In this episode of Defrag Tools, Andrew Richards talks to Andy Luhrs and Bill Messmer from the Debugging Tools for Windows team. We talk about the new JavaScript extensibility and scripting abilities in WinDbg available in the WDK and SDK build 14951 and newer. Blog - https://blogs.msdn.microsoft.com/windbg/Email - windbgfb@microsoft.com Bill leveraged the debugger object model previously in these episodes: Defrag Tools #138 - Debugging - 'dx' Command Part 1Defrag Tools #139 - Debugging - 'dx' Command Part 2Defrag Tools #169 - Debugging Tools for Windows TeamTimeline: [00:00] Welcome and introductions[00:24] New SDK drop[00:29] Why JavaScript[02:07] New commands[03:50] Visual Studio Code[04...
Tweet
In this episode of Defrag Tools, Andrew Richards talks to Andy Luhrs and Bill Messmer from the Debugging Tools for Windows team. We talk about what the team develops, what it is working on, the debugger object model, their blog and their feedback email address. Blog - https://blogs.msdn.microsoft.com/windbg/Email - windbgfb@microsoft.comBill leveraged the debugger object model previously in these episodes: Defrag Tools #138 - Debugging - 'dx' Command Part 1Defrag Tools #139 - Debugging - 'dx' Command Part 2Timeline: [00:00] Welcome and introductions[01:20] What application's are in the Debugging Tools for Windows?[01:57] Kernel Transports - COM, USB, 1394/Firewire, Network[02:34] Symbol Too...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk to Nashaat Soliman and Paresh Maisuria (program manager and developer from the Windows kernel power team) about the "Sleep Study" feature in the Powercfg tool, and how you can use it to diagnose battery drain issues on Modern Standby systems. For related content on power management and analysis using Powercfg, refer to the following earlier episodes: Defrag Tools #157 - Energy Estimation Engine (E3)Defrag Tools #159 - PowercfgFor additional details on Sleep Study, see this blog post: Sleep Study: Diagnose what's draining your battery while the system sleepsTimeline: [00:00] Welcome and introductions[02:55] Power...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to determine the root cause of various application crashes which have occurred on Andrew's computer. We use Sysinternals ProcDump to capture the dumps. While debugging, we take a side trip into configuring colors for Compressed and Encrypted files in Windows Explorer, and use Sysinternals Process Monitor to determine why the debugger was getting an Access Denied when loading the PDE Debugger Extension. We did a similar investigation in these two episodes: Defrag Tools #135 - Debugging User Mode Crash Dumps Part 1Defrag Tools #136 - Debugging User Mode Crash Dumps Part 2We cover how to i...
Tweet
In this episode of Defrag Tools, Sylvain Goyette joins Chad Beeder to discuss performance tracing of Universal Windows Platform (UWP) apps. (Sorry that Sylvain's screen is somewhat hard to read; we had some technical issues with the screen capture session.) Resources:Assessment and Deployment Kit (ADK) including the Windows Performance ToolkitRelated Videos (from Build events):Data Binding: Boost Your Apps' Performance Through New Enhancements to XAML Data BindingXAML Performance: Techniques for Maximizing Universal Windows App Experiences Built with XAMLHow to Analyze Performance Issues in Your Windows and Windows Phone AppsQuality and Performance for XAML AppsApp Performance: The Mental M...
Tweet
In this episode of Defrag Tools, Sylvain Goyette joins Chad Beeder to talk about how to collect performance traces during Windows OOBE (Out of Box Experience). (Sorry that Sylvain's screen is somewhat hard to read; we had some technical issues with the screen capture session.) Resources and related episodes:Defrag Tools #154 - Memory Footprint and LeaksDefrag Tools #155 - Boot PerformanceDefrag Tools #156 - Critical Path Analysis with Windows Performance AnalyzerAssessment and Deployment Kit (ADK) Timeline:[00:00] Welcome and introductions[02:46] How to enable performance tracing during OOBE? Use autologgers (ETW tracing which starts automatically on boot).[05:59] From the ADK's Windows Ass...
Tweet
In this episode of Defrag Tools, Mark Russinovich and Andrew Mason (Program Manager for Nano Server) join Andrew Richards to discuss the release of the Sysinternals tools for Windows Server - Nano Server. Over 40 of the Sysinternals tools have been updated to support the headless execution on Nano Server via a remote shell (e.g. PowerShell, PsExec, SSH). You can download the full set by clicking on the Sysinternals Nano Server Suite on the Sysinternals suite page, and each tool that supports Nano Server reports that on its download page. The Nano versions are also compatible with 64-bit Windows and have "64.exe" as their suffix in the download files. Many of the updated tools incl...
Tweet
In this episode of Defrag Tools, Chad Beeder and Andrew Richards discuss Virtual Hard Disk (VHD) files. We first dive into what a VHD is, how you can boot from a VHD by configuring bcdedit settings, and we see how they look in Disk Management. We then use Sysinternals Disk2VHD - a quick and easy way to make a VHD from a Physical drive. We also discuss the Volume Shadow Copy Service. Additional Resources:Sysinternals Disk2VHDScott Hanselmen - Guide to Installing and Booting off a VHD Timeline:[00:00] Building 20 and the Channel 9 Studio[02:12] bcdedit - Booting from partition (physical disk) - osdevice|device: partition=C:[04:37] "Choose an operating system" - Physical and Virtual ...
Tweet
In the spirit of Star Trek crossovers, Andrew Richards and Chad Beeder pay a visit to Gov (Rhymes With Orange) Maharaj, the co-host of The Defrag Show. We talk about how each series got started, the focus of each, and how the two sometimes overlap. Gov has a wealth of knowledge, a lot of it being garnered from his role as a developer on the Windows Application and Device Compatibility Team for over 16+ years, but also by doing research for you, to answer your questions. In this episode we cover a lot of things, but of note, we talk about the version of Windows. How it is reported to applications and drivers, and the common misconception that the version number represents functionality. ...
Tweet
In this episode of Defrag Tools, Chad Beeder and Andrew Richards walk through using various tools to determine what is causing Andrew's computer to be slow and unresponsive. Resources: Process ExplorerProcess MonitorAutoruns Mark Russinovich Videos on Windows Internals: 2nd video is the video referenced by Andrew. Mark Russinovich: Inside Windows 7 ReduxMark Russinovich: Inside Windows 7Mark Russinovich: On Working at Microsoft, Windows Server 2008 Kernel, MinWin vs ServerCore, HyperV Questions/comments? Email us at defragtools@microsoft.com
Tweet
In this episode of Defrag Tools, Chad Beeder and Andrew Richards discuss the PsPing command-line tool from Sysinternals - a more powerful replacement for the default "ping" command, which also adds additional capabilities such as bandwidth measurement. Additional Resources: PsPing ProcDump Debugging Tools for Windows (includes WinDbg) Timeline: [00:00] Introductions and overview.[02:12] Plain vanilla "ping" command and its limitations[05:15] PsPing allows you to ping a different port than the standard ICMP "ping" port[08:35] Andrew's story about using PsPing to troubleshoot a network problem at home[11:14] Demo: using PsPing to measure network bandwidth[17:58] ...
