Problem Module

Sometimes this pattern can help in troubleshooting. Problem modules (including process names) are components that due to their value adding behavior might break normal software behavior and therefore require some troubleshooting workarounds from minor configuration changes to their complete removal. Typical examples include memory optimization services⁷ for terminal services environments or hooksware⁸. We can see main process modules in the output of !vm or !process 0 0 WinDbg commands. lm command will list module names such as DLLs from a process memory dump, lmk command can give us the list of kernel space modules (for example, drivers) from kernel and complete memory dumps, and the following command lists all user space modules for each process in a complete memory dump:

!for_each_process ".process /r /p @#Process; lmu"

Of course we can also try various lm command variants if we are interested in timestamps and module information.

⁷ http://support.citrix.com/article/CTX128286

⁸ http://www.dumpanalysis.org/blog/index.php/2008/08/10/hooksware/