Archive for the ‘Debugging’ Category

Citrix Techedge Videos

January 14th, 2013 No comments

Here are some of Techedge (EMEA) Videos worth watching with some good content and great presentations: -

Citrix TechEdge is a free event hosted by top Citrix Technical Support engineers at Citrix Summit and Synergy, where you gain in-depth knowledge on the latest troubleshooting tools, methodologies and fixes for your Citrix Application Delivery Infrastructure. (Ref:

TechEdge 2010 Presentations and Videos –

TechEdge 2011 Presentations and Videos –

TechEdge 2012 Presentations and Videos –


Script WinDbg

December 19th, 2012 No comments

For my own Notes but I thought to share it, may be it help someone. I was trying to analyse some dumps yesterday (around 40 GB each)… Orphan sessions issue and found atleast 20+ sessions in two dmps… I concentrated on Alpc wait chains and it was too tiring to find all relevant threads as it is all manual task. However, yesterday I found some scripts and technique that helps to speed up the analysis (Thanks to & MSDN Blog): -

1. .logopen folderpath\filname.txt – this will open a log file for you and later any command you run will dump the o/p to this file.

2. !process 0 ff – everyone know this command but if you run after above command you can dump all info in a txt file and then use Notepad++ to find ‘Waiting for reply to ALPC Message’ string and it will show you all aplc wait chain. Read more…

GetLasterror and OutputDebugString

July 25th, 2012 No comments

How to capture the output of GetLastError using OutputDebugString ?  Because GLE returns a DWORD, OutputDebugString doesn’t seem to like the input.

Put this on next line of the function that is returning the value: -

DWORD dwErr = GetLastError();
char Buffer[MAX_PATH+1] = {0};
sprintf_s(Buffer,  MAX_PATH, “Last Err 0x%x\n”, dwErr);

if any other function calls between then buffer holding info will be lost, so you may not get the correct value: – Below is one the example related ScardEstablishedContext()… Read more…

Trace Macro

July 25th, 2012 No comments

wow, so simple…I am writing some tool and was looking for a way to enable tracing, suggested this Macro (added trace to file also)…

static HANDLE  hOut=0;

void LogTrace( LPSTR pFormat, … )
char Buffer[MAX_BUFFER_SIZE+1] = {0};
va_list arg_marker;
va_start(arg_marker, pFormat );
DWORD dwBytesWritten=0; //added
wvsprintfA(Buffer, pFormat, arg_marker);
strcat_s(Buffer, _countof(Buffer),”\n”);
va_end(arg_marker); //added Read more…

Lesson Learned – Orphan process

February 17th, 2012 3 comments

writing something after almost two months…not good but I was busy in lots of stuff, trying to learn new things which I will document later… But for today something on Analyzing dump for hangs due to orphan processes.

Recently while working on one issue, I found an interesting case scenario… this seems to be one common scenario… when users logoff from their session on TS\XenApp server, three processes stuck there – Csrss, Winlogon and LogonUI. Though they logged off but because of these processes, there session stuck, eating resources and some stage give unexpected behaviour…It is bit difficult to show the full stack here but I am documenting the technique that I used to find the root cause of the issue. So here’s what I did.

Complete Memory Dump – for hang related issue, it is good to take complete memory dump and atleast 2-3 to see the consistency (this what I usually do)…

Step 1 – Ensure symbols are loaded, may be a good idea to run lm command and too see what files are loaded and then run .reload /f to force the symbol download.

Step 2 – Find out all the processes, it will be good to have them in sort order by session so I ran command !sprocess -4 . this show me all the sessionss in proper order and also, what all processes are available in each session. Read more…

Reading x32 stack – Learned two new commands!!!

December 25th, 2011 No comments

Learned two new commands while working on an issue. I have Windows 7 x64 OS and was troubleshooting an issue… I took a process dump and tried opening in WinDbg…

As you can see stack is not showing properly… after some searching on web I found some useful articles… it looks as processes are x32 but dump is taken on x64, therefore, I can’t read it. Further browsing through the help (.hh) of Windbg, I found below two commands: -

0:000> .load wow64exts
0:000> .effmach x86 Read more…

Debugging for Starters – III

December 13th, 2011 1 comment

Debugging for Starters – III

First two blog posts in this series are ->

We already discussed different terminologies, different types of dumps, tools to create dumps and also, how to check if they are good for analysis or not. In next couple of articles, I will document steps require to open a dump in Windbg. I will also try to document  steps require to troubleshoot some common issues related to :-

  1. Application\Server crash
  2. Application\Server hangs
  3. CPU Spikes, etc;

and will add some more tools as and when require.The main tool that we are going to use is Windbg.

The installation of Windbg is pretty simple, anyone who has ever installed any software on Windows , can do it. However, before opening the dump, you need to configure the symbol server.

Symbols – In simplest way, Symbols (.pdb files, generated during application compilations) convert 01010101 to ‘human readable’ English. There are more technical definitions exist on internet but this is the simplest I can think of. Symbols are provided by the application vendors, usually they have their Public facing Symbols server. For example: -

Read more…

Memory Dump Analysis Anthology – Wow!

December 1st, 2011 No comments

One of the best book on Dump Analsysis, the whole series worth reading along with Windows Internal. Just got Vol-1 signed by its author, Dmitry Vostokov.

Dmitry Vostokov has a very informative blog, , where he shares his experience and knowledge…bookmark it if you want to learn and would like go deeper in debugging… He is also a developer of many useful utilities like DumpCheck, TestWER, etc.

Debugging for Starters – II

December 1st, 2011 3 comments

Debugging for Starters – II

First blog in this series is ->

So we already discussed some terms in above blog, now let’s see how we can create a dump (as we are going to concentrate more on Dump analysis then live-debugging techniques).

Creating a Dump – There are different ways to create User dumps – automatically andor manually.

This will help to capture the dump in case application crash. From Windows Vista onwards, you can use Task Manager to create a dump of any process. This will be helpful if you are troubleshooting issues related CPU spikes in a process. Read more…

Debugging for Starters – I

November 24th, 2011 2 comments

Debugging for Starters – I

There are many articles on the web on this topic with some very good technical details and deep-dive. However, when I started debugging it was bit difficult to find the starting point. Most of the articles or books I found are covering high-level debugging. Also, Windows Internal is must to understand the whole aspect. But I was more interested in ‘quick’ and ‘short-route’. Being from System Administration and consulting background, I was more interested in find the easy way to move the issue to second-level. In this series, I will try to document my experience and learning on this area.

Read more…