Tweet
In this episode of Defrag Tools, Chad Beeder and Andrew Richards discuss the Powercfg command-line tool in Windows, which allows you to configure power management settings, and analyze power and battery usage. Additional Resources: Powercfg Command-Line Options Timeline: [00:00] Introductions and overview. Welcome back, Andrew![03:35] One facet of Powercfg is that it offers the command line equivalent of the Power Options GUI[07:02] The /availablesleepstates shows the sleep state capabilities of your system[08:08] You can enable/disable Hibernation (S4) with the /hibernate switch.[09:27] The /devicequery switch is useful to tell you which devices on your system are capable of waking it from...
Tweet
In this episode of Defrag Tools, Chad Beeder and Jorge Novillo discuss a power saving feature in Windows: hardware offloading of Audio Processing Objects (APOs). We demonstrate how to use Media eXperience Analyzer (MXA) to determine whether audio offload is working on a given system.Additional Resources: Implementing Hardware Offloaded APO EffectsWindows 8.1 Audio streaming - Part 2: Power savings via H/W offloadWhat's New in Audio for Windows 10 Timeline: [00:00] Introductions and overview[02:25] To see if it's working: first capture a trace in Windows Performance Recorder (see Defrag Tools #149 for a demo)[04:43] Examining the first trace. First look for the Audio_Render events to confirm...
Tweet
Collecting and visualizing Windows 10 Energy Estimation Engine (E3) data with "powercfg /srumutil" and ExcelIn this episode of Defrag Tools, Chad Beeder and Jorge Novillo take a look at the Energy Estimation Engine (E3) in Windows, and how to use it to get detailed information about battery usage. Note: In addition to viewing data from a single device, as demonstrated in the video, an OEM, during device pre-production, or an enterprise IT administrator could create domain scripts to generate and collect E3 SRUMUTIL logs on a daily or weekly basis and collect the information in a database. This would allow the OEM or enterprise to analyze energy usage data from devices, and identif...
Tweet
In this episode of Defrag Tools, Chad Beeder and Sylvain Goyette demonstrate how to do critical path analysis in Windows Performance Analyzer (WPA), to troubleshoot apps which have an unresponsive UI. WPA is available in the Assessment and Deployment Kit (ADK). Timeline: [00:00] Introductions and overview[02:10] Thread scheduling states (for lots of details see the Windows Internals book)[04:28] Sylvain's sample app - click a button and the UI hangs[05:10] To diagnose: Launch Windows Performance Recorder and get a verbose mode trace using First level triage and CPU usage profiles.[07:40] Open the trace in Windows Performance Analyzer. Make sure you have the symbol path configured (including...
Tweet
In this episode of Defrag Tools, Chad Beeder and Sylvain Goyette discuss how to analyze and optimize Windows boot performance, using tools available in the Assessment and Deployment Kit (ADK). Timeline: [00:00] Introductions and overview[01:31] In-box feature: Task Manager Startup tab will show estimated startup impact of various processes and let you disable them[02:10] More scientific measurement: Use the ADK's Windows Assessment Console to run the Boot performance assessments. There are two: Fast Startup and Full Boot.[02:52] Discussion of traditional (Full Boot) vs. Fast Startup/Hybrid Boot (introduced in Windows 8)[05:12] Various options you can configure when running the Boot performa...
Tweet
In this episode of Defrag Tools, Chad Beeder and Sylvain Goyette discuss how to diagnose issues related to memory usage, using tools available in the Assessment and Deployment Kit (ADK). We cover two scenarios: Looking at the baseline memory footprint of a particular Windows installation, and comparing it to the usage during a certain activityDiagnosing memory usage and leaks in a particular app.Timeline: [00:00] Introductions and overview[01:43] Scenario 1: Get a baseline memory measurement of your system at idle, using the Windows Assessment Console. Run the Memory footprint assessment.[04:08] Open the resulting XML file to see who is using what memory[08:33] Collect a memory usage snapsh...
Tweet
In this episode of Defrag Tools, Chad Beeder and Jorge Novillo wrap up a series on Media eXperience Analyzer (MXA). We examine one more audio glitch scenario, and show how to use MXA to determine what caused the problem. Media eXperience Analyzer (formerly WindowsXRay) is a tool used to visualize ETW traces, with a particular emphasis on media scenarios such as audio/video capture and playback. For an introduction to MXA, and explanation of how to capture a trace, refer to Defrag Tools Episode #149. Timeline:[00:00] Introductions and overview[01:20] Loading the trace into MXA[01:50] Step 1: Start with the Audio Glitches dataset to see where we need to look in the trace[02:52] Step 2: Look a...
Tweet
In this episode of Defrag Tools, Chad Beeder and Jorge Novillo continue a series on Media eXperience Analyzer (MXA). We examine a video glitch scenario, and show how to use MXA to determine what caused the problem. Media eXperience Analyzer (formerly WindowsXRay) is a tool used to visualize ETW traces, with a particular emphasis on media scenarios such as audio/video capture and playback. Timeline:[00:00] Introductions and overview[01:10] For an introduction to MXA, and explanation of how to capture a trace, refer to Defrag Tools Episode #149.[01:20] Loading the trace into MXA[02:28] Step 1: Look at the Video Glitches and Video Glitches Severity datasets to see where the glitches happened a...
Tweet
In this episode of Defrag Tools, Chad Beeder and Jorge Novillo continue a series on Media eXperience Analyzer (MXA). We examine an audio glitch scenario, and show how to use MXA to determine what caused the problem. Media eXperience Analyzer (formerly WindowsXRay) is a tool used to visualize ETW traces, with a particular emphasis on media scenarios such as audio/video capture and playback. Timeline:[00:00] Introductions and overview[00:29] For an introduction to MXA, and explanation of how to capture a trace, refer to Defrag Tools Episode #149.[01:11] Example: Playing a video, seeing both audio and video glitches[02:16] Loading the trace into MXA[02:55] Step 1: Look at the Audio Glitches da...
Tweet
In this episode of Defrag Tools, Chad Beeder is joined by Jorge Novillo and Jose Baldner. We look at some of the technologies introduced in recent Windows versions to reduce power consumption and improve battery life during video playback on newer hardware, and use Media eXperience Analyzer (MXA) to see whether they are working. Media eXperience Analyzer (formerly WindowsXRay) is a tool used to visualize ETW traces, with a particular emphasis on media scenarios such as audio/video capture and playback. Timeline:[00:00] Introductions and overview[01:42] To capture a trace, refer back to Episode #149.[02:48] Low refresh rate for video playback (48 Hz in our example)[10:36] Processor frequency...
Tweet
In this episode of Defrag Tools, Chad Beeder is joined by Jorge Novillo and Jose Baldner to introduce us to Media eXperience Analyzer (MXA). Media eXperience Analyzer (formerly WindowsXRay) is a tool used to visualize ETW traces, with a particular emphasis on media scenarios such as audio/video capture and playback. Timeline:[00:00] Introductions[01:20] What is MXA? What's it good for?[05:34] Installing and setting up MXA (Download link). You also should install Windows Performance Toolkit which is included in the Assessment and Deployment Kit.[07:28] Demo #1: Collecting a trace to analyze in MXA - full of audio and video playback glitches[11:02] Before loading a trace, make sure the symbol...
