Welcome to the first episode of Defrag Tools where Andrew Richards and I will be walking you through the tools we use when troubleshooting Windows PC's. Each week we'll dive into the tools from SysInternals, showing you how to use them along with our best tips and tricks. In this episode we'll be showing you how to get started by creating a thumb drive that you can use to fix PC's and troubleshoot problems.
In this episode of Defrag Tools, Andrew and I walk you through Sysinternals Process Explorer. Process Explorer is a comprehensive replacement for Task Manager. It allows you to view the details of the processes running on the computer, both at a point in time and historically. The performance graphs allow you to view the CPU, I/O, Memory and GPU usage. Process Explorer can be used to find file locks, loaded DLLs, autostart locations, and many more things.
In this episode of Defrag Tools, Chad and I walk you through Sysinternals Autoruns. We also look at its predecessors: MSConfig and SysEdit. AutoRuns and MSConfig allow you to view and disable autostart entries on the computer. The autostart entries are locations in the registry and file system that can cause applications and DLLs to be automatically run at startup, login, application launch, and at many more registration points in Windows.
In this episode of Defrag Tools, Andrew and I walk you through Sysinternals RAMMap. RAMMap allows you to see how the Physical Memory (RAM) on the computer is being used. You can see how much RAM there is, for what purpose it is being used, and if there has been any memory pressure (not enough memory). We also cover a lot of Memory Management theory to understand the data in RAMMap.
In this episode of Defrag Tools, Andrew and I walk you through Sysinternals VMMap. VMMap allows you to see how the Virtual Memory of a process is being used. You can see how much is used, for what purpose it is being used, and if there has been any memory leaks. Like last week with RAMMap, we cover some Memory Management theory to understand the data in VMMap.
Mark Russinovich joins Andrew Richards and Larry Larsen on this episode of Defrag Tools to talk about the history of Sysinternals, his involvement with the Windows Internals book series and advice on Cybersecurity. Learn about new tools, retired tools and tools that never got completed. Get advice on troubleshooting. Get advice on how to survive a cyber attack. And much much more...
In this episode of Defrag Tools, Chad Beeder and Larry Larsen walk you through Task Manager and Resource Monitor. Sometimes you can't download Sysinternals or other troubleshooting tools, at these time, you can turn to these in-box applications that allow you to investigate the computer.
In this episode of Defrag Tools, Andrew Richards and Larry Larsen start walking you through the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This first WinDbg installment configures the system to open dumps files via an adjusted Context Menu. It shows how to set WinDbg as the (AeDebug) postmortem debugger, and how to use ProcDump v5.1 to do the same but capture the process as a dump file. It then starts to explain some basic concepts of debugging: call stacks (k), registers (r) and exception context records (.ecxr). Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.
Mark Russinovich joins Larry Larsen and Andrew Richards for a live version of Defrag Tools where they take questions about troubleshooting Windows 8, the changes to the Sysinternals Tools, Driver support, VHD support, Security, and much more.
In this episode of Defrag Tools, Andrew Richards and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment shows how you can view the user mode call stack and stack variables in a native, managed (.NET) or Silverlight process. We use these commands: dv dt !sos.dumpstack !sos.dumpstackobjects / !sos.dso !sos.dumpobj / !sos.do !sos.printexception / !sos.pe .frame .f+ .f- .load .unload .loadby .chain lm / lmm / lmvm .extmatch .prefer_dml 1 .lines .ecxr .cls Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.
In this episode of Defrag Tools, Chad Beeder and Larry Larsen discuss analyzing kernel mode bugchecks (colloquially known as Blue Screens of Death) using WinDbg from the Debugging Tools For Windows. We use these commands: !analyze -v .hh .trap !pte !process !thread .formats .process .thread k ~ .reload Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.
Not all Blue Screens of Death are easy to debug! Sometimes, you need to enable extra checking to help catch a buggy device driver. In this episode of Defrag Tools, Chad Beeder and Larry Larsen discuss using Driver Verifier in conjunction with WinDbg to track down a driver which is corrupting kernel mode pool memory. Debugger commands used: !analyze -v .trap ub dp dps dc kv Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.
In this episode of Defrag Tools, Michael Fourre, senior test engineer from the Driver Verifier team, pays a visit to Larry Larsen and Chad Beeder in the Channel 9 studios to give us some deeper insight into this valuable tool for catching device driver bugs!
In this followup to last week's episode of Defrag Tools, Michael Fourre, senior test engineer from the Driver Verifier team, gives us an overview of all the available verifier settings, and explains when you might need to use them.
In this week's episode of Defrag Tools, Graham McIntyre, Senior Developer from the Windows Reliability team, gives us an overview of Online Crash Analysis (OCA). Graham describes OCA and how dump collection has been enhanced in Windows 8.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the commands used to show the state of debug session. It also shows some of the basic commands used to view process and thread information of a user mode process. We cover these commands: version vertarget | || .sympath .srcpath .exepath .extpath .chain !analyze -v .bugcheck !error ~ ~NNs ~~[TID]s ~*k ~*r !process 0 17 !threads !findstack !uniqstack !peb !teb k= <addr> <addr> <frames> dps dpu dpa dpp .reload /f .reload /user !gle !tls Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the commands used to show the memory used in a user mode debug session. We cover these commands: !address -summary !address <addr> !vprot <addr> !mapped_file <addr> Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the commands used to show the memory used in a kernel mode debug session. We cover these commands: !vm !vm 1 !memusage 8 !poolused 2 !poolused 4 !poolfind <tag> !pool <addr> !pool <addr> 2 !pte Make sure you watch Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.
In this episode of Defrag Tools, Andrew Richards and Larry Larsen upgrade the software we downloaded in Episode #1 to the Windows 8 (x86 &x64) and Windows RT (ARM) versions. Resources: Windows Software Development Kit (SDK) for Windows 8 Sysinternals USB3 Debugging Cable - Note, you must use a USB3 A-A cable designed for debugging, otherwise it will fry your box!
