Load an alternate registry for debug - windows-ce

For debug purposes I'd like my WinCE device to load a different registry.
This shows how to load different dll or exe at debug time. But I wonder if it is possible to load an alternate (nonHive) registry. For starters, where does the device registry live? i.e. What file in the image(nk.bin) is the registry in?

Related

DLL not downloading in WinDbg when analysing crash-dump file

After failing to get DebugDiag to analyse crash-dump files it was suggested that I try using WinDbg instead.
The crash-dump files have been created on a Windows Server 2016 box, running my ASP.Net 4.5.2 web application on IIS-10. My ASP.Net web application contains several 3rd party components, with their individual DLLs.
I have copied the crash-dump files onto my Windows 10 development machine, and am running WinDbg locally instead of on the server.
The problem is... when I run !analyze -v in WinDbg on any of the crash-dump files, it effectively hangs while "Downloading file xxx.DLL" (xxx.DLL being the name of just one of the 3rd party component DLLs), and eventually cancels itself after a period of time.
I'm running WinDbg on the same machine that I built the website on in the first place... so is there a way of telling WinDbg that it can find the DLL in a particular location on the local machine?
I obviously don't have a .pdb file for any of the 3rd party components, and so I'm not bothered about it loading symbols for those DLLs... but either I somehow tell it to ignore those particular DLLs, or I tell it how to find them locally.
Can anybody point me in the right direction?
You don't have to analyze the dump file with !analyze -v.
If you need to load dll, then .load D:.... is enough.
To maunal analyze a dump file.
Please run .loadb sos clr to load debug module. If the crash server and your machine run different version of .net framework. Then you need to load sos.dll manually.
When you need to debug .net application in IIS, !mex extension is recommened.
https://www.microsoft.com/en-us/download/details.aspx?id=53304
You can load mex.dll via .load c:\.....\mex.dll
!mex.aspxpages can show all requests inside the process and their process
!mex.mthreads show the status of all threads
!mex.clrstack2 will show all exceptions and mananaged call stack in specific thread.
1.You can use ~* k to load the full call stack in all threads and !mex.mthreads check status.
Then you may find something like KERNELBASE!RaiseException in specific thread
2.Then go to this thread via threadid~ like 12~
3.Run !mex.clrstack2 and it will show the crash exception
Basically, no, you cannot speed up the process of loading symbols for DLLs where you don't have symbols. IMHO, the only way of speeding up the symbol process would be to disable the HTTP server, so that symbols are only searched on your local disk.
See also: How to set up symbols in WinDbg if you have not done this often.
Getting a HTTP 404 for those files should not take very long. However, it tries various file endings and pointers etc. Sometimes Microsoft servers are slow. Also, having a lot of 3rd party DLLs may sum up of course. That can be pretty anoying.
I'll start by saying I don't 100% understand everything I had to do, but here are the step I took to discover where the stackoverflow issue was in my application...
The majority of the information came from this blog.
On the server I added the following registry settings to create the crash dump files...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe]
"DumpCount"=dword:00000005
"DumpFolder"=hex(2):43,00,3a,00,5c,00,43,00,72,00,61,00,73,00,68,00,44,00,75,\
00,6d,00,70,00,73,00,5c,00,00,00
(The DumpCount is the number of files to store before it starts overwriting old ones - DumpFolder is where the files are to be saved, is a REG_EXPAND_SZ and in my case represents C:\CrashDumps\)
Waited for crashes to happen
Copied the crash files into a directory on my local machine called C:\WinDbg\CrashDumps\
Create another directory called C:\WinDbg\Symbols, into which I placed...
clr.dll (from the server, taken from C:\Windows\Microsoft.NET\Framework64\v4.0.30319\)
sos.dll (from the server, taken from C:\Windows\Microsoft.NET\Framework64\v4.0.30319\)
all .dll and .pdb files from my local development environment, including third party component .dll files
Installed WinDbg via Windows Store on my Windows 10 development machine
Ran windbgx -y c:\windbg\symbols via Run command (for some reason it's windbgx on my machine but maybe that's because it's via the Store rather than manual download)
In the file menu Open dump file and select one of the dump files in C:\WinDbg\CrashDumps
Ran the following commands...
.symfix
.reload
.load c:\windbg\symbols\sos.dll (see note 1 below)
!clrstack (see note 2 below)
Although this didn't give me all the information I expected, what it did show was that one of my 3rd party components was 100% to blame for the stackoverflow exception.
Note 1 - Lots of places I read said that .loadby sos clr should be used, but that just gave me The call to LoadLibrary(C:\ProgramData\Dbg\sym\clr.dll\5E7D1F3B9eb000\sos.dll) failed and I couldn't figure out how to fix it... so instead I've used .load c:\windbg\symbols\sos.dll.
Note 2 - The !clrstack command worked because WinDbg appeared to pre-select the thread that had the exception. The other option is to use ~*e !clrstack which will show you call stacks for ALL threads.

