Mark Russinovich held a session today following on from his popular “case of the unexplained”. The session focussed on problems that are hard to diagnose with Windows.
Russinovich went through several examples of probems customers have sent direct to him and problems he has experienced himself at home or at work.
The main tools used were:
process explorer
process monitor
autoruns
strings
zoomit
windbg
Autoruns is a great way to check what is running at system start and far more powerful than msconfig. Russionvich demonstrated that you could disable processes that could not be found elsewhere in mscnfig or the registry.
Process explorer and monitor allow you to perform better analysis on specific processes and even the threads they are calling or have been called from. This allows you to work out exactly what is running on the system and what it depends on and how it started its life. Helpful for when you are troubleshooting issues.
Strings allows you to check information on DLLs that you might not be able to see otherwise to see if it is specific to a 3rd party manufacturer.
windbg allows you to analyse debug files and dumps from blue screens or application crashes. This ill let you work out if this is a known issue or specific to 3rd party manufacturers.
The session was the most popular yet and many of the seats in the room were taken 30 mins before the session was about to begin. Overall the session was a great insight into the workings of someone who has built many great applications and offered some memorable blog posts, namely the sony rootkit fiasco.
Mark Russinovich held a session today following on from his popular “case of the unexplained”. The session focussed on problems that are hard to diagnose with Windows.
Russinovich went through several examples of probems customers have sent direct to him and problems he has experienced himself at home or at work.
The main tools used were:
process explorer
process monitor
autoruns
strings
zoomit
windbg
Autoruns is a great way to check what is running at system start and far more powerful than msconfig. Russionvich demonstrated that you could disable processes that could not be found elsewhere in mscnfig or the registry.
Process explorer and monitor allow you to perform better analysis on specific processes and even the threads they are calling or have been called from. This allows you to work out exactly what is running on the system and what it depends on and how it started its life. Helpful for when you are troubleshooting issues.
Strings allows you to check information on DLLs that you might not be able to see otherwise to see if it is specific to a 3rd party manufacturer.
windbg allows you to analyse debug files and dumps from blue screens or application crashes. This ill let you work out if this is a known issue or specific to 3rd party manufacturers.
The session was the most popular yet and many of the seats in the room were taken 30 mins before the session was about to begin. Overall the session was a great insight into the workings of someone who has built many great applications and offered some memorable blog posts, namely the sony rootkit fiasco.