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the commands used to diagnose a Critical Section hang in a user mode application. We start with an overview of the four synchronization primitives and then delve deep in to temporary hangs, orphaned Critical Sections and deadlocks. We use these commands: ~*k ~*kv ~ ~~[TID]s !cs !cs <pointer> !locks Make sure you watch Defrag Tools Episode #1 and Defrag Tools Episode #23 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the commands used to diagnose an Event hang in a user mode application. We talk about single and multiple event hangs, automatic and manual events, waitable object handles and common design patterns that you will encounter. We use these commands: ~*k ~*kv ~ ~~[TID]s dp <addr> !handle !handle <handle> <mask> .dumpdebug !uniqstack !findstack <text> Make sure you watch Defrag Tools Episode #1 and Defrag Tools Episode #23 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbol and source code resolution.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the commands used to diagnose Semaphores, Mutexes and (Waitable) Timers in a user mode application. For timers, we delve deep in to the kernel to gather more information about them. We use these commands: !handle !handle <handle> <mask> !object <name> !object <addr> !timer !timer <addr> ub @rip dt nt!_KTHREAD <addr> Make sure you watch Defrag Tools Episode #1 and Defrag Tools Episode #23 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbol and source code resolution.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the cables and configuration steps required to set up kernel mode debugging. We use these BCDEdit commands: bcdedit bcdedit /dbgsettings bcdedit /dbgsettings 1394 channel:42 bcdedit /dbgsettings net hostip:192.168.0.10 port:50000 key:a.b.c.d bcdedit /debug on bcdedit /debug off In the debug session, we use these commands: .crash .dump /f lm !lmi .reload /f !drvobj !drvobj <module> 2 bl bc * be <N> bd <N> bp <function> bm <wildcard> x <wildcard> g Make sure you watch Defrag Tools Episode #1 and Defrag Tools Episode #23 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbol and source code resolution.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the Windows Scheduler. We look at Running, Ready and Waiting threads, and talks about the effect of Power Management on scheduling. We use these commands: !running !running -t !ready !dpcs !thread <addr> 17 !thread -1 17 (current thread) Make sure you watch Defrag Tools Episode #1 and Defrag Tools Episode #23 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbol and source code resolution.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the Event Tracing for Windows (ETW) buffers in a kernel mode dump or live session. The ETW buffers can be extracted from the dump and viewed using the Windows Performance Toolkit (WPT). The buffers give you insight in to what has beem happening recently on the computer. We use these commands: !wmitrace.strdump !wmitrace.logsave 0xNN c:example.etl !wmitrace.eventlogdump 0xNN !wmitrace.help Make sure you watch Defrag Tools Episode #1 and Defrag Tools Episode #23 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbol and source code resolution. This episode shows how install the Windows Performance Toolkit.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen review MCP exam 70-660 - MCTS Windows Internals.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen walk you through Sysinternals ZoomIt. ZoomIt is a screen zoom and annotation tool for technical presentations that include application demonstrations. ZoomIt runs unobtrusively in the tray and activates with customizable hotkeys to zoom in on an area of the screen, move around while zoomed, and draw on the zoomed image.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen walk you through Sysinternals Desktops. Desktops allows you to organize your applications on up to four virtual desktops. We go under the covers and show how Desktops fits in to the Session, Window Station and Desktop object/security model. ** I didn't do a great job explaining Sessions/Window Stations/Desktops -- If you want to know about those concepts in detail, I suggest you watch Sysinternals Primer: Gems instead.
In this episode of Defrag Tools, Andrew Richards, Maoni Stephens and Larry Larsen walk you through the CLR Garbage Collector. Maoni is the Principal developer for the GC on the CLR team.
In this episode of Defrag Tools, Andrew Richards, Maoni Stephens and Larry Larsen continue walking you through the CLR Garbage Collector - specifically PerfView. Maoni is the Principal developer for the GC on the CLR team.
In this episode of Defrag Tools, Andrew Richards, Amanda Silver and Larry Larsen start walking you through the debugging of JavaScript Windows Store applications with Visual Studio. Amanda is a Principal developer for the JavaScript engine used in Internet Explorer, Windows Store applications and Visual Studio.
In this episode of Defrag Tools, Andrew Richards, Amanda Silver and Larry Larsen continue walking you through the debugging of JavaScript Windows Store applications with Visual Studio. Amanda is a Principal developer for the JavaScript engine used in Internet Explorer, Windows Store applications and Visual Studio.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen starting walking you through the Windows Performance Toolkit (WPT).
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue walking you through the Windows Performance Toolkit (WPT).
Larry Larsen and Andrew Richards do a live version of Defrag Tools where they take questions about troubleshooting Windows 8, talk about security, and much more.
Larry Larsen and Andrew Richards do a live version of Defrag Tools with Larry Osterman and answer questions about troubleshooting Windows, talk about WinRT, x86/x64 vs. ARM vs. MIPS vs. ALPHA, and much more.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue walking you through the Windows Performance Toolkit (WPT). This is part 1 of 3 episodes on memory usage/leaks. Example xPerf scripts.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue walking you through the Windows Performance Toolkit (WPT). This is part 2 of 3 episodes on memory usage/leaks. Example xPerf scripts.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue walking you through the Windows Performance Toolkit (WPT). This is part 3 of 3 episodes on memory usage/leaks. Example xPerf scripts.
In this two part series of Defrag Tools, Andrew Richards and Larry Larsen talk to Jeff Dailey, Director of diagnostics in Microsoft Support. In this episode, we cover the principals of data collection and analysis.
In this two part series of Defrag Tools, Andrew Richards and Larry Larsen talk to Jeff Dailey, Director of diagnostics in Microsoft Support. In this episode, we talk about Microsoft Fix it Center Pro.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen talk about Crashes, Hangs and Slow Performance. We talk about how to approach these issues and list the tools that can help you analyze them.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen show you the analysis of a crash. The crash happens when Favorites is clicked in Internet Explorer. We show Andrew's debugging and troubleshooting steps to solve the issue.
