Bagikan melalui

PGES-Windows NT Debugging Blog Live Chat (March 17, 2009)

  • Artikel

Chat Topic: PGES-Windows NT Debugging Blog Live Chat
Date: Tuesday, March 17, 2009

Please note: Portions of this transcript have been edited for clairty.

 

Daniel (Moderator):
Hello everyone-- thanks for coming to our chat today. It's time to start! Before we do, though, I'd like to have our Experts introduce themselves...

Introductions:

Naresh (Expert):
Hello :)

Ron Stock (Expert):
Hello my name is Ron Stock I have worked for Microsoft for 10 years and I've been a member of GES for nearly 5 years.

David win (Expert):
OEM Support engineer and I help OEM's create images for shipping computers.

East (Expert):
Hi, I am Joseph East an Senior EE with Microsoft Core Platforms Global Escalation Services

Morales (Expert):
Hi everyone, my name is Michael Morales I am a Sr. Escalation Engineer with Microsoft for 10-years.  I work on the Windows Platform dealing primarily with performance related problems.

[MS]Dave (Expert):
Hi everyone!  I've been with Microsoft for 8 years and have worked in several areas of support.  I'm now an Escalation Engineer with GES.

Bob (Expert):
Hello My name is Bob Golding and I have been in GES for 11 years

Mr Ninja (Expert):
I am the Debug Ninja.  I'm a Senior Escalation Engineer, I've been with Microsoft for 11 years and I've been focused on debugging the OS for most of that time.

Naresh (Expert):
Hello my name is Naresh Jivanji. I am a Sr. Escalation Engineer with Global Escalation Services here at MS for 11years. My entire time with MS has been with the Windows OS.

grahamm (Expert):
Hi this is Graham McIntyre. I've been with Microsoft for 9 years. I've held EE roles in Exchange and Windows, and currently working in Windows supporting OEM customers.

Scott Olson (Expert):
Hello all I am an Senior Escalation Engineer with the Microsoft Platforms Global Escalation Team.  My specialty is with debugging kernel mode issues but I also work with debugging usermode issues.

Daniel (Moderator):
Please remember: You must check the "ask the experts" box before posting your questions or the Experts will not receive your question.

jaysenb (Expert):
Hi, my name is Jaysen, I am an OEM Esclation Engineer and I have been in GES for 3 years.

vganga (Expert):
Hello, I am Venkatesh Ganga, Senior Escalation Engineer, I've been with Microsoft for 9 years working in Windows Performance Speciality in GES

Ivan Berg - OEM EE (Expert):
Hello, my name is Ivan. I am a relatively new OEM Escalation Engineer (EE).

chrcarr (Expert):
Hello I am Chris. I am a new EE who started this year with the Microsoft Platforms Global Escalation Team.

Start of chat:**

Scott Olson (Expert):
Q: is there a way to navigate through work item objects?
A: The !exqueue extension displays a list of items currently queued in the ExWorkerQueue work queues.

JeffDa  Principal EE (Expert):
Q: What is the status of the Debugging Exam (71-660) and are there any supporting classes or learning materials planned?
A: There are several ways you can get training for windows internals.

A: Code Machine www.codemachine.com

Solomon Seminars www.solsem.com

Azius www.azius.com

Windows Internals courses are now available via the Microsoft Courseware Library.

50155A: Win Internals for IT

author: SELA release date: 12/15/2008

Course Number: 50155A-EN

50154A: Win Internals for programmers

author: SELA release date: 12/16/2008

Course Number: 50154A-EN

You can find a Certified Partner with Learning Specialty at https://www.microsoft.com/learning/cpls/reasons/default.mspx

Software Assurance Vouchers can pay for the CPLS training

Note the Exam was release in October

Morales (Expert):
Q: Is there any way to see which is the issue recovering the Win32_product WMI query??
A: Can you clarify your question just a little?....How are you using the Win32_product class?

Tate [MSFT] (Expert):
Q: If I debug an interrupt stall, how can I increase the chances for the debugger to interrupt the CPU given that the serial com device has a lower DIRQL than this respective device? I had success with CrashOnCtrlScroll, but I don't know if an uniprocessor wi
A: You could use the NMI button to invoke the debugger.

Ron Stock (Expert):
Q: What about Debugging MVP category
A: Hello Martin - That sounds like a great idea. I wasn't aware we didn't have a debug catergory but I'll look into it. Are you currently a MVP?

