Citrix Techedge Videos

January 14th, 2013 No comments

Here are some of Techedge (EMEA) Videos worth watching with some good content and great presentations: -

Citrix TechEdge is a free event hosted by top Citrix Technical Support engineers at Citrix Summit and Synergy, where you gain in-depth knowledge on the latest troubleshooting tools, methodologies and fixes for your Citrix Application Delivery Infrastructure. (Ref:

TechEdge 2010 Presentations and Videos –

TechEdge 2011 Presentations and Videos –

TechEdge 2012 Presentations and Videos –


Script WinDbg

December 19th, 2012 No comments

For my own Notes but I thought to share it, may be it help someone. I was trying to analyse some dumps yesterday (around 40 GB each)… Orphan sessions issue and found atleast 20+ sessions in two dmps… I concentrated on Alpc wait chains and it was too tiring to find all relevant threads as it is all manual task. However, yesterday I found some scripts and technique that helps to speed up the analysis (Thanks to & MSDN Blog): -

1. .logopen folderpath\filname.txt – this will open a log file for you and later any command you run will dump the o/p to this file.

2. !process 0 ff – everyone know this command but if you run after above command you can dump all info in a txt file and then use Notepad++ to find ‘Waiting for reply to ALPC Message’ string and it will show you all aplc wait chain. Read more…

GetLasterror and OutputDebugString

July 25th, 2012 No comments

How to capture the output of GetLastError using OutputDebugString ?  Because GLE returns a DWORD, OutputDebugString doesn’t seem to like the input.

Put this on next line of the function that is returning the value: -

DWORD dwErr = GetLastError();
char Buffer[MAX_PATH+1] = {0};
sprintf_s(Buffer,  MAX_PATH, “Last Err 0x%x\n”, dwErr);

if any other function calls between then buffer holding info will be lost, so you may not get the correct value: – Below is one the example related ScardEstablishedContext()… Read more…

Trace Macro

July 25th, 2012 No comments

wow, so simple…I am writing some tool and was looking for a way to enable tracing, suggested this Macro (added trace to file also)…

static HANDLE  hOut=0;

void LogTrace( LPSTR pFormat, … )
char Buffer[MAX_BUFFER_SIZE+1] = {0};
va_list arg_marker;
va_start(arg_marker, pFormat );
DWORD dwBytesWritten=0; //added
wvsprintfA(Buffer, pFormat, arg_marker);
strcat_s(Buffer, _countof(Buffer),”\n”);
va_end(arg_marker); //added Read more…

Lesson Learned – Orphan process

February 17th, 2012 3 comments

writing something after almost two months…not good but I was busy in lots of stuff, trying to learn new things which I will document later… But for today something on Analyzing dump for hangs due to orphan processes.

Recently while working on one issue, I found an interesting case scenario… this seems to be one common scenario… when users logoff from their session on TS\XenApp server, three processes stuck there – Csrss, Winlogon and LogonUI. Though they logged off but because of these processes, there session stuck, eating resources and some stage give unexpected behaviour…It is bit difficult to show the full stack here but I am documenting the technique that I used to find the root cause of the issue. So here’s what I did.

Complete Memory Dump – for hang related issue, it is good to take complete memory dump and atleast 2-3 to see the consistency (this what I usually do)…

Step 1 – Ensure symbols are loaded, may be a good idea to run lm command and too see what files are loaded and then run .reload /f to force the symbol download.

Step 2 – Find out all the processes, it will be good to have them in sort order by session so I ran command !sprocess -4 . this show me all the sessionss in proper order and also, what all processes are available in each session. Read more…

Reading x32 stack – Learned two new commands!!!

December 25th, 2011 No comments

Learned two new commands while working on an issue. I have Windows 7 x64 OS and was troubleshooting an issue… I took a process dump and tried opening in WinDbg…

As you can see stack is not showing properly… after some searching on web I found some useful articles… it looks as processes are x32 but dump is taken on x64, therefore, I can’t read it. Further browsing through the help (.hh) of Windbg, I found below two commands: -

0:000> .load wow64exts
0:000> .effmach x86 Read more…

Merry Christmas!!!

December 25th, 2011 No comments

Merry Christmas to Visitors!!! Wonderful day, no rain and no snow is Dublin… that’s the time (festival periods) when I missed my Motherland, India…

Debugging for Starters – III

December 13th, 2011 1 comment

Debugging for Starters – III

First two blog posts in this series are ->

We already discussed different terminologies, different types of dumps, tools to create dumps and also, how to check if they are good for analysis or not. In next couple of articles, I will document steps require to open a dump in Windbg. I will also try to document  steps require to troubleshoot some common issues related to :-

  1. Application\Server crash
  2. Application\Server hangs
  3. CPU Spikes, etc;

and will add some more tools as and when require.The main tool that we are going to use is Windbg.

The installation of Windbg is pretty simple, anyone who has ever installed any software on Windows , can do it. However, before opening the dump, you need to configure the symbol server.

Symbols – In simplest way, Symbols (.pdb files, generated during application compilations) convert 01010101 to ‘human readable’ English. There are more technical definitions exist on internet but this is the simplest I can think of. Symbols are provided by the application vendors, usually they have their Public facing Symbols server. For example: -

Read more…

SmartCard APIs

December 11th, 2011 No comments

SmartCard APIs call sequence – SCardEstablishContext, SCardConnect, SCardTransmit, etc

Some days ago, I was working on one very interesting case related to Smartcard behaviour on XenApp. While I can’t disclosed all the findings but still would like to share some of the learnings. It is very important to understand the behaviour of SmartCard APIs, how they work, etc. (check MSDN). MS has released documentations related to different protocols, one that interest me a lot (as I work on mainly Smart card, Authentication, etc issues) is related to ‘Remote Desktop Protocol: Smart Card Virtual Channel Extension’.

Ref: –

This example shows the messages sent to perform a simple querying of a card in the TS client machine. It assumes that a channel has already been set up on the between the TS client and the TS server. In addition, a PC/SC-compatible resource manager is running on the TS client and there exists a smart card reader with a smart card inserted. The following figure represents the program flow. Read more…

Memory Dump Analysis Anthology – Wow!

December 1st, 2011 No comments

One of the best book on Dump Analsysis, the whole series worth reading along with Windows Internal. Just got Vol-1 signed by its author, Dmitry Vostokov.

Dmitry Vostokov has a very informative blog, , where he shares his experience and knowledge…bookmark it if you want to learn and would like go deeper in debugging… He is also a developer of many useful utilities like DumpCheck, TestWER, etc.