Tweet
In this episode of Defrag Tools, Chad Beeder is joined by Jorge Novillo and Jose Baldner to introduce us to Media eXperience Analyzer (MXA). Media eXperience Analyzer (formerly WindowsXRay) is a tool used to visualize ETW traces, with a particular emphasis on media scenarios such as audio/video capture and playback. Timeline:[00:00] Introductions[01:20] What is MXA? What's it good for?[05:34] Installing and setting up MXA (Download link). You also should install Windows Performance Toolkit which is included in the Assessment and Deployment Kit.[07:28] Demo #1: Collecting a trace to analyze in MXA - full of audio and video playback glitches[11:02] Before loading a trace, make sure the symbol...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about Windows Installer and the ORCA Editor. The ORCA Editor is used to view and author Windows Installer files (*.msi, *.msm, *.msp, *.mst). Timeline:[01:20] - Windows Installer files[02:28] - "MSI Tools" in the Windows 10 SDK[07:22] - ORCA Editor[16:26] - Windows Installer Logging - voicewarmup[18:32] - Sequencing[23:58] - "Windows Logo" Validation[25:08] - Email us your issues at defragtools@microsoft.com
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about Dependency Walker. A tool used to view the DLL Import dependencies of EXEs and DLLs, and to view the Exports. Timeline:[01:20] - View EXE/DLL dependencies[04:34] - http://dependencywalker.com/[07:15] - Depends.exe[08:08] - API Sets[10:30] - LoadLibrary/GetProcAddress[11:30] - Exports by Name or Ordinal[17:50] - Email us your issues at defragtools@microsoft.com
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about WinDiff. A tool used to compare folders and files. Timeline:[01:20] - WinDiff[02:55] - x64 version available on Defrag Tools OneDrive[04:53] - File or Directory compare[10:22] - Alt-B (Both), Alt-L (Left), Alt-R (Right)[11:40] - F7 (Previous Change), F8 (Next Change)[13:00] - Outline/Expand (Esc)[14:44] - Tab Width (4 characters instead of 8 characters)[18:00] - Email us your issues at defragtools@microsoft.com
Tweet
In this special episode of Defrag Tools, following up on our most recent expeditions through the Microsoft Archives, Chad Beeder visits the Living Computer Museum in Seattle, and takes a hands-on trip through their extensive collection of Microsoft-related artifacts, with tour guide Aaron Alcorn. Timeline:[00:00] Welcome to the Living Computer Museum![02:40] DEC PDP-7 from 1964 - only working example of a PDP-7 in the world today.[05:19] Bill Gates and Paul Allen in school: teletype connection to a GE mainframe[07:10] MITS Altair 8800 running Microsoft's first product: Altair BASIC[14:39] Gates and Allen didn't have an Altair to write software on - they had to make an emulator on a DEC PDP-...
Tweet
In a two part special for Defrag Tools, Raymond Chen joins Andrew Richards and Chad Beeder to celebrate the 30 years of Windows. We travel to the Microsoft Archives building to reminisce over a selection of products that Microsoft has produced over the 30 years. Resources:Microsoft Archives - Campus ToursMicrosoft Archives - Microspotting
Tweet
In this on-location special for Defrag Tools, Andrew Richards and Chad Beeder invade Raymond Chen's office. Raymond is a 23yr veteran of Microsoft, who's worked on everything from MS-DOS to the Windows 10 UI. We talk about his Blog and Book Old New Thing, Security Reports on the wrong side of the Airtight Hatchway, various Microspeak terms including 'North Star' and Bedlam, Code Samples, and lot's of other random stuff. Resources:Blog - Old New ThingBook - Old New ThingBedlam - Larry Osterman's WeblogBedlam - The Exchange Team Blog - Me Too! Timeline:[00:00] Studio E[01:45] The "Reference" sign[02:25] Raymond Chen's history[04:02] SDK Samples[12:26] Old New Thing [20:14] The Book[...
Tweet
In a two part on-location special for Defrag Tools, Andrew Richards and Chad Beeder invade Larry Osterman's office on his 31st anniversary at Microsoft. Last week, we talked about his various office moves and the collection of artifacts in his office. This week we continue the visit and do a deep dive in to API Contracts. API Contracts are used to define and package the various Windows 10 SKUs for PC, Phone, HoloLens, Surface Hub, Xbox, IoT, etc. Resources:Larry Osterman's WeblogLarry Osterman on Channel 9
Tweet
In a two part on-location special for Defrag Tools, Andrew Richards and Chad Beeder invade Larry Osterman's office on his 31st anniversary at Microsoft. This week, we talk about his various office moves and the collection of artifacts in his office. Next week we continue the visit and do a deep dive in to API Contracts. API Contracts are used to define and package the various Windows 10 SKUs for PC, Phone, HoloLens, Surface Hub, Xbox, IoT, etc. Resources:Larry Osterman's WeblogLarry Osterman on Channel 9
Tweet
In this second episode of a two part series of Defrag Tools, Bill Messmer joins Andrew Richards and Chad Beeder to talk about the new 'dx' command in the Windows Debugger. Questions? Email us at defragtools@microsoft.com
Tweet
In this two part series of Defrag Tools, Bill Messmer joins Andrew Richards and Chad Beeder to talk about the new 'dx' command in the Windows Debugger. Questions? Email us at defragtools@microsoft.com
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to debug some kernel mode memory dumps. We investigate a kernel mode crash (BSOD), and a system hang. [00:00] Introduction - kernel mode vs. user mode debugging[02:18] Dump #1: minidump of a Stop 0xD1 (DRIVER_IRQL_NOT_LESS_OR_EQUAL)[03:24] Start with !analyze -v[04:58] Debugger help has comprehensive list of bug check codes[07:45] Do a web search for the functions on the stack[08:58] Most likely this crash is fixed by KB 3055343[10:22] Dump #2: Manually-generated crash dump of a system hang, submitted by Channel 9 viewer Tom[11:22] Dump was forced via keyboard: Forcing a System Crash fr...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to dig into a few more application crashes which have occurred on Andrew's computer. [00:00] - Intro (summertime in the Pacific Northwest)[02:24] - Dump #1: Windows Store application (hosted by WWAHost.exe)[03:28] - Exception c000027b - Stowed Exception. Use !pde.err to look at it.[04:52] - !analyze -v answers most of these questions for you[05:32] - !pde.dse to display stowed exceptions[08:30] - How exceptions get stowed (RoOriginateLanguageException)[10:17] - Sometimes we have the stack which threw the exception. If so, use !dpx to search for evidence of what caused the problem.[12:26...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to determine the root cause of various application crashes which have occurred on Andrew's computer. Timeline:[00:00] - Intro... how we got these dump files (ProcDump)[02:15] - Dump #1: An internal MSIT tool which crashed. Make sure to match the architecture (x86/x64).[04:33] - Exception context record and stored CLR exception - get back to where the problem happened[08:42] - .lastevent tells you which thread the problem was on and the exception code[09:29] - Looking at the exception record with .exr[10:30] - Looking up error codes - !err (from PDE) vs. !error[12:45] - Using the SOS.dll...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder look in to Microsoft Symbol Proxy (SymProxy). SymProxy is used to cache symbols (positive and negative) from one or more upstream symbols servers. We cover the installation into IIS, and the monitoring via Performance Monitor and Event Viewer. Timeline:[00:00] - Overview of Symbol Proxy (SymProxy)[02:00] - SymProxy (MSDN)[04:25] - Enabling the IIS Features required[07:37] - Site level MIME Types: .* | application/octet-stream[08:58] - Symbol "Theory" (MSDN)[10:40] - Installing SymProxy with Install.cmd and staticContentClear.xml[14:00] - IIS Manager - view the site[07:22] - Registry - HKLM\SOFTWARE\Microsoft\Symbol S...