Bob (Expert):
You can modify the I/O APIC to generate NMI on a device such as the keyboard
Bob (Expert):
Calin Are you looking to cause a stop when the machine is hung ?
Bob (Expert):
Calin. The com port has a high intrrupt level.  What level is the device ?

Morales (Expert):
Q: ok I am trying to execute select * from Win32_Product to get all my products installed, I tried troubleshoot using windbg but I do not have sucess results
A: What happens when you issue the query?...Are you not getting any results at all?..or are you getting an error?...You could also try using the Win32Reg_AddRemovePrograms (if you have SMS in your environment).

Tate [MSFT] (Expert):
Q: A stop would be good on uni, but also a live debug break. It happens sometimes that the connection is lost/stuck.
A: NMI can invoke the debugger if connected.  Also, look into using dpc/isr tracing, especially via Windows Performance Toolkit (WPT aka xperf) to track time in ISR DPC

Ron Stock (Expert):
Martin - We appreciate your MVP work. Do you think there would be high demand for Debug MVP work?

Naresh (Expert):
Q: I have a problem in my wireless driver causing hung on machine. CrashOnCtrlScroll did not get invoked. Is that possible? How can I troubleshoot and get dump?
A: Did you setup the registry key for CrashOnCtrlScroll?

Todd (Expert):
Q: I have a problem in my wireless driver causing hung on machine. CrashOnCtrlScroll did not get invoked. Is that possible? How can I troubleshoot and get dump?
A: Depends on the cause of the hang.  The watchdog timer should eventually bugcheck the system.  You could hook a live debugger to the system and break in while the system is in the hung state.

[MS]Dave (Expert):
Q: when will the WinDE start beta program?
A: We discussed this in the Global Engineering Conference held in late February.  Instructions for getting involved in the beta program will be included in the video & slide deck for Day 2.  There will be plenty of opporunities to get involved once it starts.  You can check back here:  https://blogs.msdn.com/ntdebugging/archive/2009/03/05/global-engineering-conference.aspx for updates.

*Naresh (Expert):
A:https://www.codeplex.com/WinPlatTools/SourceControl/changeset/view/14600#256939

Naresh (Expert):
A: The codeplex.com link has a GUI app to set the machine for a memory dump.

Ron Stock (Expert):
Q: but at least that will give you a good number of people to work with and receive feedback from real cases and real needs. for me - I will get access to you and get valuable experience
A: Thanks for the feedback

Morales (Expert):
Q: for Win32_Product I got System.Management.ManagementStatus.Failed in the class {System.Management.PropertyDataCollection}, looks like is an enumeration issue, I tried to restore the WMI repository but does not works :(
A: Enable logging, repeat the error and view the logs: 

vganga (Expert):
Q: what could be the best approach in the cases in which I have just the error message? ba (break on access?) search the pattern and execute break on access?
A: Rene, Is the error message appears in the GUI or is it something logged in a file? If the error appears on the GUI then i will take a userdump with the error message showing up and then look at the call stack to see who is throwing it.

Scott Olson (Expert):
How can I be a debug ninja?

Tate [MSFT] (Expert):
Q: Is there a windbg scripts repository on the net?
A: Check out Dmitry's blog https://www.dumpanalysis.org/blog/index.php/category/windbg-scripts/

Ivan Berg - OEM EE (Expert):
Q: Is there a windbg scripts repository on the net?
A:https://www.codeplex.com/powerdbg

East (Expert):
Q: can somebody support me regarding ntfs and checkdisk?
A: What type of support are you looking for? If you have a specific question, please ask us

Ron Stock (Expert):
Q: how can I be a MVP for Debugging?
A: Hello Rene - Great question:) We're not really the team who handles the MVP work however I'll send an email to the team who works with the MVPs.

chrcarr (Expert):
Q: Is there a windbg scripts repository on the net?
A: I am not aware of any one in particular however there is an open-source project that the community can contribute to, both extensions or scripts. https://odbgext.codeplex.com/

Scott Olson (Expert):
Q: What is the status of the Debugging Exam (71-660) and are there any supporting classes or learning materials planned?
A: The exam is active and there are several ways you can get training for windows internals.  The Windows Internals book is a good place to start.

grahamm (Expert):
Q: here it is: https://www.microsoft.com/learning/en/us/Exams/70-660.aspx. Thanks!
A: Thanks for the link!

Ntfs Doctor (Expert):
Q: can somebody support me regarding ntfs and checkdisk?
A: What is your question about CHKDSK? There are many types of indexes in NTFS.  To answer your question, I would need to see the CHKDSK information.With chkdsk errors, you have to be very specific.  Can you paste one of these into the chat? Laszlo, open a private chat with me.