Why do I see azure function host for .NET startup with Debug=True when I published as release mode?

When I look at the startup logs for my azure .NET function, I see the following line:
Starting Host (HostId=my-function-app, Version=1.0.11015.0, ProcessId=8308, Debug=True, Attempt=0)
I have published the project in release mode and I cannot find out anywhere why this is being set. I am assuming this is not an issue with my function but for some reason the host is in debug mode. Is this expected behavior?
That Debug log doesn't mean your code or the Functions runtime host are running Debug builds. The "Debug" here refers to our own internal mode we use to determine whether the Azure Functions Portal has been connected recently. We track that so we can optimize things for connected debug/develop sessions, and when those sessions are disconnected, optimize for steady state.
So you don't have anything to worry about :)
Check your web.config file and make sure
<system.web>
<compilation debug="false" />
Even though your assemblies are in Release mode, the ASP.net runtime uses this setting to change its behavior. I can't find a current list of changes, but I know it includes serving .debug.js files and enabling additional validation and logging.

SMB Filesharing on Windows CE 6

I'm attempting to configure an SMB file sharing server on a Windows CE 6 device.
My initial attempts have mostly been with the desktop version of NK.exe.
When I start, SMB0: is running as smbserver.dll
I've set (hopefully) suitable registry values, and then re-started the SMBServer process:
services refresh SMB0:
However, I never see the service advertised when I attempt to attach an SMB client (for example, by looking for file shares in desktop windows, or attempting to connect an SMB client to the IP address of the WinCE device.
I wonder if it's necessary for the SMB registry settings to be available at boot time? My devices is NOT using a hive-based registry, so the registry settings aren't available a boot time. I'd hoped that refreshing the SMB server process would be enough to get file sharing going. That way, I can just set the registry values programatically in my application program, restart the SMB service, and not have to rebuild the kiosk NK.exe (the kiosk NK.exe seems to include the smbserver.dll - it was built by a not very competent third party, and the tools to rebuild it go back to Visual Studio 2005. It would be "interesting" to rebuild NK.exe).
Do I need to rebuild the OS to use a hive-based registry?
Any ideas?
My registry settings are all under HKEY_LOCAL_MACHINE:
Ident\Name "aName"
Ident\Desc, "A string"
Ident\OrigName "Another string"
\Services\Smbserver\SMB\Shares\VirtualRoot\Type Dword:0
\Services\Smbserver\SMB\Shares\VirtualRoot\Path "a valid path"
\Services\Smbserver\SMB\Shares\VirtualRoot\UserList "*"
\Services\Smbserver\AdapterList "*"
\Services\Smbserver\Keep DWord:0
\Services\Smbserver\Prefix "SMB"
\Services\Smbserver\Index DWord: 0
\Services\Smbserver\SHARES\UseAuthentication DWord:0L
As you can see, I've temporarily turned authentication off - I'm hoping to start by getting this to work in the CE desktop environment, and then add authentication, and getting it to work in the kiosk environment.
I'd be grateful for any help!
I would say you need to set "Keep"=dword:1 as per the MSDN docs:
Keep Default set to 1. If this is set to zero (0), the DLL will be
unloaded immediately after initialization.
The SMB server does not require a hive-based registry. We've used it on multiple projects with only a RAM-based registy.
For reference, these are the registry settings we use on CE 7 to expose the root folder as \\<IP address>\Root:
[HKEY_LOCAL_MACHINE\Services\SMBServer\Shares\Root]
"Path"=""
"Type"=dword:0
[HKEY_LOCAL_MACHINE\Services\SMBServer]
"AdapterList"="*"
"Keep"=dword:1
"Prefix"="SMB"
"Index"=dword:0
"DLL"="smbserver.dll"
"Order"=dword:12
[HKEY_LOCAL_MACHINE\Services\Smbserver\Shares]
"UseAuthentication"=dword:0
"NoSecurity"=dword:1
There's another issue at play here, which is that the Windows CE 6 SMB server default to using NTLM ver 1. Windows 7 and above, by default, require NTLM version 2.
In order for your Windows 7+ system to see the SMB share, it's necessary to modify the security policy:
On Windows 7, run secpol.msc, find Security Settings -> Local Policies -> Security Options. Look for LAN Manager Authentication Level, and set it to 'Send NTLM response only’

