Friday, August 16, 2013

How to read a Windows memory.dmp

I just ran into BSOD’s on Win7 machines and I had the ‘opportunity’ to analyze a memory.dmp file today, so I thought I would post quick instructions on how to get a handy summary of the memory dump.

                                                        Photo Credit - Dominick Reed

It’s possible to debug remotely, and you may have requirements to do that.  My quick instructions here are for local debugging.  The debugging tools are very stable and if you install just what you need then they are small and a quick install. This can be accomplished with 6 easy steps:

Step 1. Obtain and install the debugging tools.  

All you need to install is the “Install Debugging Tools for Windows as a Standalone Component (from Windows SDK)” and during the install only select "Debugging Tools for Windows".  Everything else is used for more advanced troubleshooting or development, and isn’t needed here. 

Step 2. Run cmd.exe as admin and navigate to the debugging folder(C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\.  Type the following:

kd –z C:\Windows\memory.dmp (or the path to your .dmp file)

Step 3. Type the following:
.logopen c:\debuglog.txt

Step 4. Type the following:
.sympath srv*c:\symbols*

Step 5. Type the following:
.reload;!analyze -v;r;kv;lmnt;.logclose;q

Step 6You will now have a debuglog.txt in c:\, open it in notepad and read it carefully. I recommend looking out for PROCESS_NAME: X
You should type X into Google and find out what this process is related to. Whatever is causing the problem you should then install, remove, update, etc accordingly 

Usually the fault is with a hardware drivers of some sort, but there are many things that can cause crashes so the actual analyzing of the dump may take some research.

The steps above will provide you with a summary mostly-human-readable report from the dump.  There is much more information available in the memory dump although it gets exponentially more difficult to track down the details the further you get into windows debugging.

Tuesday, August 13, 2013

TRIM support on SSD and how to check if its working correctly.

Unlike normal rotating hard disk drives (HDDs), the SSD drive cannot overwrite existing data. This means that you first have to delete the old data before writing new one. This slow down the performance because the write process first has to delete the "marked up for deletion" data to make up the free space.

To solve this problem, SSD manufacturers and OS has added a new command support called "TRIM" which actually keeps deleting the marked up data. 

Verify the following things to check whether TRIM is working properly.

1. Check if TRIM is enabled from OS Side.
 On Win7/Win8 system run the below command 
"fsutil behavior query DisableDeleteNotify"
if the results if 0 it means TRIM is enabled from OS side and it will send the notification to SSD firmware when a new data is marked for deleted. 

2. Check whether your SSD supports the TRIM
There are couple of ways to check this. The easiest way I found is by using the free crysteldiskinfo tool -
         Run this and under feature look for TRIM and it’s not grayed out.

3. Use the trim check tool:

 TRIMcheck is a free utility and authored by Vladimir Panteleev from Moldova and is a current GIThub project.

 TRIMcheck will actually check and verify whether TRIM works or not.  This program has no GUI, it runs in a command prompt window.  You must copy it on the SSD that you are testing and run it twice, waiting at least 30 seconds to a minute between runs in order to ensure accurate results.  When executed for the first time it will write on specific locations on the SSD.  It will then delete the written data and exit. When you run it a second time a minute later, it will try to read the exact same locations. When TRIM works you’ll get zeroes on the sectors it wrote, plus a notification that TRIM works.  If the data is still there, you’ll be notified that TRIM is not working.  

File Folders Became Shortcuts or disappeared from USB - How to fix.

This happened just all of a sudden- I inserted my USB and all my 2 years of data turned in to a 2 KB shortcut.
Ever met similar folders become shortcuts sufferings with your drive? It seems that such problem can be seen here and there on removable disk drive such as USB flash drive, external hard disk, memory card etc. So who is supposed to be the problem maker? Yes, you guess it – can be the virus, trojans or worm..

Here is how to fix it:

1. First check if the data still exists. Insert the USB and  Enter this command attrib -h -r -s /s /d E:\*.* (assume your drive letter shows as E: under 'My Computer', do not forget to replace it if different).

This will un-hide the data and you should be able to see all your contents inside a folder.

2. For some reason if you still can not see the data - then download a file copy tool "ycopy" and it would help you copy all the hidden files.

3. Scan your drive for virus. Once you have a back, do a full format and copy your data back.

Friday, August 09, 2013

A workout schedule that actually works.

Phew.... Summer quarter Exams are over yesterday! And I am excited to be back on my morning gym workout routine. Here is the new schedule I put together and would stick to it for next 2 months. Basically, I have devided it in to three parts- A, B and C.  My idea is to cover all three parts at least once in a week.
In case if miss couple of days in between, I would still keep it in this sequence - Workout A, Workout B and Workout C and do not jump from Workout A to C.

Feel free to print it if you find it useful.

Workout A:

Workout B:

Workout C: