Windbg config & ways to create dump
Setting up Windbg for the first time and work easily with batch file trick.
- Install 32 bit/62bit version of windbg from the following site http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
- For debugging 32 bit use x86 windbg and for 64 bit use 64 bit to avoid confusion
- Allow to install default under Debugging tools for windows folder under program files folder
- run cmd.exe, goto: cd c:\program files\debugging tools for windows\
- Get the symbols downloaded, cmd> symchk.exe /q /ie myapplication.exe /s SRV*c:\websymbols\*http://msdl.microsoft.com/download/symbols;C:\progra~1\ Myapplication ~1\; This command may take a few minutes depending on ur internet connection.
- Create this batch file on the user’s desktop call it WinDBG.BAT and launch this AFTER myapplication is started.
@echo on
c:\progra~1\debugg~1\adplus.vbs -quiet -crash -pn myapplication.exe -o c:\crashfolder -y c:\websymbols;c:\progra~1\ Myapplication ~1\ -NoDumpOnFirst
Note: All the logs will be in c:\crash_folder directory on your local machine the logs will be automatically time stamped
What are the various option available to capture dumps of a crashing/froozen(hang) application in Windows?
1) Adplus
2) ProcDump – memory, high cpu http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx -command utility, simple to download
3) Windbg
4) CDB -p 6088 “exe * -c2
5) RightClick task manager in Win7/2008
6) using dbdiag – http://www.microsoft.com/en-in/download/details.aspx?id=26798 ( it runs even if restart the comp also ) -rules are powerful
7) Process explorer- right click
How to load extn for .NET 4 in windbg?
Extension: http://www.microsoft.com/en-us/download/details.aspx?id=21255
PSSCOR4 http://blogs.msdn.com/b/tom/archive/2011/04/28/now-available-psscor4-debugger-extension-for-net-4-0.aspx
0:000> lmvm clr
0:000> .loadby sos clr
0:000> !pe
Few cmds: 1) sxe av 2) sxd sv 3) sxe clr (attach to an application and run side by side) 4) sx -Com exception
What is Microsoft StreamInsight and its usefulness
Its’ a compliments with SQL Server, is a powerful platform that you can develop and deploy complex event processing(CEP) applications. It’s high-throughput stream processing architecture and the Microsoft .NET framework-based development platform enable you to quickly implement robust and highly efficient event processing applications.
Analyze and correlate data incrementally while the data is in-flight — that is, without first storing it–yielding very low latency. Aggregate seemingly unrelated events from multiple sources and perform highly complex analyses over time.
http://blogs.msdn.com/b/streaminsight/archive/2012/08/01/a-hitchhiker-s-guide-to-streaminsight-2-1-queries.aspx
Other products in the same category
StreamBase, Oracle CEP, ESPER(Open source), Tibco business events and few others
Some practical scenrions you can think of for this framework,
1) Real time risk monitoring- Continously monitor market conditions or manage risk across traders/desk or forward to further wf
2) Per-Trade compliance – Monitor trades as they are about to happen, apply compliance rules or forward to wf
3) Real time web analytics -continous analysis fo user behavior in the website, aggregate
4) Smart power grids- gather supplier/consumer behavior info, analyze demand vs supply and match on the fly
5) Algorithmic trading – react to patterns in financial market data, automated trading rules..
Final note: A practical example is, let say there is a cycle race happening and the top 10 bikers name and position keep changing every minute, on top of this you man require to prepare report on this standing data not stored in db or query over live data…
What is editbin /LARGEADDRESSAWARE and when to use.
This is been discussed already here EDITBIN used to modify object files, exe and dll.
editbin /LARGEADDRESSAWARE – used to edit the image to indicate that the application can handle addresses larger than 2 gigabytes.
by default, a x86/32 bit app can consume or memory allocated by OS is 2 GB in 32bit, where as in 64 bit it can go upto 8 TB.
If you have an application consuming huge memory and developed in 32 bit, then we can this option to increase the roam for more memory using this command.
32-bit application on 32-bit Windows: 2GB – > can be tweaked to 3 GB
32-bit application on 64-bit Windows: 2GB – > can be tweaked to 4 GB
64-bit application on 64-bit Windows: 8TB —- No change required.
>dumpbin.exe and editbin.exe.