In this episode of Defrag Tools, Chad Beeder, Andrew Richards and Larry Larsen show you the analysis of a Bugcheck 0xAB (by C9'er David Grainger). We show Chad's debugging and troubleshooting steps to solve the issue.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen show you the analysis of a hang. The hang happens in Explorer when Windows-E is pressed - the folder window never appears. We show Andrew's debugging steps to solve the issue.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen talk about Andrew's new job, configuring new systems with SSDs and HDDs, answer two questions from a viewer (Barry), and debug two crashes. [So why is the audio weird in this episode? Well, Andrew accidently hit mute on his mic just before recording. Kaitlin came to the rescue and used the audio from Chad's mic, fixing the levels for hours - Thx Kaitlin]
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen talk about a Sysinternals Autoruns file from a viewer (Judy) for a slow booting system. We update Sysinternals and in doing so, we use Sysinternals Steams to show the (NTFS) alternate data stream used to save the Zone information of the download.
In this episode of Defrag Tools, Larry Osterman joins Andrew Richards and Chad Beeder to talk about lots of random stuff from his 29ys at Microsoft; including the old days, Windows Audio, Windows 8.1 UI, and much more.
In this episode of Defrag Tools, Rob Paveza joins Andrew Richards and Larry Larsen to talk about Just My Code for JavaScript Windows Store Apps in Visual Studio 2013. We show how much easier debugging is with all of the JavaScript libraries (e.g. JQuery) filtered out.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen talk about Sysinternals Disk Usage and Sysinternals Registry Usage. These tools are used to determine the size of Folder and Registry trees. We provide advice on how to free up disk space so you can upgrade to Windows 8.1 on a low-disk space system.
In this episode of Defrag Tools, Chad Beeder, Andrew Richards and Larry Larsen talk about the High DPI support in Windows 8.1.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen walk you through the download of the Windows 8.1 SDK and the latest Sysinternals tools. We harvest the Debugging Tools for Windows, Windows Performance Toolkit, and Application Verifier files from the SDK. We also show some of the new WinDbg features.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen walk you through a Windows Store Application crash dump. We show the Quality page of the Dev Dashboard and debug a dump with WinDbg.
In this episode of Defrag Tools, Jeffrey Richter joins Andrew Richards and Larry Larsen to talk about Windows Store Application development. We talk about all the books he's authored and what his company (Wintellect) is doing recently.
In this episode of Defrag Tools, Jeffrey Richter joins Andrew Richards and Larry Larsen to talk about the Wintellect Package Explorer. This new tool, associated with the Windows Runtime for C# book, allows you to view the properties of Store apps installed on your system, and help you manage them.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder walk you through a common issues in Background Task applications. We use a Windows Store 8.1 app sample to show how missing code affects the process, and how the process can be reported as having an Application Hang due to non-responsiveness.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder walk you through a common issues in Windows Store applications that use HTTP. We use a Windows Store 8.1 app sample to show how a missing exception handler affects the stability of the process.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder walk you through a common issues in Windows Store applications that use XML. We use a Windows Store 8.1 app sample to show how missing code affects the stability of the process.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder walk you through a common issues in Windows Store applications that use Interop. We use a Windows Store 8.1 app sample to show how missing code affects the stability of the process.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder walk you through a common issue in Windows Store applications that use Frame.GetNavigationState. We use a Windows Store 8.1 app sample to show how using complex objects as a parameter in navigation can cause serialization to raise an exception.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen walk you through a common issue in Windows Store applications that use Files. We use a Windows Store 8.1 app sample to show how missing code affects the stability of the process.
In this episode of Defrag Tools, Trey Nash and Jason Epperly join Chad Beeder to talk about their roles as Escalation Engineers in CSS.
In this episode of Defrag Tools, Trey Nash joins Chad Beeder to demonstrate how the Windows Performance Toolkit was used to solve a performance issue in a time sensitive application.
In this episode of Defrag Tools, Jason Epperly joins Chad Beeder to demonstrate how the Windows Performance Toolkit was used to solve a performance issue while logging in to a system.
In this episode of Defrag Tools, Chad Beeder is joined by Steve Thomas to talk about Steve's role as a consultant for Microsoft Consulting Services.
In this episode of Defrag Tools, Chad Beeder is joined by Steve Thomas to talk about Application Virtualization (App-V) troubleshooting techniques.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder are joined by Aaron Margosis to talk about the Sysinternals book he co-authored, and demos an Application Installation Recorder that leverages Process Monitor and PowerShell.
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen begin a multi-part series on how Performance Counters work and how to add them to an application. This episode focuses on the (statistical) counter types that determine how the (raw) data is reported.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue a 3-part series on how Performance Counters work and how to add them to an application. This episode focuses on the XML manifest that you develop, that turns in to code when compiled with CTRPP.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue a 3-part series on how Performance Counters work and how to add them to an application. This episode focuses on turning the XML manifest in to code (with CTRPP), and using the generated code in a sample application.
Larry Larsen and Andrew Richards do a live version of Defrag Tools. We look at the common reasons why Windows Store applications experience crashes and hangs. We do a quick debug of a Windows Store application crash using the !pde.dse debugger extension (available on the show's OneDrive).
In this episode of Defrag Tools, Chad Beeder and Larry Larsen discuss two topics: The Heartbleed bug, and the Sigcheck tool from Sysinternals.
In this episode of Defrag Tools, Andrew Richards walks you through the download of the Windows 8.1 Update SDK, the Windows 8.1 Store App Samples, the latest Sysinternals tools, and the Wintellect Package Explorer. We harvest the Debugging Tools for Windows, Windows Performance Toolkit, and Application Verifier files from the SDK.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about how you can change the Symbol folder's hierarchy to be 2-Tier instead of 1-Tier - by adding an index2.txt file to the root.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about 4 tools used to maintain your Symbol Store and Symbol Cache folders.
