Episode

Defrag Tools: #56 - Explorer Hang

In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen show you the analysis of a hang. The hang happens in Explorer when Windows-E is pressed - the folder window never appears. We show Andrew's debugging steps to solve the issue.

Resources:
Debugging Tools for Windows SkyDrive - procdumpext.dll SkyDrive - sieextpub.dll Timeline:
[00:00] - Explorer Hang
[01:35] - Open the dump in the Debugger
[01:59] - List Threads - "~"
[02:20] - List thread stacks - ~*k
[02:46] - List thread stacks - !procdumpext.deep 20
[03:23] - Review of Thread #2
[04:03] - Review of Thread #5
[05:21] - Look for Unicode strings - dpu <addr> <addr>
[06:36] - Internet Explorer Security Zones
[07:08] - Loader Lock (Ldr* routines)
[08:30] - Review of Thread #6
[09:21] - Look for Unicode strings - dpu <addr> <addr>
[10:30] - Display Unicode strings - du <addr>
[12:56] - Force Symbol Load - .reload /f
[13:28] - Use grep to filter to 3rd Party Modules - !procdumpext.grep export lm
[13:56] - RBVirtualFolder64 is from Roxio - lmvm RBVirtualFolder64
[14:21] - Look for Unicode strings - !procdumpext.dpx -du
[14:50] - Large Dispositions (caused by no symbols)
[15:46] - List exported functions - x <module>!*
[16:25] - Unassemble - u RBVirtualFolder64!DllRegisterServer
[18:12] - Loader Lock (Ldr* routines)
[18:45] - Critical Section Lock Ownership - !locks
[24:04] - It's a Deadlock!
[24:27] - Easy Analysis - !sieextpub.critlist
[26:02] - Only do kernel32 synchronization object creation while holding the Loader Lock!
[27:50] - Summary
[29:35] - Email us your issues at defragtools@microsoft.com