Share your Sysinternals stories!

Heather_Poulsen  My favorite is tool is procdump. Actually I am an even bigger fan of ETW (Event Tracing for Windows) to catch hard performance issues (see https://aloiskraus.wordpress.com/

This combines the best of both worlds. Memory dumps capture everything at one instant of time while ETW captures the evolution over time but you do not know the internal state. This enables analysis like the case where an application was loosing data received over the network. After ruling out networking issues I was taking memory dumps when the issue did appear and also ETW Tracing at the same time. The ETW Tracing showed a 90s hang where nothing happened followed by a SQLLite Database lock exception. The memory dump showed that the SQL connection (https://github.com/rodneyviana/netext by the way is the best managed debugging Windbg extension) has a 30s connect timeout with 3 retries. Combining both information sources showed that a deadlock in the database handling was the actual culprit. Without having both it would have been nearly impossible to come to the same conclusion. Traversing source control for recent changes in the database locking code showed that there was a change made which did cause the deadlock. Problem solved. Thanks not only to SysInternals but also to the Windows Kernel guys adding more and more observability gems into Windows!

PS: I am not at LinkedIn nor Twitter. I find the price drawing rules not very inclusive.