Mark Russinovich joins Andrew Richards and Larry Larsen for a live version of Defrag Tools. We go through all of the updates that have occurred to the Sysinternals tools in 2014. Timeline: Channel 9 Live: [00:00] - Welcome Mark! [01:30] - Autoruns v12.0 [03:15] - ProcDump v7.0 [04:34] - AccessChk v5.2 [05:48] - Sigcheck v2.1 Channel 9 Live - Web Exclusive: [10:17] - Sigcheck v2.1 continued... [12:48] - PsExec v2.1 [15:59] - PsPing v2.0 [20:28] - Process Explorer v16.0
Paula Januszkiewicz joins Andrew Richards and Larry Larsen for two live sessions of Defrag Tools. We go through a wide variety of security topics. This episode focuses on the way you should behave on unknown networks, the use of USB sticks, and password retention.
Paula Januszkiewicz joins Andrew Richards and Larry Larsen for two live sessions of Defrag Tools. We go through a wide variety of security topics. This episode focuses on the tools and techniques that Paula uses when penetrating systems.
Andrew Richards goes through his selection of troubleshooting talks from TechEd 2014. Mark Russinovich: Case of the Unexplained: Troubleshooting with Mark Russinovich Also - 2013, 2012, 2011, 2010, 2009 TWC: Malware Hunting with Mark Russinovich and the Sysinternals Tools Also - 2013, 2012 Aaron Margosis: TWC: Sysinternals Primer: TechEd 2014 Edition Also - 2013, 2012, 2011, 2010 Chris Jackson: Windows 8 Security Internals Application Compatibility and Modernization in a Fast Moving, Post-XP World Andrew Richards: Hardcore Debugging Also - 2013 Andrew Hall / Daniel Moth: Debugging Tips and Tricks in Visual Studio 2013 Diagnosing Issues in Production Environments with Visual Studio 2013 Diagnosing Issues in Windows Phone 8.1 XAML Applications Using Visual Studio 2013 Yong Rhee: Windows Performance Deep Dive Troubleshooting
In this episode of Defrag Tools, Chad Beeder and Andrew Richards use FindStr, Sysinternals Strings and !pde.ssz to perform string searches and filtering.
In this episode of Defrag Tools, Chad Beeder and Andrew Richards use the Scheduled Tasks MMC, Sysinternals Autoruns, at.exe, scdtasks.exe and PowerShell to manage the Task Scheduler.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder start a new series on writing a Debugger Extension for the Debugging Tools for Windows. The series is based on a 3 part MSDN Magazine series that Andrew wrote back in early 2011.
This week we break out of the Channel 9 studios and visit the offices of Chad Beeder and Andrew Richards, and talk about some of the history of Buildings 22 and 26.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue a series on writing a Debugger Extension for the Debugging Tools for Windows. The series is based on a 3 part MSDN Magazine series that Andrew wrote back in early 2011.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder finish a series on writing a Debugger Extension for the Debugging Tools for Windows. The series is based on a 3 part MSDN Magazine series that Andrew wrote back in early 2011.
In a two part special for Defrag Tools, Larry Osterman joins Larry Larsen, Andrew Richards and Chad Beeder to celebrate Larry's 30 years at Microsoft. We travel to the Microsoft Archives building to reminisce over a selection of products that Microsoft has produced over Larry's 30 year career.
In this second part of a two part special for Defrag Tools, Larry Osterman joins Larry Larsen, Andrew Richards and Chad Beeder to celebrate Larry's 30 years at Microsoft. We continue looking around the Microsoft Archives building, reminiscing over a selection of products that Microsoft has produced over Larry's 30 year career.
Mark Russinovich and Thomas Garnier join Andrew Richards in this episode of Defrag Tools. We talk about their new tool - Sysinternals System Monitor. System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time.
In this episode of Defrag Tools, Andrew Richards starts a two part series on writing a Debugger Extension in C# for the Debugging Tools for Windows. The series follows on from the recent 9 part series on writing a Debugger Extension in C++. The C# code utilizes the Microsoft.Diagnostics.Runtime (CLRMD) and DllExports packages, available on NuGet.
In this episode of Defrag Tools, Andrew Richards finishes a two part series on writing a Debugger Extension in C# for the Debugging Tools for Windows. The series follows on from the recent 9 part series on writing a Debugger Extension in C++. The C# code utilizes the Microsoft.Diagnostics.Runtime (CLRMD) and DllExports packages, available on NuGet.
In this of Defrag Tools, Kraig Brockschmidt joins Andrew Richards and Chad Beeder for two episodes to talk about Windows Store Application development using HTML, CSS and JavaScript. Be sure to download the free ebook!
In this of Defrag Tools, Kraig Brockschmidt joins Andrew Richards and Chad Beeder for a second episode to talk about Windows Store Application development using HTML, CSS and JavaScript. Be sure to download the free ebook!
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 1 of this series, we demonstrate downloading and installing the tool, and collecting traces.
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 2 of this series, we review a trace for CPU issues.
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 3 of this series, we focus on looking at memory issues.
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 4 of this series, we focus on using PerfView as a diagnostics tool.
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 5 of this series, we focus on using PerfView as a diagnostics tool.
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 6 of this series, we show how easy it is to add ETW events to your applications, and how these events can be seen in PerfView.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder to discuss Windows Management Instrumentation (WMI).
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 7 of this series, we show how easy it is to analyze ETW events with PerfView.
In this episode of Defrag Tools, Wade Mascia joins Andrew Richards and Chad Beeder to discuss his debugging analysis tool, DebugDiag. In part 1 of this 4 part series, we show the basic features of DebugDiag.
In this episode of Defrag Tools, Wade Mascia joins Andrew Richards and Chad Beeder to discuss his debugging analysis tool, DebugDiag. In part 2 of this 4 part series, we continue delving in to the features of DebugDiag.
In this episode of Defrag Tools, Wade Mascia joins Andrew Richards and Chad Beeder to discuss the debugging analysis tool, DebugDiag. In part 3 of this 4 part series, we continue delving in to the features of DebugDiag.
