"Fortunate are those who take the first steps.” ― Paulo Coelho

Windbg config & ways to create dump

Setting up Windbg for the first time and work easily with batch file trick.

  1. Install 32 bit/62bit version of windbg from the following site
  2. For debugging 32 bit use x86 windbg and for 64 bit use 64 bit to avoid confusion
  3. Allow to install default under Debugging tools for windows folder under  program files folder
  4. run cmd.exe, goto: cd c:\program files\debugging tools for windows\
  5. Get the symbols downloaded, cmd> symchk.exe /q /ie myapplication.exe /s SRV*c:\websymbols\*;C:\progra~1\ Myapplication ~1\;  This command may take a few minutes depending on ur internet connection.
  6. Create this batch file on the user’s desktop call it WinDBG.BAT and launch this AFTER myapplication is started.

@echo on

c:\progra~1\debugg~1\adplus.vbs -quiet -crash -pn myapplication.exe -o c:\crashfolder -y c:\websymbols;c:\progra~1\ Myapplication ~1\ -NoDumpOnFirst

Note: All the logs will be in c:\crash_folder directory on your local machine the logs will be automatically time stamped

What are the various option available to capture dumps of a crashing/froozen(hang) application in Windows?

1) Adplus
2) ProcDump – memory, high cpu -command utility, simple to download
3) Windbg
4) CDB -p 6088 “exe * -c2
5) RightClick task manager in Win7/2008
6) using dbdiag – ( it runs even if restart the comp also ) -rules are powerful
7) Process explorer- right click

How to load extn for .NET 4 in windbg?


0:000> lmvm clr
0:000> .loadby sos clr
0:000> !pe

Few cmds: 1)  sxe av 2) sxd sv 3) sxe clr (attach to an application and run side by side) 4) sx -Com exception


September 15, 2012 Posted by | windbg | Leave a comment

What is Microsoft StreamInsight and its usefulness

Its’ a compliments with SQL Server, is a powerful platform that you can develop and deploy complex event processing(CEP) applications. It’s high-throughput stream processing architecture and the Microsoft .NET framework-based development platform enable you to quickly implement robust and highly efficient event processing applications.

Analyze and correlate data incrementally while the data is in-flight — that is, without first storing it–yielding very low latency. Aggregate seemingly unrelated events from multiple sources and perform highly complex analyses over time.

Other products in the same category
StreamBase, Oracle CEP, ESPER(Open source), Tibco business events and few others

Some practical scenrions you can think of for this framework,
1) Real time risk monitoring- Continously monitor market conditions or manage risk across traders/desk or forward to further wf
2) Per-Trade compliance – Monitor trades as they are about to happen, apply compliance rules or forward to wf
3) Real time web analytics -continous analysis fo user behavior in the website, aggregate
4) Smart power grids- gather supplier/consumer behavior info, analyze demand vs supply and match on the fly
5) Algorithmic trading – react to patterns in financial market data, automated trading rules..

Final note: A practical example is, let say there is a cycle race happening and the top 10 bikers name and position keep changing every minute, on top of this you man require to prepare report on this standing data not stored in db or query over live data…

September 15, 2012 Posted by | .NET General | Leave a comment

What is editbin /LARGEADDRESSAWARE and when to use.

This is been discussed already here  EDITBIN used to modify object files, exe and dll.

editbin /LARGEADDRESSAWARE – used to edit the image to indicate that the application can handle addresses larger than 2 gigabytes.

by default, a x86/32 bit app can consume or memory allocated by OS is 2 GB in 32bit, where as in 64 bit it can go upto 8 TB.

If you have an application consuming huge memory and developed in 32 bit, then we can this option to increase the roam for more memory using this command.

32-bit application on 32-bit Windows: 2GB – > can be tweaked to 3 GB
32-bit application on 64-bit Windows: 2GB – > can be tweaked to 4 GB
64-bit application on 64-bit Windows: 8TB —- No change required.

>dumpbin.exe and editbin.exe.