HP Load Runner is not invoking Browser for recording

I am new to HP Load Runner. I was trying to record a script on my Virtual Machine. However while trying to record script in action, Vugen does not hit the HTTP based application. I am able to access the application using Internet Explorer.
Has this combination ever worked or is this a new installation?
What recording options have you tried? (HTML, URL, Sockets, Proxy, ...)
What version of LoadRunner VUGEN?
What version of Internet Explorer
Have you tried a control site, such as the Flights Web application used as a part of the LoadRunner tutorial?
Have you tried a different browser?
Does this work on another machine? ( Look to differences to reconcile )
Have you satisfied all of the requirements for installation, including your credentials level on the host?
Do you have antivirus in the virtual machine which needs to be disabled?
Is VUGEN inside of the virtual machine instance with the browser or outside the virtual machine inside of the core operating system?
Seems like the default path for Internet Explorer(C:\Program Files\Internet Explorer\iexplore.exe) was incorrect in HP load Runner. After manually selecting the web browser at correct path(C:\Program Files (x86)\Internet Explorer\iexplore.exe), Load runner started to record the scripts.
Thanks all.

Getting Peformace Counter related error on Window Azure

I am facing some critical issue which might be interesting for whom , those who are playing with window azure sdk. I have created on EXE which read performance counter data like CPU, memory, asp.net session from system like
queryCollection = ExecuteWMIQuery("SELECT * FROM win32_perfformatteddata_perfdisk_physicaldisk");
and I have aded this EXE in startup task of simple asp.net application which i have uploaded on window Azure. Now when i connecting to RDP of that I can see following errors in my event log as per below.
Disabled performance counter data collection from the
"ASP.NET_64_2.0.50727" service because the performance counter library
for that service has generated one or more errors. The errors that
forced this action have been written to the application event log.
Correct the errors before enabling the performance counters for this
service.
======================================================================
Windows cannot open the 64-bit extensible counter DLL
ASP.NET_64_2.0.50727 in a 32-bit environment. Contact the file vendor
to obtain a 32-bit version. Alternatively if you are running a 64-bit
native environment, you can open the 64-bit extensible counter DLL by
using the 64-bit version of Performance Monitor. To use this tool,
open the Windows folder, open the System32 folder, and then start
Perfmon.exe.
So i am thinking that my EXE trying to fetch performance counter for 32 bit (win32 indicate that) and that will log above error.
So anyone here came across this type of issue , also if my guess is correct then is there any way to implement my EXE logic such way that it can be run smoothly in any environment(32 or 64 bit)?
Hope that this would remain interesting question here!!!
Thanks In Advance
Arun.
That is correct. IIS running in Azure is running 64-bit unless you change it to run 32-bit in a startup task. You could try building it with the Any CPU setting. But most likely the best way is to do something like what the sysinternal tools does. They will spawn a new process that runs in 64-bit mode when needed. Then you can handle both.
I encountered this error while migrating to a Azure VM.
Solved it by using the InstallUtil which is located in the Framework64 folder instead of the one in the Framework folder

Resources