Windows Explored

Everyday Windows Desktop Support, Advanced Troubleshooting & Other OS Tidbits

Archive for the ‘Inside Windows’ Category

SSDs, Windows 7 & Lackluster Boot Performance

Posted by William Diaz on March 2, 2012

I came across a Technet blog recently that described an issue where boot performance on newly imaged workstations with Windows 7 and Solid State Drives was inhibited because the Windows System Assessment Tool was disabled in the image. As a result, WinSAT did not detect the presence of the SSD and treated the drive as a normal hard disk (one with platters). This turned out being a big find because our future Windows 7 also had WinSAT disabled. Read about it here: Windows 7, Solid State Drives and Why A WinSAT Score Matters.

Posted in Inside Windows | Tagged: , | Leave a Comment »

A Quick Glance At The UserAssist Key in Windows

Posted by William Diaz on February 6, 2012

I recently found myself needing to examine a workstation in an attempt to determine what had taken place on it before it started to act up. I was curious what programs were run or what objects were accessed. All kinds of data is spread across the registry, but a good place to look when you want to forensically gather what was happening within the context of a user session is to look in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist. Within UserAssist, you will find a few {GUID} keys that each have a corresponding Count key:
Read the rest of this entry »

Posted in Inside Windows | 2 Comments »

When A GUI Goes Missing (and Worse, It Has No Presence in the Taskbar)

Posted by William Diaz on February 3, 2012

…you might find yourself scratching your head as to why some application seems to not be responding. Normally, when a GUI or an application opens off the screen and cannot be seen, you can just right-click (Shift + Right-Click in Windows 7) the task in the Taskbar and Select Move and drag it back into focus. This area off the screen can be thought of as the virtual desktop area. But what if the GUI does not have a presence in the Taskbar?

For example, we have an in-house developed GUI that connects Word, Excel, and PowerPoint to our document management system for opening or saving documents to it. Unfortunately, the GUI doesn’t have a presence in the Windows Taskbar. Because of this, every once-in-a-while when someone opens the GUI via Save or Open, it fails to appear and the application that it was opened from acts as if it has become unresponsive. Looking in the Task Manager, though, reveals the application is, in fact, running:
Read the rest of this entry »

Posted in Inside Windows, Troubleshooting | 1 Comment »

Explaining Regsvr32 (Best Efforts)

Posted by William Diaz on January 6, 2012

After a recent upgrade to a non-Windows component, we started a seeing a few complaints of Windows Script Engine issues, manifesting themselves as Internet Explorer issues or the failure to execute VB scripts on the local workstations. After isolating the issue to a problem registry value for VBscript and JScript, the issue was resolved by re-registering these components. In doing so, I became a little curious about the whole regsvr32 process and did a little investigating into what happens when regsvr32 is executed.

For starters, think of an unregistered DLL like a person without an identity. You exist, but without a social security number, an address, or any other official documentation, you’re just not a functional part of society. If you want to work, contribute, or be known, you need to walk into the local social security office and start by getting an SSN (yes, the Windows registry is a bureaucratic institution).

I use Process Monitor to do a simple trace all regvsr32.exe operations1. In the example here, I am going to unregister and then register a module. It doesn’t really matter which one, but I want to use one where the effects of unregistering it are obvious. I start by un-registering jscript9.dll, the Windows Script Engine for Internet Explorer 9. Read the rest of this entry »

Posted in Inside Windows | Tagged: | Leave a Comment »

JScript is not Java (But Kinda Like JavaScript [LiveScript])

Posted by William Diaz on January 5, 2012

Recently, we began seeing a several complaints about missing menus, missing form fields, and search failures in Internet Explorer after a recent upgrade to a component of our AV suite. One of these complaints came to my attention after one of my co-workers also was baffled by missing menus he could not account for in Kronos, an employee time management application that runs in Internet Explorer and relies on the Sun/Oracle Java platform, despite that fact that Java was reinstalled, along with the browser in an attempt to correct.