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder look in to why Win-R can launch some apps, but the Command Prompt can't. Timeline:[00:00] - W1ND(X)WS T-shirt[02:38] - Andrew's PATH from Episode #132[03:30] - Why does Excel launch from Win-R, but not from a CMD prompt?[04:25] - Trace the launch with Process Monitor[05:12] - Exclude Events after the Process Start event of excel.exe[06:27] - Filter to Explorer (the app that launches Excel)[06:50] - Filter to SUCCESS (as failures don't achieve anything)[06:50] - Filter out the Close type events (as they don't achieve anything)[07:22] - Search for 'excel'[07:22] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths[08:42] -...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder bring sense the to Windows Search Path (%PATH%). Timeline:[00:00] - Getting the %PATH%; set PATH or path[01:25] - path | clip[01:56] - Leverage Excel to organize the PATH[02:21] - Data | Convert Text to Columns - Delimiter Semicolon[03:03] - Paste Special | Transpose[03:50] - Remove Duplicates[03:58] - Sort[25:12] - Put them in a logical order (most important first)[06:38] - Copy-Paste into Notepad[06:57] - Search-Replace TAB with Semicolon[07:18] - Set the new %PATH% - This PC | Properties, Win+Pause, Win-X-Y[09:04] - Process Monitor - View the OS searching though the folders...[10:38] - "Bit Rot"[12:38] - Email...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder walk you through the download of the Windows 10 SDK and the latest Sysinternals tools. We harvest the Debugging Tools for Windows, Windows Performance Toolkit, and Application Verifier files from the SDK. Previous Versions:Windows 7.0Windows 8.0Windows 8.1Windows 8.1 Update Resources:SysinternalsWindows 10 SDKDefrag Tools OneDrive (SIEExtPub, PDE & Scripts) Timeline:[00:00] - Windows 10[02:47] - The USB Stick/OneDrive "Lightsaber"[04:26] - Sysinternals Suite[04:12] - Windows 10 SDK[08:44] - While we wait... configure ProcDump as the AeDebug Debugger (c:\dumps\procdump.exe -ma -i)[11:42] - Install the Windows 10 S...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder discuss services in Windows. We look at several tools for managing services, and discuss how they are implemented. Timeline: [00:00] - Intro - what is a service?[01:20] - Using the Services MMC to view and manage services[03:13] - Starting in Windows 8, Task Manager can now manage services too[04:05] - sc query[05:15] - Sysinternals Process Explorer can view services[05:56] - Services share svchost.exe processes, grouped by a group name[06:51] - Moving a service into its own Svchost process for debugging purposes (see also this blog post)[11:10] - net command (net start/stop/pause/continue)[13:39] - Different service start typ...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue to discuss Networking. We look at more inbox tools (netsh, tracert, ping, psping, net) and talk about Receive-Side Scaling (RSS), TCP Chimney Offload and the TCP Receive Window. Timeline: [00:00] - LAN Manager (Larry Osterman Part 1 & Part 2)[00:52] - netsh interface tcp show global[02:22] - KB9513037[02:34] - Receive-Side Scaling (RSS)[02:34] - netsh interface tcp set global rss=enabled/disable/default[04:54] - Chimney Offload[04:54] - netsh interface tcp set global chimney=enabled/disable/default[07:50] - TCP/IP Receive Window[10:40] - netsh interface tcp set global autotuninglevel=normal/disable[12:26] - Latenc...
Tweet
In the next two episodes of Defrag Tools, Andrew Richards and Chad Beeder discuss Networking. We look at various inbox tools, including ipconfig, route, netstat, arp, nslookup, tracert, ping, psping, net and netsh. Timeline: [00:00] - 10Base2 LAN parties... (not 10BaseT; Andrew's long-term memory is failing)[01:55] - Microsoft TCP/IP Training (70-059). e.g. Amazon has it for $0.01[04:00] - ipconfig /all[06:10] - ipconfig /release & ipconfig /renew[07:30] - IP Address - Subnet Mask and Default Gateway[08:24] - route /print (or) netstat -r[09:50] - Interface Metric[11:44] - Task Manager - Performance Graphs[13:50] - Static Routes: route add ...[16:30] - Gateway vs Metric routing; WiFi vs ...
Tweet
In this episode of Defrag Tools, David Stephens joins Andrew Richards to discuss the IE F12 Console, including some of the new features available in the Windows 10 Tech Preview. Resources: Using the F12 Developer Tools Timeline: [00:00] HP Stream 7 - $79 inc. $25 Windows Store Gift card[02:37] Intro - David Stephens[03:30] Command Line API -- $, $$, $_, $0-$4, dir, console.clear[12:22] Message Formatting - console.info/warn/error/group/groupCollapsed/groupEnd[17:07] Network Errors[19:55] Message Locations[21:55] Clickable URLs[23:00] ... and more[25:23] Send feedback! davidstr@microsoft.com[26:03] Email us at defragtools@microsoft.com
Tweet
In this episode of Defrag Tools, Andy Sterland joins Chad Beeder to discuss the IE F12 Developer Tools, including some of the new features available in the Windows 10 Tech Preview. Resources: Using the F12 Developer Tools Timeline: [00:00] Intro - Andy Sterland[01:00] DOM Explorer (with pretty printing)[03:37] Just My Code - never debug 3rd party code[11:05] Tracepoints (instrument code without having to redeploy it)[16:31] New source navigation features: Find References and Go To Definition[19:07] Improved debugging: XHR breakpoints, addEventListener asynchronous instrumentation[22:02] Heads Up Display - real-time performance monitoring for slow sites
Tweet
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 8 of this series, we show how to analyze the GC with PerfView. Resources:Download PerfView from Microsoft Download CenterPerfView Tutorial on Channel 9 Related Defrag Tools:Defrag Tools: #33 - CLR GC - Part 1Defrag Tools: #34 - CLR GC - Part 2Defrag Tools: #35 - CLR GC - Part 3Defrag Tools: #36 - CLR GC - Part 4
Tweet
In this episode of Defrag Tools, Wade Mascia joins Andrew Richards and Chad Beeder to discuss the debugging analysis tool, DebugDiag. In part 4 of this 4 part series, we continue delving in to the features of DebugDiag. Resources:Debug Diagnostic Tool - BlogDebugDiag 2 Update 1 - Download
Tweet
In this episode of Defrag Tools, Wade Mascia joins Andrew Richards and Chad Beeder to discuss the debugging analysis tool, DebugDiag. In part 3 of this 4 part series, we continue delving in to the features of DebugDiag. Resources:Debug Diagnostic Tool - BlogDebugDiag 2 Update 1 - Download
Tweet
In this episode of Defrag Tools, Wade Mascia joins Andrew Richards and Chad Beeder to discuss the debugging analysis tool, DebugDiag. In part 2 of this 4 part series, we continue delving in to the features of DebugDiag. Resources:Debug Diagnostic Tool - BlogDebugDiag 2 Update 1 - Download
Tweet
In this episode of Defrag Tools, Wade Mascia joins Andrew Richards and Chad Beeder to discuss his debugging analysis tool, DebugDiag. In part 1 of this 4 part series, we show the basic features of DebugDiag. Resources:Debug Diagnostic Tool - BlogDebugDiag 2 Update 1 - Download
Tweet
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 7 of this series, we show how easy it is to analyze ETW events with PerfView. Resources:Download PerfView from Microsoft Download CenterPerfView Tutorial on Channel 9
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder discuss Windows Management Instrumentation (WMI). Resources:PDE Debugger Extension Timeline:[00:00] - Windows Management Instrumentation (WMI)[02:25] - wbemtest[04:21] - Hey, Scripting Guy![05:25] - PowerShell - Get-WmiObject[06:10] - Classes[06:55] - List Namespaces in root: Get-WmiClass -namespace root -class __NAMESPACE[08:08] - List Namespaces in root\cimv2: Get-WmiClass -namespace root\cimv2 -class __NAMESPACE[08:25] - List Classes in Namespace: Get-WmiClass -namespace root\cimv2\power -list[08:52] - List Instances of a Class: Get-WmiClass -namespace root\cimv2\power -class Win32_PowerPlan[09:30] - WmiPrvSE - Process that...
