Day: April 6, 2011

Using User Dump utility to generate user process dump: Instructions for the  USERDUMP Utility: ========================== 1. Download user dump : http://support.microsoft.com/kb/241215 2. Run the Setup.exe program that comes with the Userdump tool.    This installs a kernel-mode driver Userdump.sys and also creates a      Control Panel applet called "Process Dump" 3. Open the control panel applet called "Process Dump" 4. Click the ‘New’ button and enter the name of the executable that you want to monitor     (you do not need to type in the full path…just the executable file name like spoolsv.exe) 5. Click OK 6. Highlight the name […]

Setting workstations for complete memory dump Manual: Right Click on My computer -> Properties -> Advanced -> Start and Recovery -> Settings –> Under Write Debugging Information drop down box, select Complete Memory Dump and click OK Registry Automation: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlCrashControl Key Type: REG_DWORD Key Name: CrashDumpEnabled Set this key to 1 for complete memory dump. Enable Winlogon logging on workstations Please follow below instructions to enable winlogon logging on machines: Value Path: HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{827D319E-6EAC-11D2-A4EA-00C04F79F83A} Value Name: ExtensionDebugLevel Value Type: REG_DWORD Value Data: 2 After enabling the logging here, you would get log file with the name as Winlogon.log file and […]

The most common exit codes are: 0 or 0x0: The operation completed successfully. 1 or 0x1: Incorrect function called or unknown function called. 10 or 0xa: The environment is incorrect. 0xC000013A: The application terminated as a result of a CTRL+C. NOTE: The C indicates an error condition. Reference: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=2911#