In this episode of Defrag Tools, Wade Mascia joins Andrew Richards and Chad Beeder to discuss the debugging analysis tool, DebugDiag. In part 4 of this 4 part series, we continue delving in to the features of DebugDiag.
In this episode of Defrag Tools, Vance Morrison joins Andrew Richards and Chad Beeder to discuss his performance analysis tool, PerfView. In part 8 of this series, we show how to analyze the GC with PerfView.
In this episode of Defrag Tools, Andy Sterland joins Chad Beeder to discuss the IE F12 Developer Tools, including some of the new features available in the Windows 10 Tech Preview.
In this episode of Defrag Tools, David Stephens joins Andrew Richards to discuss the IE F12 Console, including some of the new features available in the Windows 10 Tech Preview.
In the next two episodes of Defrag Tools, Andrew Richards and Chad Beeder discuss Networking. We look at various inbox tools, including ipconfig, route, netstat, arp, nslookup, tracert, ping, psping, net and netsh.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder continue to discuss Networking. We look at more inbox tools (netsh, tracert, ping, psping, net) and talk about Receive-Side Scaling (RSS), TCP Chimney Offload and the TCP Receive Window.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder discuss services in Windows. We look at several tools for managing services, and discuss how they are implemented.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder walk you through the download of the Windows 10 SDK and the latest Sysinternals tools. We harvest the Debugging Tools for Windows, Windows Performance Toolkit, and Application Verifier files from the SDK.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder bring sense the to Windows Search Path (%PATH%).
In this episode of Defrag Tools, Andrew Richards and Chad Beeder look in to why Win-R can launch some apps, but the Command Prompt can't.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder look in to Microsoft Symbol Proxy (SymProxy). SymProxy is used to cache symbols (positive and negative) from one or more upstream symbols servers. We cover the installation into IIS, and the monitoring via Performance Monitor and Event Viewer.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to determine the root cause of various application crashes which have occurred on Andrew's computer.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to dig into a few more application crashes which have occurred on Andrew's computer.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to debug some kernel mode memory dumps. We investigate a kernel mode crash (BSOD), and a system hang.
In this two part series of Defrag Tools, Bill Messmer joins Andrew Richards and Chad Beeder to talk about the new 'dx' command in the Windows Debugger.
In this second episode of a two part series of Defrag Tools, Bill Messmer joins Andrew Richards and Chad Beeder to talk about the new 'dx' command in the Windows Debugger.
In a two part on-location special for Defrag Tools, Andrew Richards and Chad Beeder invade Larry Osterman's office on his 31st anniversary at Microsoft. This week, we talk about his various office moves and the collection of artifacts in his office. Next week we continue the visit and do a deep dive in to API Contracts. API Contracts are used to define and package the various Windows 10 SKUs for PC, Phone, HoloLens, Surface Hub, Xbox, IoT, etc.
In a two part on-location special for Defrag Tools, Andrew Richards and Chad Beeder invade Larry Osterman's office on his 31st anniversary at Microsoft. Last week, we talked about his various office moves and the collection of artifacts in his office. This week we continue the visit and do a deep dive in to API Contracts. API Contracts are used to define and package the various Windows 10 SKUs for PC, Phone, HoloLens, Surface Hub, Xbox, IoT, etc.
In this on-location special for Defrag Tools, Andrew Richards and Chad Beeder invade Raymond Chen's office. Raymond is a 23yr veteran of Microsoft, who's worked on everything from MS-DOS to the Windows 10 UI. We talk about his Blog and Book Old New Thing, Security Reports on the wrong side of the Airtight Hatchway, various Microspeak terms including 'North Star' and Bedlam, Code Samples, and lot's of other random stuff.
In a two part special for Defrag Tools, Raymond Chen joins Andrew Richards and Chad Beeder to celebrate the 30 years of Windows. We travel to the Microsoft Archives building to reminisce over a selection of products that Microsoft has produced over the 30 years.
This was meant to be the second part of a two part special for Defrag Tools, where Raymond Chen joins Andrew Richards and Chad Beeder to celebrate the 30 years of Windows by walking around the Microsoft Archives. Unfortunately, we hit a technical issue. We didn't realize until editing that we filled the (separate) device used to record the microphones. As a result, no audio - and thus no Part 2 this week. (We cut last week's episode at the point where we started to walk around off-camera, and soon after lost audio). Stay tuned for more computer history next week. Chad takes us to the Living Computer Museum in downtown Seattle.
In this special episode of Defrag Tools, following up on our most recent expeditions through the Microsoft Archives, Chad Beeder visits the Living Computer Museum in Seattle, and takes a hands-on trip through their extensive collection of Microsoft-related artifacts, with tour guide Aaron Alcorn.
[01:20] - WinDiff [02:55] - x64 version available on Defrag Tools OneDrive [04:53] - File or Directory compare [10:22] - Alt-B (Both), Alt-L (Left), Alt-R (Right) [11:40] - F7 (Previous Change), F8 (Next Change) [13:00] - Outline/Expand (Esc) [14:44] - Tab Width (4 characters instead of 8 characters) [18:00] - Email us your issues at defragtools@microsoft.com
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about Dependency Walker. A tool used to view the DLL Import dependencies of EXEs and DLLs, and to view the Exports.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about Windows Installer and the ORCA Editor. The ORCA Editor is used to view and author Windows Installer files (*.msi, *.msm, *.msp, *.mst).
In this episode of Defrag Tools, Chad Beeder is joined by Jorge Novillo and Jose Baldner to introduce us to Media eXperience Analyzer (MXA). Media eXperience Analyzer (formerly WindowsXRay) is a tool used to visualize ETW traces, with a particular emphasis on media scenarios such as audio/video capture and playback.
In this episode of Defrag Tools, Chad Beeder is joined by Jorge Novillo and Jose Baldner. We look at some of the technologies introduced in recent Windows versions to reduce power consumption and improve battery life during video playback on newer hardware, and use Media eXperience Analyzer (MXA) to see whether they are working.