Scott Olson (Expert):
Q: is there a repository of good breakpoints? memory access, memcpy, registry access?
A: Breakpoints are really subjective to what you are debugging.  Procmon is a good way to get a call stack and can help with setting breakpoints in the areas you are looking for.

vganga (Expert):
Q: how can I know the command line arguments after enable ".childdbg 1" and "sxe cpr"?
A: Rene, I will use !PEB to get the command line arguments

grahamm (Expert):
Q: I cannot find exam 71-660 in MS Learning. "There are no learning resources that meet the specified criteria". The number 71 implies that it is still in beta?
A: Yes, the exam number changed to 70-660 when the test was released. Try using that since the exam is released now.

Naresh (Expert):
Q: which is the best approach to debug defered actions on MSI installers? (Why installation failed) :)?
A: I would first start with the logging to find out where this fails.

**Naresh (Expert):
Q:which is the best approach to debug defered actions on MSI installers? (Why installation failed) :)?
A:**223300             How to enable Windows Installer logging

https://support.microsoft.com/default.aspx?scid=kb;EN-US;223300

Scott Olson (Expert):
Q: How do you become a debug ninja?

Morales (Expert):
Q: which is the best approach to debug deferred actions on MSI installers? (Why installation failed) :)?
A: Rene, check this link out (Thanks to Trey Nash) - https://blogs.msdn.com/danwhite/archive/2007/02/28/how-to-debug-msi-deferred-custom-actions-when-all-else-fails.aspx

Morales (Expert):
Q: which is the best approach to debug defered actions on MSI installers? (Why installation failed) :)?
A: Additional Link: https://msdn.microsoft.com/en-us/library/aa368264(VS.85).aspx

Mr Ninja (Expert):
Q: what is the best approach to debug services at starting?
A: You can add an entry for your application under the Image File Execution Options registry key and then add a Debugger value to launch your service under a debugger.  You can find more information on this at https://support.microsoft.com/default.aspx?scid=kb;en-us;824344

Ivan Berg - OEM EE (Expert):
Q: What's the best way to track desktop heap leaks inside a process? (to narrow it down to a DLL or preferably the actual call.)
A: Use UMDH (Part of the Debugging Tools for Windows package) for standard heap leaks. For COM & other types of leak, you can try LeakDiag - https://technet.microsoft.com/en-us/library/aa997647.aspx and https://go.microsoft.com/fwlink/?LinkId=41401

East (Expert):
Q: are there still job openings with PGES?
A: No, not at this time

[MS]Dave (Expert):
Q: are you guys going to keep us excited with more debugging fundamentals exercises?
A: Yes, there will be more coming soon

Ivan Berg - OEM EE (Expert):
Q: What's the best way to track desktop heap leaks inside a process? (to narrow it down to a DLL or preferably the actual call.)
A: As far desktop heap specifically - try https://blogs.msdn.com/ntdebugging/archive/2007/01/04/desktop-heap-overview.aspx which also links to the Desktop Heap Monitor Tool - https://www.microsoft.com/downloads/details.aspx?familyid=5CFC9B74-97AA-4510-B4B9-B2DC98C8ED8B&displaylang=en

chrcarr (Expert):
Q: what are the "debugging fundamentals exercises"?
A: Yes. When I get some more time I plan to do a few more. Maybe someone else will beat me to a #5 in the mean time. Stay tuned.

chrcarr (Expert):
Q: what are the "debugging fundamentals exercises"?
A: Oops I answered the wrong question. See the blog: https://blogs.msdn.com/ntdebugging/archive/tags/Fundamentals+Exercise/default.aspx

[MS]Dave (Expert):
Q: PGES hires international candidates?
A: Yes, we have Escalation Engineers all over the world.  Each region handles their own hiring, so if you're interested in a particular region, check out the international jobs section of the Microsoft website.  Currently we are not hiring in North America.

Mr Ninja (Expert):
https://www.fengyuan.com/download.html

Scott Olson (Expert):
Q: can we expect more attention on SOS in future
A: This extension was written by support engineers and included in the debugger package.  There should be updates in later versions of the debugger.  The team that wrote this is outside of our team.

Naresh (Expert):
Q: Field Engineer=Escalation Engineer?
A: No. Field Engineers go onsite and help the customer with data gathering. Very frequently once the Field Engineer is onsite a EE works directly with him.