To add – > editbin /LARGEADDRESSAWARE [application]
To remove it-> editbin /LARGEADDRESSAWARE:no [application]
To check: dumpbin /headers [application]
Windbg commands -Part 2
>NTSD,CDB,KD – from chm
>.sympath c:\symbols;c:\program files; ->To set/display display sympath
>.chain -> to see the list of extn
>.hh -> to load chm & .help /D (very useful one)
>.version
>vertarget
>.cls
>.lastevent
>.q, .restart
>.chain /D
>ld * (loaded modules)
>.sympath (to display the path)
>.symfix (this automatically point to http://msdl.microsoft.com/download/symbol
>.reload
>x*l (list all modules)
>!analyze (most used) -v, -hang, -f (switches)
>exr -1 (display most recent exception)
>lm (list modules)
>!runaway [flags:0|1|2] -> display info about time consumed by each thread(0-user time, 1-kernal time,2-time elapsed since thread creation)
>~*K -> call stack for all threads
>~!uniqstack
>!findstack kernel32 2 -> displays all stacks that contain “kernel32”
>.frame (show current frame)
>d* -> memory
>!heap -stat (dump heap handle list)
>!threads
userful links -> http://windbg.info/, C:\Program Files\Debugging Tools for Windows (x86)\debugger.chm, type simply .hh inside windbg cmd prompt
DUMPBIN, EDITBIN -> for header analysis
srv*[DOWNLOAD PATH LOCAL]*[SYMBOL SERVER LOCATION] -> for Downloading symbols
Symstore.exe ->Setting up private symbol store -> create own symbol server
IMAGE_FILE_LARGE_ADDRESS_AWARE http://msdn.microsoft.com/en-us/library/wz223b1z.aspx – setting 32 bit/64 bit target
Advanced Windbg-Part 1
Would like to share the key take away’s from my training provided by Microsoft. As you all know and read earlier here about Windbg. I’m going to talk about usage of Extension for more detailed debugging techniques.
What is sosex.dll and how to load as windbg extensions?
It’s a quite useful exten to debug deadlock related issues deeply, you can download here http://www.stevestechspot.com and copy the downloaded file to your windbg exe folder and call .load sosex.dll from windbg command prompt. Here is some of the handy commands ready to use.
> load sosex.dll (Load first this dll as extension)
>.chain ( to see whether added to the extension list)
>!dlk (to check the deadlock situation)
>~* e !clrstack to view the CLR stack of all the threads and where they are
>~<ThreadId> e !clrstack to view the CLR stack of that thread.
>!rwlock
> !finq
here is the full command list for sosex & sos.dll
Starting, Attaching, Executing and Exiting
Start -> All Programs -> Debugging Tools for Windows -> WinDbg | |
F6 | attach to process |
Ctrl-Break | interrupt debugee |
.detach | detach from a process |
g | continue debugee execution |
q | exit WinDbg |
Getting Help
? | help on commands that affect the debugee |
.help | help on commands that affect the debugger |
.hh command | view the on line help file |
!help | help on the extension dll at the top of the chain (e. g., SOS) |
Issuing Commands
up arrow, down arrow, enter | scroll through command history |
Right mouse button | paste into command window |
Examining the Unmanaged Environment
lmf | list loaded modules with full path |
lmt | list loaded modules with last modified timestamp |
~ | list unmanaged threads |
~thread s | select a thread for thread specific commands |
!token -n | view thread permissions |
k | view the unmanaged call stack |
!runaway | view thread CPU consumption |
bp | set a breakpoint |
.dump path | dump small memory image |
.dump /ma path | dump complete memory image |
Working with Extension DLLs (e. g., SOS)
.chain | list extensions dlls |
.load clr10\sos | load SOS for debugging framework 1.0 / 1.1 |
.unload clr10\sos | unload SOS |
.loadby sos mscorwks | load SOS for debugging framework 2.0 |
SOS Commands
!threads | view managed threads |
!clrstack | view the managed call stack |
!dumpstack | view combined unmanaged & managed call stack |
!clrstack -p | view function call arguments |
!clrstack –l | view stack (local) variables |
!name2ee module class | view addresses associated with a class or method |
!dumpmt –md address | view the method table & methods for a class |
!dumpmd address | view detailed information about a method |
!do address | view information about an object |
!dumpheap –stat | view memory consumption by type |
!dumpheap –min size | view memory consumption by object when at least size |
!dumpheap –type type | view memory consumption for all objects of type type |
!gcroot address | view which object are holding a reference to address |
!syncblk | view information about managed locks |
SOS 2.0 Commands
!bpmd module method | set breakpoint |
!DumpArray address | view contents of an array |
!PrintException | view information about most recent exception |
-
Recent
- The ID token is not yet valid. Make sure your computer’s time and time zone are both correct. Current epoch = 1689517128
- .NET Core – How to create a .NET GUI app which runs across the platform
- AKS 2022 updates
- Linux firewall and connectivity issues
- Microsoft Ignite (Sep22-24) event recap & On-demand sessions
- [Linux] Steps to install and configure sysstat package for monitoring.
- Azure Security Enablement – Centralized place for all the links
- Presenting tech session with stories [linkedin learning notes]
- gRPC using .NET core notes
- .NET in 2020 (Build recap)
- #KubeCon CNCF – North America 2019 watchlist
- AKS CLI Sheetcheat for the labs
-
Links
You must be logged in to post a comment.