In this episode of Defrag Tools, Chad Beeder and Jorge Novillo continue a series on Media eXperience Analyzer (MXA). We examine an audio glitch scenario, and show how to use MXA to determine what caused the problem.
In this episode of Defrag Tools, Chad Beeder and Jorge Novillo continue a series on Media eXperience Analyzer (MXA). We examine a video glitch scenario, and show how to use MXA to determine what caused the problem.
In this episode of Defrag Tools, Chad Beeder and Jorge Novillo wrap up a series on Media eXperience Analyzer (MXA). We examine one more audio glitch scenario, and show how to use MXA to determine what caused the problem.
In this episode of Defrag Tools, Chad Beeder and Sylvain Goyette discuss how to diagnose issues related to memory usage, using tools available in the Assessment and Deployment Kit (ADK). We cover two scenarios: 1. Looking at the baseline memory footprint of a particular Windows installation, and comparing it to the usage during a certain activity 2. Diagnosing memory usage and leaks in a particular app.
In this episode of Defrag Tools, Chad Beeder and Sylvain Goyette discuss how to analyze and optimize Windows boot performance, using tools available in the Assessment and Deployment Kit (ADK).
In this episode of Defrag Tools, Chad Beeder and Sylvain Goyette demonstrate how to do critical path analysis in Windows Performance Analyzer (WPA), to troubleshoot apps which have an unresponsive UI. WPA is available in the Assessment and Deployment Kit (ADK).
Collecting and visualizing Windows 10 Energy Estimation Engine (E3) data with "powercfg /srumutil" and Excel In this episode of Defrag Tools, Chad Beeder and Jorge Novillo take a look at the Energy Estimation Engine (E3) in Windows, and how to use it to get detailed information about battery usage. Note: In addition to viewing data from a single device, as demonstrated in the video, an OEM, during device pre-production, or an enterprise IT administrator could create domain scripts to generate and collect E3 SRUMUTIL logs on a daily or weekly basis and collect the information in a database. This would allow the OEM or enterprise to analyze energy usage data from devices, and identify opportunities to improve battery life on their Windows images.
In this episode of Defrag Tools, Chad Beeder and Jorge Novillo discuss a power saving feature in Windows: hardware offloading of Audio Processing Objects (APOs). We demonstrate how to use Media eXperience Analyzer (MXA) to determine whether audio offload is working on a given system.
In this episode of Defrag Tools, Chad Beeder and Andrew Richards discuss the Powercfg command-line tool in Windows, which allows you to configure power management settings, and analyze power and battery usage.
In this episode of Defrag Tools, Chad Beeder and Andrew Richards discuss the PsPing command-line tool from Sysinternals - a more powerful replacement for the default "ping" command, which also adds additional capabilities such as bandwidth measurement.
In this episode of Defrag Tools, Chad Beeder and Andrew Richards walk through using various tools to determine what is causing Andrew's computer to be slow and unresponsive.
In the spirit of Star Trek crossovers, Andrew Richards and Chad Beeder pay a visit to Gov (Rhymes With Orange) Maharaj, the co-host of The Defrag Show. We talk about how each series got started, the focus of each, and how the two sometimes overlap. Gov has a wealth of knowledge, a lot of it being garnered from his role as a developer on the Windows Application and Device Compatibility Team for over 16+ years, but also by doing research for you, to answer your questions. In this episode we cover a lot of things, but of note, we talk about the version of Windows. How it is reported to applications and drivers, and the common misconception that the version number represents functionality. We've previously taped in Studio F when visiting Raymond Chen. And we've previously talked about API Contacts with Larry Osterman. As mentioned while in the kitchen, Bill Gates made a Coke (Coca-Cola) commercial years ago.
In this episode of Defrag Tools, Chad Beeder and Andrew Richards discuss Virtual Hard Disk (VHD) files. We first dive into what a VHD is, how you can boot from a VHD by configuring bcdedit settings, and we see how they look in Disk Management. We then use Sysinternals Disk2VHD - a quick and easy way to make a VHD from a Physical drive. We also discuss the Volume Shadow Copy Service.
In this episode of Defrag Tools, Mark Russinovich and Andrew Mason (Program Manager for Nano Server) join Andrew Richards to discuss the release of the Sysinternals tools for Windows Server - Nano Server. Over 40 of the Sysinternals tools have been updated to support the headless execution on Nano Server via a remote shell (e.g. PowerShell, PsExec, SSH). You can download the full set by clicking on the Sysinternals Nano Server Suite on the Sysinternals suite page, and each tool that supports Nano Server reports that on its download page. The Nano versions are also compatible with 64-bit Windows and have "64.exe" as their suffix in the download files. Many of the updated tools include bug fixes as well.
In this episode of Defrag Tools, Sylvain Goyette joins Chad Beeder to talk about how to collect performance traces during Windows OOBE (Out of Box Experience). (Sorry that Sylvain's screen is somewhat hard to read; we had some technical issues with the screen capture session.)
In this episode of Defrag Tools, Sylvain Goyette joins Chad Beeder to discuss performance tracing of Universal Windows Platform (UWP) apps. (Sorry that Sylvain's screen is somewhat hard to read; we had some technical issues with the screen capture session.)