Tweet
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 6 of this series, we show how easy it is to add ETW events to your applications, and how these events can be seen in PerfView. Resources:Download PerfView from Microsoft Download CenterPerfView Tutorial on Channel 9
Tweet
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 5 of this series, we focus on using PerfView as a diagnostics tool. Resources:Download PerfView from Microsoft Download CenterPerfView Tutorial on Channel 9
Tweet
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 4 of this series, we focus on using PerfView as a diagnostics tool. Resources:Download PerfView from Microsoft Download CenterPerfView Tutorial on Channel 9
Tweet
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 3 of this series, we focus on looking at memory issues. Resources:Download PerfView from Microsoft Download CenterPerfView Tutorial on Channel 9 Timeline:[00:00] - Downloading and Installing PerfView[00:58] - Strategy: collect multiple snapshots to identify memory allocation changes[02:30] - A sample app with some common memory leaks[03:45] - Questions about garbage collection and managed vs. unmanaged memory leaks[04:53] - Demo: Collecting first heap snapshot with PerfView[07:52] - Looking at the collected heap stacks[12:00] - Collecting a second...
Tweet
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 2 of this series, we review a trace for CPU issues. Resources:Download PerfView from Microsoft Download CenterPerfView Tutorial on Channel 9 Timeline:[00:00] - Downloading and Installing PerfView[01:50] - tutorial.zip example[02:30] - View with WPA - perfview.exe /wpr /unzip tutorial.etl.zip[04:20] - View with PerfView[06:25] - CPU Stacks View[07:47] - Stack viewer[12:45] - PerfView Help[13:24] - Go To Source[14:30] - By Name aggregates sprayed use[13:24] - Group Patterns helps remove framework noise (like Just My App)[21:57] - Use Drill Into | Un...
Tweet
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 1 of this series, we demonstrate downloading and installing the tool, and collecting traces. Resources:Download PerfView from Microsoft Download CenterPerfView Tutorial on Channel 9 Timeline:[00:00] Introduction to Vance Morrison, .Net Performance Architect[01:15] Downloading and installing PerfView[03:15] Running the tool, getting started with the intro documentation and videos[05:32] Collecting an ETW trace (compare and contrast with other tracing tools like Xperf command line and Windows Performance Recorder)[09:34] Collecting a trace via comma...
Tweet
In this of Defrag Tools, Kraig Brockschmidt joins Andrew Richards and Chad Beeder for a second episode to talk about Windows Store Application development using HTML, CSS and JavaScript. Be sure to download the free ebook! Resources:Programming Windows Store Apps with HTML, CSS, and JavaScript, Second Edition
Tweet
In this of Defrag Tools, Kraig Brockschmidt joins Andrew Richards and Chad Beeder for two episodes to talk about Windows Store Application development using HTML, CSS and JavaScript. Be sure to download the free ebook! Resources:Programming Windows Store Apps with HTML, CSS, and JavaScript, Second Edition
Tweet
In this episode of Defrag Tools, Andrew Richards finishes a two part series on writing a Debugger Extension in C# for the Debugging Tools for Windows. The series follows on from the recent 9 part series on writing a Debugger Extension in C++. The C# code utilizes the Microsoft.Diagnostics.Runtime (CLRMD) and DllExports packages, available on NuGet. Resources:.NET Framework Blog - .NET Crash Dump and Live Process InspectionNuGet - CLR Memory Diagnostics (CLRMD)NuGet - Unmanaged Exports (DllExport for .Net)OneDrive - Code Sample (DebuggerExtensionCSharp.zip) Timeline:[00:00] - Analyzing the CLR runtime using the Microsoft.Diagnostics.Runtime namespace[03:04] - Microsoft.Diagnostics.Ru...
Tweet
In this episode of Defrag Tools, Andrew Richards starts a two part series on writing a Debugger Extension in C# for the Debugging Tools for Windows. The series follows on from the recent 9 part series on writing a Debugger Extension in C++. The C# code utilizes the Microsoft.Diagnostics.Runtime (CLRMD) and DllExports packages, available on NuGet. Resources:.NET Framework Blog - .NET Crash Dump and Live Process InspectionNuGet - CLR Memory Diagnostics (CLRMD)NuGet - Unmanaged Exports (DllExport for .Net)OneDrive - Code Sample (DebuggerExtensionCSharp.zip) Timeline:[00:00] - Writing a Debugger Extension in C#[01:27] - .NET Framework Blog[02:37] - Native compilation is required to supp...
Tweet
Mark Russinovich and Thomas Garnier join Andrew Richards in this episode of Defrag Tools. We talk about their new tool - Sysinternals System Monitor. System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. Resources:Sysinternals System Monitor (SysMon)Rogue Code - A Novel Timeline:[00:00] - Rogue Code - The new cybersecurity novel[00:55] - Announcing: Sysinternals System Monitor (SysMon)[04:17] - Released August 7th 2014[04:42] - Com...
Tweet
In this second part of a two part special for Defrag Tools, Larry Osterman joins Larry Larsen, Andrew Richards and Chad Beeder to celebrate Larry's 30 years at Microsoft. We continue looking around the Microsoft Archives building, reminiscing over a selection of products that Microsoft has produced over Larry's 30 year career. Resources:Microsoft Archives - Campus ToursMicrosoft Archives - MicrospottingLarry Osterman's WeblogLarry Osterman on Channel 9 Timeline:[00:00] - MS Mouse[01:50] - Clippy Costume[02:07] - Intel x86 In-Circuit Emulator[03:52] - Microsoft Corporate Campus (Larry's binder below)[04:15] - Buildings 1, 2, 3 and 4 Construction Time Lapse[04:32] - Building 2 - Larry's origi...
