Chapter 18. Crashes
This chapter demonstrates the use of Sysinternals utilities to troubleshoot crashes. Procmon and ProcDump are the primary utilities here: Procmon primarily to show the file and registry operations that led up to the crash, and ProcDump to capture a detailed snapshot of the process’ state at the time of the crash. Autoruns is used to resolve a case in which the crash occurred during startup. The upcoming “Troubleshooting crashes” section describes general techniques for solving crashes, after which the following cases will illustrate those and other techniques:
“The Case of the Failed AV Update” demonstrates Autoruns’ Analyze ...
Get Troubleshooting with the Windows Sysinternals Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
