DBG211 - Windows Debugging and Performance Analysis

This seminar teaches you how to use the Windows debugging tools, Performance utility, Performance Toolkit, event logs, and other tools. These will be used to diagnose performance problems and resource issues, to isolate the causes of operating system failures and system hangs, and to debug application failures. 

Level: Intermediate

I.T. professionals (system administrators and support personnel); application, system software, and driver developers; system integrators; hardware OEMs


This seminar presents the Windows operating system from the point of view of problem analysis. We review key operating system principles, present a number of problem scenarios involving those principles, and show how to use the various monitoring and debugging tools to isolate and solve the problems. Significant portions of the seminar are spent on crash dump (“blue screen”) analysis and on use of the Windows Performance Toolkit. Other tools, such as SysInternals tools like VMmap and RAMmap, are included. 

Note: If you are primarily interested in debugging device drivers that you maintain, we encourage you to consider our Windows Driver Debugging and Crash Dump Analysis seminar (DRV211) instead of this one. 

  • Key Windows internals principles
  • Windows Performance Toolkit introduction
  • Collecting WPT traces - what to trace? 
  • Analyzing traces:
    • Memory-bound programs
    • I/O-bound programs
    • CPU-bound programs
    • Identifying resource-using services
    • "Hung" programs
    • Using trace events
  • Windows debugging tools introduction
  • Types of system failures
  • Causes of common stop codes
  • Interpreting stack traces: Call sequences and arguments
  • Understanding and using disassembly code
  • Analyzing system "hangs"
  • Live kernel debugging

This seminar builds on, and does not repeat, material presented in our Windows Internals seminars. All attendees must therefore have attended one of our Windows Internals seminars, or have equivalent experience. 

Operating systems supported: This seminar primarily addresses Windows 7 through Windows 10 and Windows Server 2012 R2. Most of the material is applicable to earlier versions of Windows. Earlier versions can be specifically addressed upon request. We will focus on 64-bit systems (x64)
Durations and formats: 3 days with labs
2 days lecture only

Labs for this seminar include a series of problem scenarios from carefully "bugged" systems and badly written programs, each requiring a different aspect of problem analysis. We will also look at problems found in actual live shipping code.