East (Expert):
Q: Field Engineer=Escalation Engineer?
A: No PFE do more traveling and do not really focus on debugging and code reviewing as EE do.

Scott Olson (Expert):
Q: can we expect more attention on SOS in future
A: There are also external extensions available, search for sosex.dll

Morales (Expert):
Q: which is the best approach to debug defered actions on MSI installers? (Why installation failed) :)?
A:https://msdn.microsoft.com/en-us/library/aa368264(VS.85).aspx

Ron Stock (Expert):
Q: how can I debug memory issues in Windows Mobile CE Edition without having the source code?
A: Hello Rene - The Windows CE team is a different team so unfortunately we have limited info on debugging Windows Mobile.

Scott Olson (Expert):
Q: where can we found information about SOSEX.DLL ?
A: live.com lists it at https://www.stevestechspot.com/SOSEXANewDebuggingExtensionForManagedCode.aspx

Ron Stock (Expert):
Q: there is a new just released version here: https://www.stevestechspot.com/SOSEXV2NowAvailable.aspx
A: Thanks for the info.

Tate [MSFT] (Expert):
RE: Desktop heap check out Matj's blog again at https://blogs.msdn.com/ntdebugging/archive/2007/01/04/desktop-heap-overview.aspx and the reference to User Interface Objects https://msdn.microsoft.com/en-us/library/ms725486.aspx (See Managing User Objects for interesting breakpoints to watch).

[MS]Dave (Expert):
Q: given a window handle how can I get the information which function is calling it? or the best approach?
A: I'd recommend using Spy++ to see what window messages are being passed.

East (Expert):
Q: given a window handle how can I get the information which function is calling it? or the best approach?
A: You can also check out - https://blogs.msdn.com/ntdebugging/archive/2007/06/15/hung-window-no-source-no-problem-part-2.aspx

East (Expert):
Q: is here somebody who debugs active directory issues?
A: Yes all we need is specific questions and we can narrow down the problem

Mr Ninja (Expert):
Q: how can I troubleshoot handle leak issues for WPF?
A: You should be able to troubleshoot any handle leak using !htrace.  There's a Channel 9 video that describes this at https://channel9.msdn.com/posts/jeff_dailey/Understanding-handle-leaks-and-how-to-use-htrace-to-find-them/

vganga (Expert):
Q: Just to make sure I'm not chasing desktop heap ghosts: If a process starts, allocates desktop heap and then terminates without freeing it, does that get cleaned up afterwards or is it just consumed?
A: LuxAeterna, the desktop heap is part of the session space, desk heap allocaitons will be there as long as the session exists if the app doesnt free it

Morales (Expert):
Q: which tools do you recommend for a success debugging out of sysinternals and windbg?
A: Windbg and Sysinternals tools are completely different tool sets.  You can combine their usage to help find the root cause of the problem.  Process Explorer and Process Monitor are two of the more popular tools in the Sysinternals suite.  Windbg will help you debug a particular problem, however, you need to understand what you are looking at and what commands will help you debug the problem when using WinDBG. 

Scott Olson (Expert):
Q: what is IOCTL code 0x2d5190 in Win7? I can't find it in Win7 WDK.
A: We can't find it either.  It seems to match a MASS_STORAGE ioctl though.  There are ioctl decoding tools out on the Internet.

vganga (Expert):
Q: vganga: in that case how can I monitor (similar to process audtiing) what processes are loaded in that window station/session?
A: Procmon\Process Explorer does show the process creations but i am not sure if they show the winstation or not, they should have session id information. but from the livekd we can determine the winstaion\desktop of the process. i am not sure if there  is a tool out there that shows this information

Tate [MSFT] (Expert):
Q: can somebody tell what can we do if a service stucks in starting state?
A: Create a couple hang dumps in a row and see what it's doing.

Mr Ninja (Expert):
Q: best approach to debug services at starting?
A: You can add an entry for your application under the Image File Execution Options registry key and then add a Debugger value to launch your service under a debugger.  You can find more information on this at https://support.microsoft.com/default.aspx?scid=kb;en-us;824344

Daniel (Moderator):
Well we're out of time for today's chat. Thank you very much to all of our guests who joined us today as well as to our Experts for answering so many great questions-- have a great day everyone!

Ron Stock (Expert):
Q: thank you!
A: Your welcome:)

Tate [MSFT] (Expert):
Q: Thanks Experts
A: HAPPY DEBUGGING!

Tate [MSFT] (Expert):
Q: congrats on the posts from ntdebugging - really nice
A: Thank you!