Tweet
In a two part special for Defrag Tools, Larry Osterman joins Larry Larsen, Andrew Richards and Chad Beeder to celebrate Larry's 30 years at Microsoft. We travel to the Microsoft Archives building to reminisce over a selection of products that Microsoft has produced over Larry's 30 year career. Resources:Microsoft Archives - Campus ToursMicrosoft Archives - MicrospottingLarry Osterman's WeblogLarry Osterman on Channel 9 Timeline:[00:00] - 30 Years![00:38] - Service glass (5/10/15/20/25yrs below)[01:40] - Microsoft Archives[02:27] - Flight Simulator (Press Release for 2015)[02:47] - Binders, inc. 8" floppy[04:35] - Cobol[05:12] - Iconography[07:42] - Amy's selection of Larry's products[0...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder finish a series on writing a Debugger Extension for the Debugging Tools for Windows. The series is based on a 3 part MSDN Magazine series that Andrew wrote back in early 2011. Resources:Writing a Debugging Tools for Windows Extension - Part 1 - March 2011Writing a Debugging Tools for Windows Extension - Part 2 - May 2011Writing a Debugging Tools for Windows Extension - Part 3 - June 2011 Timeline:[00:00] - Debugger Markup Language (DML)[01:10] - Example DML output - !pde.dpx & lmD[03:19] - IDebugControl::ControlledOutput[03:45] - DEBUG_OUTCTL_XXX[04:57] - Text output - DEBUG_OUTCTL_AMBIENT_TEXT[05:29] - DML output - DEBUG_...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue a series on writing a Debugger Extension for the Debugging Tools for Windows. The series is based on a 3 part MSDN Magazine series that Andrew wrote back in early 2011. Resources:Writing a Debugging Tools for Windows Extension - Part 1 - March 2011Writing a Debugging Tools for Windows Extension - Part 2 - May 2011Writing a Debugging Tools for Windows Extension - Part 3 - June 2011 Timeline:[00:00] - Vacation pics...[03:40] - Output Callbacks (a.k.a. text capture)[07:22] - IDebugClient::SetOutputCallbacks[07:44] - IDebugClient::SetOutputMask[08:28] - IDebugClient::CreateClient[11:31] - IDebugOutputCallbacks (ANSI Text ...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue a series on writing a Debugger Extension for the Debugging Tools for Windows. The series is based on a 3 part MSDN Magazine series that Andrew wrote back in early 2011. Resources:Writing a Debugging Tools for Windows Extension - Part 1 - March 2011Writing a Debugging Tools for Windows Extension - Part 2 - May 2011Writing a Debugging Tools for Windows Extension - Part 3 - June 2011 Timeline:[00:00] - Quick recap of Sign Extension[01:16] - Reading Memory - IDebugDataSpaces::ReadVirtual[02:54] - Reading Pointers - IDebugDataSpaces::ReadPointersVirtual[05:15] - Pointer > 64k (0x10000)[06:42] - Sysinternals VM...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue a series on writing a Debugger Extension for the Debugging Tools for Windows. The series is based on a 3 part MSDN Magazine series that Andrew wrote back in early 2011. Resources:Writing a Debugging Tools for Windows Extension - Part 1 - March 2011Writing a Debugging Tools for Windows Extension - Part 2 - May 2011Writing a Debugging Tools for Windows Extension - Part 3 - June 2011 Timeline:[00:00] - Getting the Symbol of an address[03:10] - IDebugSymbols::GetNameByOffset[03:49] - Sign Extension[06:29] - IDebugControl::IsPointer64Bit[07:55] - Running the code...[10:54] - Next week - Reading Memory and Executing Command...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue a series on writing a Debugger Extension for the Debugging Tools for Windows. The series is based on a 3 part MSDN Magazine series that Andrew wrote back in early 2011. Resources:Writing a Debugging Tools for Windows Extension - Part 1 - March 2011Writing a Debugging Tools for Windows Extension - Part 2 - May 2011Writing a Debugging Tools for Windows Extension - Part 3 - June 2011 Timeline:[00:00] - House Cleaning - File per command and a Utility module[02:35] - Registers vs. Pseudo Registers[06:35] - IDebugRegisters::GetIndexByName[07:25] - IDebugRegisters::GetValue[08:00] - DEBUG_VALUE[08:37] - MMX / SSE /...
Tweet
Episode 100 of Defrag Tools! This week we break out of the Channel 9 studios and visit the offices of Chad Beeder and Andrew Richards, and talk about some of the history of Buildings 22 and 26. Resources:Channel 9 - Campus ToursChannel 9 - History of MicrosoftHow Microsoft Quietly Built the City of the Future Timeline:[00:00] - Building 22 - Chad's Office[02:11] - Building 22 - Bing - History/Morgue[05:40] - Building 22 - Patio view of Main Campus[07:15] - Building 26 - Andrew's Office[08:50] - Microsoft Archives[13:07] - Building 26 - Build Lab[14:02] - Building 26 - Windows NT 3.1 and 4.0 plaques[15:58] - Building 26 - Shiproom - Windows 2000 plaques and team photo Tha...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue a series on writing a Debugger Extension for the Debugging Tools for Windows. The series is based on a 3 part MSDN Magazine series that Andrew wrote back in early 2011. Resources:Writing a Debugging Tools for Windows Extension - Part 1 - March 2011Writing a Debugging Tools for Windows Extension - Part 2 - May 2011Writing a Debugging Tools for Windows Extension - Part 3 - June 2011 Timeline:[00:00] - Expression Evaluation[01:25] - GetExpression[05:40] - IDebugControl::Evaluate[07:35] - Symbol Resolution: @foo : registers; $!foo : locals variables[11:27] - MASM vs. C++ expressions: ? (MASM) vs ?? (C+...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue a series on writing a Debugger Extension for the Debugging Tools for Windows. The series is based on a 3 part MSDN Magazine series that Andrew wrote back in early 2011. Resources:Writing a Debugging Tools for Windows Extension - Part 1 - March 2011Writing a Debugging Tools for Windows Extension - Part 2 - May 2011Writing a Debugging Tools for Windows Extension - Part 3 - June 2011 Timeline:[00:00] - WDbgExt.h[01:36] - #define KEXT_64BIT[02:45] - Hello World! via dprintf[05:15] - ExtensionApis (global) is used by #defines[08:10] - WINDBG_EXTENSION_APIS64 ExtensionApis[08:33] - IDebugControl::GetWindbgExtensionApis64[11...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue a series on writing a Debugger Extension for the Debugging Tools for Windows. The series is based on a 3 part MSDN Magazine series that Andrew wrote back in early 2011. Resources:Writing a Debugging Tools for Windows Extension - Part 1 - March 2011Writing a Debugging Tools for Windows Extension - Part 2 - May 2011Writing a Debugging Tools for Windows Extension - Part 3 - June 2011 Timeline:[00:00] - Writing a Debugger Extension[02:13] - Export - helloworld[03:19] - DbgEng Callback Function[04:29] - IDebugClient - IUnknown based but not COM based[05:30] - IDebugClient::CreateClient (new IDebugClient for diffe...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder start a new series on writing a Debugger Extension for the Debugging Tools for Windows. The series is based on a 3 part MSDN Magazine series that Andrew wrote back in early 2011. Resources:Writing a Debugging Tools for Windows Extension - Part 1 - March 2011Writing a Debugging Tools for Windows Extension - Part 2 - May 2011Writing a Debugging Tools for Windows Extension - Part 3 - June 2011 Timeline:[00:00] - Writing a Debugger Extension[01:30] - Win32 Project in Visual Studio 2013[02:53] - DbgExt.cpp - CPP file[06:37] - DbgExt.h - Header file[07:08] - DbgEng required exports[08:10] - MyExt.def - DEF file[10:05] - #include <...