In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to determine the root cause of various application crashes which have occurred on Andrew's computer. We use Sysinternals ProcDump to capture the dumps. While debugging, we take a side trip into configuring colors for Compressed and Encrypted files in Windows Explorer, and use Sysinternals Process Monitor to determine why the debugger was getting an Access Denied when loading the PDE Debugger Extension.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk to Nashaat Soliman and Paresh Maisuria (program manager and developer from the Windows kernel power team) about the "Sleep Study" feature in the Powercfg tool, and how you can use it to diagnose battery drain issues on Modern Standby systems. For related content on power management and analysis using Powercfg, refer to the following earlier episodes: Defrag Tools #157 - Energy Estimation Engine (E3) Defrag Tools #159 - Powercfg For additional details on Sleep Study, see this blog post: Sleep Study: Diagnose what's draining your battery while the system sleeps
In this episode of Defrag Tools, Andrew Richards talks to Andy Luhrs and Bill Messmer from the Debugging Tools for Windows team. We talk about what the team develops, what it is working on, the debugger object model, their blog and their feedback email address. Blog - https://blogs.msdn.microsoft.com/windbg/ Email - windbgfb@microsoft.com
In this episode of Defrag Tools, Andrew Richards talks to Andy Luhrs and Bill Messmer from the Debugging Tools for Windows team. We talk about the new JavaScript extensibility and scripting abilities in WinDbg available in the WDK and SDK build 14951 and newer. Blog - https://blogs.msdn.microsoft.com/windbg/ Email - windbgfb@microsoft.com Bill leveraged the debugger object model previously in these episodes: Defrag Tools #138 - Debugging - 'dx' Command Part 1 Defrag Tools #139 - Debugging - 'dx' Command Part 2 Defrag Tools #169 - Debugging Tools for Windows Team
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk to Dan Taylor and Chuck Weininger about Application Insights Profiler. The profiler allows you to get detailed performace data from Azure App Services. How to - http://aka.ms/aiprofilerpreview Email - serviceprofilerhelp@microsoft.com
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about Application Hangs. We collect a dump of a process and debug it with the Debugging Tools for Windows. Resources: Defrag Tools: #24 - WinDbg - Critical Sections Defrag Tools: #25 - WinDbg - Events Defrag Tools: #26 - WinDbg - Semaphores, Mutexes and Timers
In this episode of Defrag Tools, Andrew Richards and Chad Beeder are joined by Aaron Margosis, the co-author of the Sysinternals book -- now in its 2nd Edition!
In this episode of Defrag Tools, Andrew Richards and Chad Beeder are joined by Aaron Margosis. We talk about the Security Baseline for Windows 10. We also look at the Policy Analyzer and Local Group Policy Objects (LGPO) tools.
In this episode of Defrag Tools, Chad Beeder is joined by Jeffrey Tippet from the Windows Networking team to talk about how to debug networking problems in NDIS (Network Driver Interface Specification) using the !ndiskd debugger extension in WinDbg.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder delve into the way the Shell uses the registry to provide the Right-Click behavior of a (File Explorer) Folder. We add sub-menus to the Directory context menu, allowing a Command Prompt or PowerShell prompt to be opened in the current folder, either elevated and non-elevated. The registry file created is provided on Andrew's MSDN blog (Where in the API is Andrew Richards?), and the Defrag Tools OneDrive.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder are joined by Alex Ionescu and Pavel Yosifovich, authors of the Windows Internals 7th Edition Part 1 book. We talk to Alex in the Channel 9 Studio and to Pavel over Skype from Israel. We cover the history of the Windows Internals book series, Alex's involvement in writing the 6th Edition and their co-authorship of the 7th Edition. The Windows Internals 7th Edition Part 1 is based on Windows 10 Curators Update, and is a must-have for any Troubleshooter or Developer! The Part 1 book covers: Understand Windows system architecture and its most important entities, such as processes and threads Examine how processes manage resources and threads scheduled for execution inside processes Observe how Windows manages virtual and physical memory Dig into the Windows I/O system and see how device drivers work and integrate with the rest of the system Go inside the Windows security model to see how it manages access, auditing, and authorization, and learn about the new mechanisms in Windows 10 and Windows Server 2016
In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about the new features of Sysinternals ProcDump v9.0 Multiple Dumps per trigger in multiple Dump Sizes: -mm Write a 'Mini' dump file. (default) Includes the Process, Thread, Module, Handle and Address Space info -ma Write a 'Full' dump file. Includes All the Image, Mapped and Private memory -mp Write a 'MiniPlus' dump file. Includes all Private memory and all Read/Write Image or Mapped memory. To minimize size, the largest Private memory area over 512MB is excluded. A memory area is defined as the sum of same-sized memory allocations. The dump is as detailed as a Full dump but 10%-75% the size. Note: CLR processes are dumped as Full (-ma) due to debugging limitations -mc Write a 'Custom' dump file. Include memory defined by the specified MINIDUMP_TYPE mask (Hex). -md Write a 'Callback' dump file. Include memory defined by the MiniDumpWriteDump callback routine named MiniDumpCallbackRoutine of the specified DLL -mk Also write a 'Kernel' dump file. Includes the kernel stacks of the threads in the process. OS doesn't support a kernel dump (-mk) when using a clone (-r). When using multiple dump sizes, a kernel dump is taken for each dump size Kernel Dump Support: Complete Thread Stack – Kernel & User Open the User and Kernel Dumps in separate debuggers Match the TIDs from the User Dump, with the TIDs from the Kernel Dump, to get the entire stack Awesome tool for hang debugging! Debugging the Kernel Dump Dump includes the kernel stack (memory) of every thread in the process (Running, Ready or Idle) Dump has the Process PID and each Thread TID. There is no PEB or TEB information. View the Kernel Call Stack for each Thread in the Process: !process -1 17 Debugging the User Dump View the User Call Stack for each Thread in the Process (e.g.): ~*k !pde.deep
In this episode of Defrag Tools, Andrew Richards and Chad Beeder walk through the process of manually creating a full memory dump via the keyboard. This is useful when you want to capture the state of the operating system. For example, to debug a hang.
In this episode of Defrag Tools, Graham McIntyre joins Andrew Richards and Chad Beeder to talk about the new Active Memory Dump type. This new kernel dump size replaces the Complete Memory Dump type, and although much smaller, is equally as useful.
In this episode of Defrag Tools, Chad Beeder and Andrew Richards are joined by Paresh Maisuria from the Windows Kernel Power team and Zach Holmes from the Fundamentals team to talk about System Power Report, a new feature in Windows 10 Creators Update.
In this episode of Defrag Tools, Chad Beeder is joined by Tim Misiak and Andy Luhrs to introduce WinDbg Preview, a new version of the WinDbg tool.
In this episode of Defrag Tools, Chad Beeder is joined by Nickolay Ratchev and Tim Misiak to show off some features of WinDbg Preview, a new version of the WinDbg tool.