To add – > editbin /LARGEADDRESSAWARE [application]
To remove it-> editbin /LARGEADDRESSAWARE:no [application]

To check: dumpbin /headers [application]

September 6, 2012 Posted by | windbg | 1 Comment

Windbg commands -Part 2

>NTSD,CDB,KD – from chm
>.sympath c:\symbols;c:\program files; ->To set/display display sympath
>.chain -> to see the list of extn
>.hh -> to load chm & .help /D (very useful one)
>.q, .restart
>.chain /D
>ld * (loaded modules)
>.sympath (to display the path)
>.symfix (this automatically point to
>x*l (list all modules)
>!analyze (most used) -v, -hang, -f (switches)
>exr -1 (display most recent exception)
>lm (list modules)
>!runaway [flags:0|1|2] -> display info about time consumed by each thread(0-user time, 1-kernal time,2-time elapsed since thread creation)
>~*K -> call stack for all threads
>!findstack kernel32 2 -> displays all stacks that contain “kernel32”
>.frame (show current frame)
>d* -> memory
>!heap -stat (dump heap handle list)

userful links ->, C:\Program Files\Debugging Tools for Windows (x86)\debugger.chm, type simply .hh inside windbg cmd prompt
DUMPBIN, EDITBIN -> for header analysis
srv*[DOWNLOAD PATH LOCAL]*[SYMBOL SERVER LOCATION] -> for Downloading symbols
Symstore.exe ->Setting up private symbol store -> create own symbol server
IMAGE_FILE_LARGE_ADDRESS_AWARE – setting 32 bit/64 bit target

September 5, 2012 Posted by | windbg | Leave a comment

Advanced Windbg-Part 1

Would like to share the key take away’s from my training provided by Microsoft. As you all know and read earlier here about Windbg. I’m going to talk about usage of Extension for more detailed debugging techniques.

What is sosex.dll and how to load as windbg extensions? 

It’s a quite useful exten to debug deadlock related issues deeply,  you can download here  and copy the downloaded file to your windbg exe folder and call .load sosex.dll from windbg command prompt. Here is some of the handy commands ready to use.
> load sosex.dll  (Load first this dll as extension)
>.chain ( to see whether added to the extension list)
>!dlk (to check the deadlock situation)
>~* e !clrstack to view the CLR stack of all the threads and where they are
>~<ThreadId> e !clrstack to view the CLR stack of that thread.
> !finq

here is the full command list for sosex & sos.dll 

Starting, Attaching, Executing and Exiting

Start -> All Programs -> Debugging Tools for Windows -> WinDbg
F6 attach to process
Ctrl-Break interrupt debugee
.detach detach from a process
g continue debugee execution
q exit WinDbg

Getting Help

? help on commands that affect the debugee
.help help on commands that affect the debugger
.hh command view the on line help file
!help help on the extension dll at the top of the chain (e. g., SOS)

Issuing Commands

up arrow, down arrow, enter scroll through command history
Right mouse button paste into command window

Examining the Unmanaged Environment

lmf list loaded modules with full path
lmt list loaded modules with last modified timestamp
~ list unmanaged threads
~thread s select a thread for thread specific commands
!token -n view thread permissions
k view the unmanaged call stack
!runaway view thread CPU consumption
bp set a breakpoint
.dump path dump small memory image
.dump /ma path dump complete memory image

Working with Extension DLLs (e. g., SOS)

.chain list extensions dlls
.load clr10\sos load SOS for debugging framework 1.0 / 1.1
.unload clr10\sos unload SOS
.loadby sos mscorwks load SOS for debugging framework 2.0

SOS Commands

!threads view managed threads
!clrstack view the managed call stack
!dumpstack view combined unmanaged & managed call stack
!clrstack -p view function call arguments
!clrstack –l view stack (local) variables
!name2ee module class view addresses associated with a class or method
!dumpmt –md address view the method table & methods for a class
!dumpmd address view detailed information about a method
!do address view information about an object
!dumpheap –stat view memory consumption by type
!dumpheap –min size view memory consumption by object when at least size
!dumpheap –type type view memory consumption for all objects of type type
!gcroot address view which object are holding a reference to address
!syncblk view information about managed locks

SOS 2.0 Commands

!bpmd module method set breakpoint
!DumpArray address view contents of an array
!PrintException view information about most recent exception

This slideshow requires JavaScript.

September 5, 2012 Posted by | windbg | Leave a comment


%d bloggers like this: