Defrag Tools #135 - Debugging User Mode Crash Dumps Part 1

In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to determine the root cause of various application crashes which have occurred on Andrew's computer.

[00:00] - Intro... how we got these dump files (ProcDump)
[02:15] - Dump #1: An internal MSIT tool which crashed. Make sure to match the architecture (x86/x64).
[04:33] - Exception context record and stored CLR exception - get back to where the problem happened
[08:42] - .lastevent tells you which thread the problem was on and the exception code
[09:29] - Looking at the exception record with .exr
[10:30] - Looking up error codes - !err (from PDE) vs. !error
[12:45] - Using the SOS.dll debugger extension for managed code
[14:42] - !pe to print exception on a CLR dump
[16:49] - Dump #2: Another CLR exception in an MSIT tool
[17:25] - !dso (Dump Stack Objects) and using PDE to grep the output
[19:37] - !do (Dump Object) to dump CLR objects
[20:48] - Dump #3 and #4: Some more CLR exceptions in MSIT tools
[21:36] - Dump #5: CLR Unauthorized Access Exception to a NamedPipeServerStream
[23:53] - Dump #6: A native code access violation in csisyncclient.exe
[26:33] - Pointer math - dereferencing a null pointer
[28:21] - ub (unassemble backwards) and u (unassemble) to look at the assembly code and see where the null pointer came from
[30:05] - lmvm (list module verbosely with mask) to view version and date of loaded binaries
[30:56] - !dpx du (scrape the call stack looking for Unicode strings) - found a reference to a log file
[33:58] - Summary & recap
[36:58] - Email us your issues at defragtools@microsoft.com