Tweet
In this episode of Defrag Tools, Chad Beeder and Andrew Richards use the Scheduled Tasks MMC, Sysinternals Autoruns, at.exe, scdtasks.exe and PowerShell to manage the Task Scheduler. Resources:Sysinternals Autoruns
Tweet
In this episode of Defrag Tools, Chad Beeder and Andrew Richards use FindStr, Sysinternals Strings and !pde.ssz to perform string searches and filtering. Resources:Sysinternals StringsOneDrive link for PDE Timeline:[00:00] - Show/Hide the Clock (and other System Icons)[02:00] - findstr.exe[09:00] - Sysinternals Strings[15:24] - !pde.ssz (!ssa - ANSI only, !ssu - UNICODE only)[24:00] - Email us your issues at defragtools@microsoft.com
Tweet
Andrew Richards goes through his selection of troubleshooting talks from TechEd 2014. Mark Russinovich:Case of the Unexplained: Troubleshooting with Mark RussinovichAlso - 2013, 2012, 2011, 2010, 2009TWC: Malware Hunting with Mark Russinovich and the Sysinternals ToolsAlso - 2013, 2012 Aaron Margosis:TWC: Sysinternals Primer: TechEd 2014 EditionAlso - 2013, 2012, 2011, 2010 Chris Jackson:Windows 8 Security InternalsApplication Compatibility and Modernization in a Fast Moving, Post-XP World Andrew Richards:Hardcore DebuggingAlso - 2013 Andrew Hall / Daniel Moth:Debugging Tips and Tricks in Visual Studio 2013Diagnosing Issues in Production Env...
Tweet
Paula Januszkiewicz joins Andrew Richards and Larry Larsen for two live sessions of Defrag Tools. We go through a wide variety of security topics. This episode focuses on the tools and techniques that Paula uses when penetrating systems. Paula's TechEd Sessions:TWC: CSI: Windows - Techniques for Finding the Cause of the Unexpected System TakeoversTWC: Recalling Windows Memories: Useful Guide to Retrieving and Analyzing Memory ContentTWC: Hacker's Perspective on Your Windows Infrastructure: Mandatory Check List
Tweet
Paula Januszkiewicz joins Andrew Richards and Larry Larsen for two live sessions of Defrag Tools. We go through a wide variety of security topics. This episode focuses on the way you should behave on unknown networks, the use of USB sticks, and password retention. Paula's TechEd Sessions:TWC: CSI: Windows - Techniques for Finding the Cause of the Unexpected System TakeoversTWC: Recalling Windows Memories: Useful Guide to Retrieving and Analyzing Memory ContentTWC: Hacker's Perspective on Your Windows Infrastructure: Mandatory Check List Timeline:[00:00] - Welcome Paula![00:45] - Security while travelling[03:25] - USB Sticks[05:05] - Kiosks[07:23] - Windows XP[09:31]...
Tweet
Mark Russinovich joins Andrew Richards and Larry Larsen for a live version of Defrag Tools. We go through all of the updates that have occurred to the Sysinternals tools in 2014. Mark's TechEd Sessions:TechEd KeynoteDCIM-B306 - Public Cloud Security: Surviving in a Hostile Multi-Tenant EnvironmentDCIM-B386 - Mark Russinovich and Mark Minasi on Cloud ComputingDCIM-B359 - TWC: Pass-the-Hash: How Attackers Spread and How to Stop ThemDCIM-B368 - TWC: Malware Hunting with Mark Russinovich and the Sysinternals ToolsWIN-B354 - Case of the Unexplained: Troubleshooting with Mark RussinovichChannel 9 Live: Microsoft Azure with Mark RussinovichChannel 9 Live: Defrag Tools Live - Mark Russino...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about 4 tools used to maintain your Symbol Store and Symbol Cache folders. Timeline:[01:06] - AgeStore.exe[02:40] - Creation Time vs. Last Accessed Time[04:15] - Optionally Enable: fsutil behavior set disablelastaccess 0[06:40] - "Date Accessed" column in Explorer[10:35] - ConvertStore.exe[11:38] - Process Monitor to the rescue - Add a folder called "000Admin"[15:28] - SymStore.exe[18:42] - SymChk.exe[20:49] - Hardcode Debugging & Defrag Tools Live @ Teched 2014[21:36] - Email us your issues at defragtools@microsoft.com
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about how you can change the Symbol folder's hierarchy to be 2-Tier instead of 1-Tier - by adding an index2.txt file to the root. Symbol Folder Hierarchies:1-Tier : c:\My\Sym\<Filename>\<Index>\<Filename>e.g.c:\My\Sym\ntdll.pdb\B17873D46FFF421587F6E743D1A4B1851\ntdll.pdbc:\My\Sym\mshtml.pdb\40B6834E5E2B4354A1872B1236917D6A2\mshtml.pdb2-Tier : c:\My\Sym\<First 2 letters of Filename>\<Filename>\<Index>\<Filename>e.g.c:\My\Sym\nt\ntdll.pdb\B17873D46FFF421587F6E743D1A4B1851\ntdll.pdbc:\My\Sym\ms\mshtml.pdb\40B6834E5E2B4354A1872B1236917D6A2\mshtml.pdbc:\My\Sym\index2.txt Timeline:...
Tweet
In this episode of Defrag Tools, Andrew Richards walks you through the download of the Windows 8.1 Update SDK, the Windows 8.1 Store App Samples, the latest Sysinternals tools, and the Wintellect Package Explorer. We harvest the Debugging Tools for Windows, Windows Performance Toolkit, and Application Verifier files from the SDK. Resources:Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update: April 2014SysinternalsWindows 8.1 SDKWindows 8.1 Store App SamplesWintellect - Windows Runtime via C# (Wintellect Package Explorer)Defrag Tools OneDrive (SIEExtPub, PDE & Scripts) Timeline:[00:00] - Windows 8.1 Update (KB2919355)[01:30] - The USB Stick/O...
Tweet
In this episode of Defrag Tools, Chad Beeder and Larry Larsen discuss two topics: The Heartbleed bug, and the Sigcheck tool from Sysinternals. Resources: The Heartbleed BugSigcheck Timeline: [00:00] The Heartbleed bug - what is it? Does it affect Microsoft servers? (Spoiler: No)[01:48] Your web passwords could be compromised - tools like LastPass could help manage them[04:09] Heartbleed bug has been in the wild for about two years[06:00] Sigcheck[08:52] The -e switch is useful for limiting the scan to only executable code[09:49] The -u switch - only include unsigned files in the output[11:30] The -v switch automatically scans files against the VirusTotal database
Tweet
Larry Larsen and Andrew Richards do a live version of Defrag Tools. We look at the common reasons why Windows Store applications experience crashes and hangs. We do a quick debug of a Windows Store application crash using the !pde.dse debugger extension (available on the show's OneDrive).
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue a 3-part series on how Performance Counters work and how to add them to an application. This episode focuses on turning the XML manifest in to code (with CTRPP), and using the generated code in a sample application. Resources:Performance Counter SchemaSample code Timeline:[00:00] - //build/ 2014[00:30] - [Talk is now at 12:30pm Friday][01:30] - [C9 Live is now at 2:30pm Thursday][02:42] - CTRPP - part of the Windows SDK[04:18] - Custom Build Tool[05:20] - ctrpp.exe -o <*.h> -rc <*.rc> -prefer <prefex> <*.man>[11:45] - lodctr.exe /m:*.man[13:00] - applicationIdentity pat...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue a 3-part series on how Performance Counters work and how to add them to an application. This episode focuses on the XML manifest that you develop, that turns in to code when compiled with CTRPP. Resources:Performance Counter Schema Timeline:[00:00] - XML Manifest[01:56] - XSD[02:33] - GUID Generator[03:43] - *.man or *.manifest file[06:06] - Provider[08:06] - CounterSet[11:30] - Counter[13:30] - CounterAttribute[18:00] - Default Scale - 10^N[23:17] - Email us your issues at defragtools@microsoft.com Example Manifest: <?xml version='1.0' encoding='utf-8' standalone='yes'?>
<instrumentationM...
