DebugPrivilege
LightNews LightNews
banner
debugger.bsky.social
DebugPrivilege
@debugger.bsky.social
210 followers 29 following 20 posts
Windows Nerd | Ex-MSFT | Microsoft MVP in Windows and Devices | Interested in Security, Debugging, and Troubleshooting.
Posts Media Videos Starter Packs
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · 4d
Just posted a write-up on a DC hang traced to a deadlock inside LSASS. I break down call stacks, the blocked threads, and how doing LDAP work in DllMain triggered the issue. medium.com/@Debugger/se...
Server hang explained: LSASS deadlock between mswsock and LoaderLock
TLDR: For weeks a customer saw random domain controllers freeze with no clear errors in Event Viewer. It looked like network timeouts and…
medium.com
Reposted by DebugPrivilege
patrickmatula.com
Patrick Matula @patrickmatula.com · 10d
Interesting memory dump analysis in WinDbg. I think it's very useful not to show only the "golden path" to the solution!
debugger.bsky.social DebugPrivilege @debugger.bsky.social · 12d
It turns out this analysis was incorrect, and someone pointed it out to me. I've redone the analysis, and it's now much improved. For Part 2, where I cover the true cause of the crash, please take a look here: medium.com/@Debugger/un...
1
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · 12d
New blog post: Bugcheck 0x154 that was related to Intel RST driver causing storage I/O failures. I walk through different debugging techniques I used to prove it, from following IRPs and MiWaitForInPageComplete to more shenanigans. medium.com/@Debugger/un...
UNEXPECTED_STORE_EXCEPTION (0x154) — Root Cause: Storage I/O Failure in iaStorAC.sys
TLDR: I initially thought the crash occurred during hibernation because the Intel graphics driver failed to power down the GPU. This…
medium.com
1
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · 12d
To be honest, I can't believe I missed this. The !analyze -v command was already pointing to the driver as the cause, but I ignored it. I guess I'll have to double-check more carefully next time, but I'm satisfied with the analysis I've done. 😅
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · 12d
It turns out this analysis was incorrect, and someone pointed it out to me. I've redone the analysis, and it's now much improved. For Part 2, where I cover the true cause of the crash, please take a look here: medium.com/@Debugger/un...
1 1 2
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · 26d
New blog post: Laptop froze on hibernate, because an Intel driver bailed during power transition and left a power IRP hanging. This can be an interesting one for those that are interested in how I maneuver through a crash dump and how I think, etc. medium.com/@Debugger/hi...
Hibernation crash traced to Intel GPU driver (igdkmdn64) during power transition
Today I’m digging into a crash dump that I can’t reproduce the issue unfortunately. Nothing obvious showed up in !analyze -v, but further…
medium.com
3
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · 29d
Of course the private symbols are not available, so the ETW traces might be difficult to read. Other than that, it collects relevant data though :-)
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · 29d
Anyone used the TSS Troubleshooting script from MSFT before? I saw an Escalation Engineer used it, so I'd thought it could be interesting to others as well. The use-case was troubleshooting LSASS high CPU on a DC... learn.microsoft.com/en-us/troubl...
2 1
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · Sep 13
Has anyone already ditched Twitter for Bluesky? I’m still more active on Twitter, but I’ve noticed some people have moved over to Bluesky.
4 4
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · Sep 12
Eww PowerShell.
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · Sep 12
New blog post of me analyzing a crash dump with the bugcheck 0x9F. Root cause was a power IRP timeout in RAS SSTP during a device removal. The post walks PnP locks, the stuck IRP, and more, including my thought process. Check it out here: medium.com/@Debugger/po...
Power IRP timeout in RAS SSTP causes Blue Screen 0x9F during sleep
We’ll first start with the !winde.infocommand, which tells us that this system is a Windows 10 version 19041 on an 8 core Intel machine…
medium.com
1 3
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · May 11
Ever tried VSS tracing? I’ve been using it to troubleshoot Volume Shadow Copy issues. It’s super useful but not widely known, so I wrote a quick blog post about it. medium.com/@Debugger/tr...
Troubleshooting Windows Volume Shadow Copy Service
When troubleshooting problems with Volume Shadow Copy Service (VSS) on Windows, event logs and error codes don’t always tell the full…
medium.com
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · Apr 7
Agreed. I still use Twitter though, but I've reduced my social media time a lot.
2
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · Apr 7
Yeah, same here :)
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · Apr 7
Is there anyone who completely ditched Twitter and now only uses Blue Sky? 😅
3 1
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · Feb 5
Always wanted to know how to use Time Travel Debugging (TTD) to record lsass.exe? Well, here you have a chance to go for it. I haven't seen much documentation online where this is discussed. github.com/DebugPrivile...
InsightEngineering/Time Travel Debugging (TTD)/2. TTD FAQ and Troubleshooting at main · DebugPrivilege/InsightEngineering
Hardcore Debugging. Contribute to DebugPrivilege/InsightEngineering development by creating an account on GitHub.
github.com
1
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · Jan 15
For those that are doing a lot of log analysis. textanalysistool.github.io is a free open-source tool that I've been using to analyze ESXi, Citrix, MpLogs, Teams support logs, etc. It can be useful when you deal with those raw format logs.
TextAnalysisTool.NET
TextAnalysisTool.NET: A program designed to excel at viewing, searching, and navigating large files quickly and efficiently.
textanalysistool.github.io
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · Jan 9
Who uses WinDbg as well in their daily work?
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · Jan 7
- No more pizza with pineapple
1
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · Jan 3
Interesting old blog post from MSRC where they are talking about their in-house tool called ''VulnScan'' to automate the triage and root cause analysis of memory corruption issues. It's built on top of WinDbg and Time Travel Debugging as well! msrc.microsoft.com/blog/2017/10...
VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues  | MSRC Blog | Microsoft Security Response Center California Consumer Privacy Ac...
The Microsoft Security Response Center (MSRC) receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause o...
msrc.microsoft.com
2
debugger.bsky.social
DebugPrivilege @debugger.bsky.social · Dec 31
Wishing everyone a Happy and Healthy 2025! 🎉- In case you missed it, I created a GitHub repository in 2024 covering Windows Debugging topics. It includes using tools like WinDbg to analyze memory dumps and more. If you're into Windows, check it out here: github.com/DebugPrivile...
GitHub - DebugPrivilege/InsightEngineering: Hardcore Debugging
Hardcore Debugging. Contribute to DebugPrivilege/InsightEngineering development by creating an account on GitHub.
github.com
1 7