In this episode of Defrag Tools, we continue our series on the new WinDbg Preview. Andrew Richards is joined by Bill Messmer to talk about the updated scripting engine.
In this episode of Defrag Tools, Chad Beeder is joined by James Pinkerton and Ivette Carreras to introduce a new feature of WinDbg Preview: Time Travel Debugging (TTD).
In this episode of Defrag Tools, Andrew Richards is joined by JCAB (Juan Carlos Arevalo Baeza) and Jordi Mola from the Windows Debugger team to demonstrate some more advanced usage of a new feature of WinDbg Preview: Time Travel Debugging (TTD).
In this episode of Defrag Tools, Chad Beeder and Andrew Richards talk to Marc Goodner and Reid Borsuk about the maker community at Microsoft, and the cool Ninjacat statue they built. Make sure to watch to the end to see all of its, shall we say... special features!
In this episode of Defrag Tools, Chad Beeder and Andrew Richards talk about what tech you could buy on Cyber Monday. We talk about USB Sticks, USB Cables, MicroSD Readers, International Power Adapters, Charging Stations, UPS Backup, Network Testers, Memory Sticks, Disk Drives, Drive adapters, Xbox Live, Xbox Game Pass, ... and many more things. For Intel Product Specs (to determine supported RAM, etc.), refer to http://ark.intel.com (Apologies for Andrew's poor voice)
Announcing the Inside Show, the show that takes you inside Windows! Inside covers Windows Features, Windows Internals, Exception Codes, Bugcheck Codes and Debugger Commands. Each episode is just 5 minutes, with no specific order between episodes. Watch the Welcome video! For longer topics (15-30min), we'll continue to cover them on Defrag Tools in 1 or more parts. Email questions, comments and requests to InsideShow@microsoft.com and DefragTools@microsoft.com
In this episode of Defrag Tools, Chad Beeder is joined by Jorge Novillo and Ojasvi Choudhary to discuss the Performance Power Slider in Windows 10. We discuss how it works, how hardware partners can customize it, and how users can adjust some of its settings.
In this episode of Defrag Tools, we talk about HRESULT based Error Codes. The 32bits in the HRESULT have meanings, allowing the reader to gain additional insights into the error.
In this episode of Defrag Tools, we talk about Windows Update and Windows Setup. We describe the different technologies, what each does to download the software, prepare the installation, and finish the installation. In the next episode, we'll dive deep into the logs, showing you how to troubleshoot an installation issue.
In this episode of Defrag Tools, we talk about the Windows Upgrade Log files. The "Panther" logs track the installation of a Windows Upgrade. The logs contain Information, Warnings and Errors. Not all errors are fatal, the trick is to look at only the (last) fatal error if an upgrade fails. The logs pre/post upgrade can be found in: \$Windows.~bt\sources\panther \$Windows.~bt\Sources\Rollback \Windows\Panther \Windows\Panther\NewOS You can review the logs manually, or use SetupDiag.
In this episode of Defrag Tools, we continue talking about the Windows Upgrade Log files. We delve into the Application and Device Inventory Files, that describe application compatibility issues between OS Releases. The logs pre/post upgrade can be found in: \$Windows.~bt\sources\panther \$Windows.~bt\Sources\Rollback \Windows\Panther \Windows\Panther\NewOS You can review the logs manually, or use SetupDiag.
In this episode of Defrag Tools, we geek out on our favorite Command Prompt commands. Command covered: where.exe - Where Shows where a executable/script is on the PATH environment variable where notepad.exe ipconfig.exe - IP Configuration IP Address Configuration - Basic ipconfig IP Address Configuration - Advanced/All ipconfig /all IP Address Renewal/Reset ipconfig /flushdns ipconfig /release ipconfig /renew ipconfig /registerdns findstr.exe - Find String /s - Sub Directories /n - Line Number /p - Search Pattern. e.g. Foo*Bar to match: Footastic Barcode /c - Escaped characters. e.g. /c:"\"Foo\" Bar" to find the text: "Foo" Bar
In this episode of Defrag Tools, we discuss Windows Defender Application Guard, a great security feature in the Edge browser which allows you to easily run browser sessions in a virtual machine.
In this episode of Defrag Tools, Chris Jackson, the "App Compat Guy" (@appcompatguy), joins us to discuss Windows Defender Advanced Threat Protection (ATP) - a unified platform for preventative protection, post-breach detection, automated investigation, and response. Defender ATP can be used to automatically investigate alerts and remediate complex threats in minutes. We delve into the Windows Defender Security Center, and perform Kusto queries to discover security events for the associated enterprise.
In this episode of Defrag Tools, Aaron Margosis joins us to discuss AaronLocker - a set of scripts that help you configure AppLocker. AppLocker restricts application execution, auditing or protecting your system from unwanted/malicious software. We delve into the abilities of AppLocker, what the AaronLocker scripts automate, and see what it looks like when an application is blocked..
Beschreibung In this episode of Defrag Tools, Chris Jackson, the "App Compat Guy" (@appcompatguy), joins us to discuss Windows Desktop App Assure - a program for eligible customers and partners to access FastTrack Specialists who provide advisory and remediation guidance on deploying Windows 10 and Office 365 ProPlus - notably Application Compatibility. We delve into some examples that the program has diagnosed and show some of the tools the specialists (and yourselves) can use to determine the root cause.
To celebrate the 200th episode of Defrag Tools, three Microsoft Legends join us in the Channel 9 Studios, with a live studio audience, for a Game Show! Questions range from campus trivia, all the way through to obscure command switches. Raymond Chen, KC Lemson and Larry Osterman have all been at Microsoft for decades and have many stories to tell... so many that we needed two parts. So you don't have to wait, both parts are available for binging straight away!
In this episode of Defrag Tools, Paula Januszkiewicz from CQURE, joins us to discuss Information Security (InfoSec). We talk about what InfoSec is, how to get started, what the role entails, and how the profession is evolving. Twitter: @PaulaCqure