In all cases, I found that jscript.dll needed to be re-registered to correct. So the question became “Why didn’t installing Java handle that?” The short answer is Jscript is not Java. Jscript can be thought of as an implementation of the Microsoft Windows Script Engine (think VBScript, too). It is based on an open source programming language, ECMAScript, similar to JavaScript (also once known as LiveScript), which was created by Netscape. Some people like to say that MS Jscript was a rip-off of JavaScript, but this doesn’t hold since it is based on open source scripting language.

This Microsoft KB article states “…JScript is a high-performance scripting language designed to create active online content for the World Wide Web. JScript allows developers to link and automate a wide variety of objects in Web pages, including ActiveX controls and Java programs. Microsoft Internet Explorer is designed to interpret JScript embedded into Web pages.”

Anyways, if you are encountering similar issues and are at a loss to explain, try registering this DLL. In Windows XP, this can be done from a command prompt or the Windows Key+R by typing regsvr32 jscript. Read the rest of this entry »

Posted in Inside Windows | Tagged: | 1 Comment »

Exploring Video-Graphics Performance – Event IDs 500 and 501

Posted by William Diaz on December 8, 2011

If you had a chance to review the Diagnostics-Performance logs, you may have encountered warning events coming from event ID 500 “The Desktop Window Manager is experiencing heavy resource contention. Video memory resources are over-utilized and there is thrashing happening as a result…” or 501 “…Graphics subsystem resources are over-utilized.”
Read the rest of this entry »

Posted in Inside Windows, Troubleshooting Tools | Tagged: , | 2 Comments »

When A Process Does Not Exit Normally

Posted by William Diaz on November 28, 2011

i.e., it crashes.

When processes exit, they should exit with a status code that indicates whether or not it exited gracefully or abnormally. This comes in helpful when you need to examine large Process Monitor logs and want to isolate the time of the crash. Simply filter for Process Exit:
Read the rest of this entry »

Posted in Inside Windows | Tagged: , | 1 Comment »

Knowing Your File and Folder Naming Limitations

Posted by William Diaz on November 7, 2011

Sometimes, the obvious is over looked because error messages often do not allude to the actual problem being encountered. For example, the online document management service eRoom presenting the following error when trying to open a file: “Unfortunately, eRoom was unable to open this file, because the directory could not be found.
At first glance, this doesn’t means anything. But examining the settings of the application provides a clue:
Read the rest of this entry »

Posted in Inside Windows, Troubleshooting | Leave a Comment »

Isolating Disk Activity To A Process

Posted by William Diaz on September 21, 2011

The other night I noticed the hard drive light on my laptop was solid for several minutes, indicating some fairly aggressive disk file IO. There were no open applications and I didn’t have any scheduled services running, not even the Windows 7 defrag (yeah, I still like to do everything manually). I also had a virtual Windows XP machine running inside Windows 7 but there were no open applications there, either. A knee-jerk reaction of mine when I see this is to open the Task Manager and look for any processes that are using an excessive amount of CPU time, but there were none, and the system remained mostly idle with respect to the CPU counter in both Windows 7 and the virtual machine it was hosting.

To see what was causing the unknown disk IO, I started by adding a few more columns to the Windows 7 Task manager: I/O Read, I/O Writes, I/O Read Bytes, and I/O Write Bytes. I sorted the columns by both read bytes and write bytes and the process using the most disk IO was the vpc.exe process, the Virtual PC:
Read the rest of this entry »

Posted in Inside Windows | Tagged: , | 1 Comment »

Examining Windows 7 Boot Performance

Posted by William Diaz on September 7, 2011

Boot performance in Windows Vista and 7 has become such a focus that a whole area of the Event Viewer is dedicated to it. Here, you can investigate boot metrics and troubleshoot causes of slow boot up times. You can find these events under Diagnostics-Performance by going to Event Viewer > Applications and Service Logs (this part of the tree will take a few seconds to expand) > Microsoft > Windows. Read the rest of this entry »

Posted in Inside Windows, Troubleshooting, Troubleshooting Tools | Tagged: | 2 Comments »