Tweet
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen begin a multi-part series on how Performance Counters work and how to add them to an application. This episode focuses on the (statistical) counter types that determine how the (raw) data is reported. Resources:Performance Counters SchemaPerformance Counter Types Timeline:[00:00] - Performance Monitor[01:38] - Process, Processor & Physical Disk[02:30] - Instances[07:15] - Instrumentation Manifest[08:56] - Counter Types[13:25] - Sample cadence and overall duration[15:18] - Performance Counter Frequency[16:10] - QueryPerformanceCounter[16:22] - [Side note] - Changing the ...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder are joined by Aaron Margosis to talk about the Sysinternals book he co-authered, and demos a PowerShell script to mimic 16bit installers on 64bit systems. Resources:Windows Sysinternals Administrator's ReferenceAaron Margosis' Non-Admin, App-Compat and Sysinternals WebLogMicrosoft's USGCB Tech Blog Timeline: [00:00] - Aaron Margosis![01:50] - Windows Sysinternals Administrator's Reference[03:15] - New edition. It's v2, but not called v2[04:35] - Mark's Case of the Unexplained... talks[08:03] - Aaron's Sysinternals Primer talks[10:56] - Installing a 32bit application with a 16bit ins...
Tweet
In this episode of Defrag Tools, Chad Beeder is joined by Steve Thomas to talk about Application Virtualization (App-V) troubleshooting techniques. Resources:Windows Application VirtualizationSysinternals Process ExplorerSysinternals StringsSysinternals Process Monitor Timeline: [00:00] - What is App-V? What is it good for?[02:59] - What tools are useful for troubleshooting App-V?[05:40] - Narrow down the problem - did it happen during sequencing or virtualization?[06:35] - App-V uses a lot of advanced NTFS features[07:53] - Example of diagnosing an App-V problem - starting with Process Explorer[09:49] - De-virtualize the application using the App-V sequencer[12:20] - Use the Strings u...
Tweet
In this episode of Defrag Tools, Chad Beeder is joined by Steve Thomas to talk about Steve's role as a consultant for Microsoft Consulting Services. Timeline: [00:00] - Microsoft Consulting Services - Proactive vs. Reactive[01:23] - Who are our typical MCS clients?[01:48] - Consultants deal with a range of products and technologies...[03:07] - ...but also get to become expert specialist experts in specific areas[03:56] - A typical workweek in MCS (lots of travel!)[05:14] - Favorite things about the job[08:51] - Next week: App-V troubleshooting demoEmail us your issues at defragtools@microsoft.com
Tweet
In this episode of Defrag Tools, Jason Epperly joins Chad Beeder to demonstrate how the Windows Performance Toolkit was used to solve a performance issue while logging in to a system. Resources:Windows 8.1 SDK (Windows Performance Toolkit) Timeline:[00:00] - The issue...[01:35] - System Activity graphs - Boot Phases[03:35] - Computation graphs[06:20] - No execution for the first 8.84secs[08:11] - Wait Analysis[09:54] - NewThreadStack - ReadFile - NTFS[10:45] - Storage graphs[12:45] - Black screen is the Background color[14:15] - Other issues[16:55] - Email us your issues at defragtools@microsoft.com
Tweet
In this episode of Defrag Tools, Trey Nash joins Chad Beeder to demonstrate how the Windows Performance Toolkit was used to solve a performance issue in a time sensitive application. Resources:Windows 8.1 SDK (Windows Performance Toolkit) Timeline:[00:00] - The issue...[03:18] - Windows Performance Analyzer (WPA)[04:02] - System Configuration[04:37] - Computation graphs[07:18] - CPU Usage (Sampled) - Stacks[09:03] - CPU #0 sent an IPI to CPU #1 to clear a TLB[10:02] - Readying Thread queue[11:28] - Changing the Timeline view[18:30] - Pivot, Filter and Sort to see the CPU scheduling history[24:45] - Power graphs - CPU Idle State[25:35] - CPU #1 was in ...
Tweet
In this episode of Defrag Tools, Trey Nash and Jason Epperly join Chad Beeder to talk about their roles as Escalation Engineers in CSS. Resources:We are Hiring! -- Windows Escalation Engineers in Charlotte and IssaquahNT Debugging BlogAccelerated C# Timeline:[00:00] - What does an Escalation Engineer do?[04:30] - Can be from the IT Pro or Developer backgrounds...[05:35] - Windows Performance Toolkit[09:13] - NT Debugging Blog[10:53] - EEs need to be able to talk to customers[13:35] - Next 2 weeks, WPA examples[13:50] - Email us your issues at defragtools@microsoft.com
Tweet
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen walk you through a common issue in Windows Store applications that use Files. We use a Windows Store 8.1 app sample to show how missing code affects the stability of the process. Resources:Understanding and resolving failures in Windows Store appsImproving apps with Quality reportsWindows 8.1 Application SamplesDefrag Tools SkyDrive (inc. Scripts and ProcDumpExt) Timeline:[00:00] - Back in Building 20 - the Millenium Falcon![01:00] - Conference Season - TechEd, //build/ and TechReady[05:09] - FileAccess sample[06:06] - try .. catch (System.IO.FileNotFound)[06:55] - StorageFolder.TryGetIte...
Tweet
In this episode of Defrag Tools, Andrew Richards and Chad Beeder walk you through a common issue in Windows Store applications that use Frame.GetNavigationState. We use a Windows Store 8.1 app sample to show how using complex objects as a parameter in navigation can cause serialization to raise an exception. Resources:Frame.Navigate methodsFrame.GetNavigationStateWindows 8.1 Application SamplesDefrag Tools SkyDrive (inc. Scripts and ProcDumpExt) Timeline:[00:25] - Frame.GetNavigationState[03:00] - Frame.Navigate methods[03:53] - Parameter must be a char/string/numeric/GUID[05:42] - XAML Navigation sample[07:00] - Complex parameter works if you do...
Tweet
In this episode of Defrag Tools, Paul Long joins Chad Beeder in this 3 part series on Message Analyzer. Resources:Message Analyzer Download CenterMessage Analyzer Blog Timeline:[00:22] - Analyzing multiple types of data[00:55] - ETW Analysis[02:25] - Call Stack View[03:08] - Grouping[05:34] - Intermixed data[06:30] - Browse Session - opening multiple files[11:15] - Shift Time - Time Zone correction[13:00] - Filter[15:30] - Check out the blog for more tips and announcements[16:00] - Email us your issues at defragtools@microsoft.com
Tweet
In this episode of Defrag Tools, Paul Long joins Chad Beeder in this 3 part series on Message Analyzer. Resources:Message Analyzer Download CenterMessage Analyzer Blog Timeline:[00:32] - Analyzing HTTP Traffic[01:08] - Visualization[03:36] - Viewing the Data[05:39] - Request/Response time (TimeElapsed)[07:12] - Server response time (ResponseTime)[08:18] - Diagnostic column[10:12] - Viewpoints - Protocol Layers[11:26] - Email us your issues at defragtools@microsoft.com
Tweet
In this episode of Defrag Tools, Paul Long joins Chad Beeder in this 3 part series on Message Analyzer. Resources:Message Analyzer Download CenterMessage Analyzer Blog Timeline:[00:34] - Message Analyzer, the replacement of Network Monitor[02:09] - Quick Overview[04:25] - Capture - Web Proxy trace[05:30] - Coalescence[06:54] - Scenarios[07:44] - Extensibility[10:04] - Email us your issues at defragtools@microsoft.com
Tweet