In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to debug some kernel mode memory dumps. We investigate a kernel mode crash (BSOD), and a system hang. [00:00] Introduction - kernel mode vs. user mode debugging[02:18] Dump #1: minidump of a Stop 0xD1 (DRIVER_IRQL_NOT_LESS_OR_EQUAL)[03:24] Start with !analyze -v[04:58] Debugger help has comprehensive list of bug check codes[07:45] Do a web search for the functions on the stack[08:58] Most likely this crash is fixed by KB 3055343[10:22] Dump #2: Manually-generated crash dump of a system hang, submitted by Channel 9 viewer Tom[11:22] Dump was forced via keyboard: Forcing a System Crash from the Keyboard[12:15] !process 0 0 to list all running processes[14:33] Andrew's funny story about diagnosing a server performance problem on a DEC Alpha cluster[16:17] !process [address] 17 to see all the threads in a process (including user mode stacks)[19:50] !thread with no parameters to see what was running on this CPU[23:58] ~0 to switch to see what was running on processor 0[24:44] A storport thread has been trying to acquire a spin lock for a long time. Introduction to Spin Locks[29:05] !locks shows someone is holding IopDeviceTreeLock and PiEnginelock - some thread is doing Plug & Play work - bus re-enumeration[31:53] lmvm to look at the storage driver - looks pretty old. Check for updates.[33:22] !devnode 0 1 shows the device tree[36:10] Questions? Email us at [email protected]