sore thumb as I move up the stack, the presence of msi.dll in the stack of the current examine thread.

Read the rest of this entry »

Posted in Office, Troubleshooting, Troubleshooting Tools | Tagged: , , , , | Leave a Comment »