Windows Explored

Everyday Windows Desktop Support, Advanced Troubleshooting & Other OS Tidbits

Posts Tagged ‘WinDbg’

Resolve Symbols in Process Explorer-Monitor Without Installing the Debugging Tools

Posted by William Diaz on January 31, 2012

Sometimes when you are troubleshooting with Process Explorer, it’s helpful to be able to view functions in threads to isolate a problem. The same goes for Process Monitor when viewing the Stack tab in the properties of an operation. By default, Process Explorer and Process Monitor will point to the dbghelp.dll in the windows\system32 folder, but this is a stripped down version and doesn’t support symbol server functionality. Instead, you need the dbghelp.dll from the Windows Debugging Tools to properly resolve symbols, otherwise you will encounter the Process Explorer Warning box when you click the Threads tab in process properties:
Read the rest of this entry »

Posted in Uncategorized | Tagged: , , | 1 Comment »

The Case of the IE Hangs and Missing PNG Images (or Killing Two Birds with One Stone)

Posted by William Diaz on January 9, 2012

The initial issue I was asked to look at started with Internet Explorer failing to gracefully exit. Instead, it would just hang and required manual intervention via the Task Manager to kill the iexplore.exe process. I connected remotely to the workstation and ran Process Explorer so I could examine IE’s threads for anything out of the ordinary. Sure enough, I saw the presence of a .tmp file:
Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , , , , | 5 Comments »

Your Hard Disk is Failing

Posted by William Diaz on October 5, 2011

Sometimes a BSOD is not a sign of a software issue but instead points to a hardware problem and might help explain the symptoms of bad system performance. That was the case recently when a user complained that she was having troubles trying to logon. The workstation was amazingly slow (can slow be amazing?) and then blue-screened on her randomly. My co-worker was handling this but he happens to sit right next to me and I jumped in when I heard the words “blue screen”. I unkindly interjected with “Lets get a minidump.” While he chatted her up, I went about getting her IP, connected via the UNC, went into C:\Windows\Minidump and grabbed the last two mini dumps for that day.

Minidumps excite me. To understand why, you need to have come across a great amount of support calls that usually end up trumping first tier technical support. Often times, these issues are too vague to narrow down if you don’t know how to handle a BSOD, and the incident remains open longer than it needs because it can’t be explained or reproduced immediately. The mini dump provides a means to sometimes quickly resolve what might otherwise become an unexplained system problem.

Minidumps are small, too. Between 64 and 256KB, they only record the smallest set of useful information that could help identify why the system stopped unexpectedly so there would be no problem copying from over a WAN. Once copied over to my workstation, I opened with WinDbg, clicked the !analyze -v  hyper command. Both dumps produced identical results: Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , , , | Leave a Comment »

Uninstalling Doesn’t Mean Its Been Completely Uninstalled

Posted by William Diaz on October 1, 2011

I don’t trust uninstallers. They always tend to leave something behind. Every now and then one of these orphaned components still ends up not playing well with some other application or the OS, resulting in crashing user-mode apps or the kernel. A good example of this was a previous post where I was experiencing a BSOD when running Process Monitor (read about it here) after installing a Microsoft application.

So, we have a workstation that is about to be sent off to be re-imaged because iLinc, a web conferencing application, is crashing when the user tries to join a session. I intervene because I hate to see these issue written off as unexplained. Who knows, the system gets re-imaged, the user installs some application again and the problem repeats itself (which it would have been the case here).

