2. Some dumb apps can fail when run on a subst'ed drive (such as Installer).
3. Windows crash dumps don't work unless you have enough virtual memory. They claim 16M is enough.
4. Once in a while I run Procmon and filter only for writes to see if there is any fucking rogue service that's thrashing my disk
(such as Indexing or Superfetch or any of that bloody rot). This time I found that IpHlpSvc was logging tons of shite. You can
disable it thusly :
5. The basic process for examining a crash dump is this :
Set symbol search path to :
(if you do it after loading the .dmp, then use the command ".reload" )
Load the .dmp, probably from "c:\windows\minidump"
command "lmv" will list drivers with info
6. Windows comes with a "driver verifier" (verifier.exe). It's pretty cool. If you enable all the checks on all your drivers, it will make your computer too slow to be usable. What I do is enable it for all the non-Microsoft drivers, and that seems to be fast enough to stand. What it does is sort of stress the drivers so that when one of them does something bad, you get a blue screen and crash dump rather than just a hard freeze with no ability to debug. It also enables lots of memory corruption and overrun checks on the drivers (it seems to force a debug allocator on them which puts gaurd pages around allocs, you may wind up with BSODs due to memory trashes even on a system that is apparently stable).
7. I wanted to reduce the number of drivers I had to examine to just the ones I actually use, and was somewhat
surprised to find almost a hundred drivers installed on my machine but disabled. The biggest culprit is USB;
every time you plug something in, it installs a custom driver and then you get it forever. You can get rid of them
open Device Manager
Menu -> View -> Show hidden devices
now you should see lots of crud ghosted out.