It happened that Dr. Watson, the Windows XP post-mortem default debugger, was capturing the user-mode crash so I jumped in without hesitation:
Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , , , | Leave a Comment »

Dumping A Thread to Find An Exception

Posted by William Diaz on August 3, 2011

Before any basic crash analysis, I always turn to the Windows Event view to find signs of problem. In the case here, the problem manifested itself as Outlook crashing when the user opened a particular Outlook form. Looking at the Windows Event Viewer, we see an application event for Outlook:
Read the rest of this entry »

Posted in Office, Troubleshooting | Tagged: , , | Leave a Comment »

Installation Failure of the Windows Debugging Tools

Posted by William Diaz on August 1, 2011

I have run into this a few times on various workstations: “Installation Failed. A problem occurred while installing selected Windows SDK components. Unknown product: {E7F9E526-2324-437B-A609-E8C5309465CB} Parameter name: productCode.”
Read the rest of this entry »

Posted in Troubleshooting | Tagged: | 2 Comments »

Troubleshooting and Resolving a Hang in 90 Seconds

Posted by William Diaz on June 3, 2011

I’m a stickler when it comes to performance issues on my workstation. So it bothered me when I noticed a small delay when right clicking on my desktop. By small, I mean literally 2 seconds. I opened SysInternals Process Explorer to quickly see if the CPU was spiking:
I looked at the all the processes to see which process was the offender but the 45-60% CPU time was the total of several processes. After the menu opened and a few seconds later the CPU% would drop down to a normal 0-1%.

30 Seconds… Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , | Leave a Comment »

Out With the Old, In(stall) With the New

Posted by William Diaz on April 12, 2011

It’s not uncommon for outdated drivers to have a negative impact on user applications. Without knowing how to do some basic crash analysis, finding an outdated problem driver can be quite daunting when you consider how many drivers there are on the average system. However, you can simplify this by looking for or obtaining a crash dump of the application.

In the case here, we have a user complaining of frequent crashes while working in Adobe Photoshop. This is an XP system so I am hoping that Dr Watson, the default post mortem debugger*, is capturing the crash. I ask for the computer name and UNC to the location where the drwtsn32.log and user.dmp files are written when an exception is caught; this can be found in \Documents and Settings\All Users\Application Data\Microsoft\Dr Watson. Both files are there and have a recent modify date-time, and I copy both of these to my system for analysis.

Because Photoshop is primarily graphics, I am guessing we might find a graphics driver somewhere in either file along with an exception. I start by opening the drwtsn32.log, a plain text file that records a history of all the crashes it captured. The file is read from the bottom since this is where the latest information is added. From there, I do a text search going up for the word application to verify that Photoshop is the crashing application:
Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , | Leave a Comment »

Size Matters

Posted by William Diaz on April 8, 2011

Open exiting some client management software program each time, our user ran into the following error: “The instruction at … references memory at …. The memory could not be ‘read’…
This is a network based application that relies on .Net 1.1 so previous troubleshooting involved removing and reinstalling the .Net dependencies, all to no avail. An important detail was overlooked, though, which would have saved us time and get the issue properly escalated: our user was a timekeeper for another user, who also was running into the same error on their workstation when exiting the application. From this minor detail, we could assume the issue was not workstation or user specific.

Beyond this, I have no insight behind the internal workings of this application. But, that did not mean we cannot turn to the power of the dump to get an idea of what was happening. When you encounter such an error dialog, do not click OK, do not pass go, do not collect $200. Instead dump the crashing process.

After creating a .dmp file, I copied it to my workstation and opened with WinDbg from the Windows Debugging Tools. In the only thread was an important clue in the top frame of the stack (you read threads and stacks going up, so this would be the last routine before crashing):
cmsbase is the module and the “!” tells us where the function starts, in this case CMSTempFile Size. Then user heard me muttering to myself this and noted that the attorney’s Subscription List was rather large. Upon escalation to the software developer, this issue was confirmed as a bug with large subscription lists. To correct, the subscription list needed to be shortened (or recreated in cases where it persisted).

Posted in Troubleshooting | Tagged: , | Leave a Comment »

The Case of the Print to PDF Hangs

Posted by William Diaz on April 4, 2011

One morning I started hearing a few reports of cases where users were not able to print to the BullZip PDF software printing device. After a wait of 5 minutes, the BullZip printer would return the following error: “An error occurred. Error 1008: Ghostscript timed out – Make PDF

Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , , | Leave a Comment »