If Windows stops working and displays a blue screen, the computer has shut down abruptly to protect itself from data loss and displays a bug check code. For more information, see Bug Checks Blue Screens.
You analyze crash dump files that are created when Windows shuts down by using WinDbg and other Windows debuggers. For more information, see Crash dump analysis using the Windows debuggers WinDbg. In addition to the debuggers, Debugging Tools for Windows includes a set of tools that are useful for debugging. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Please rate your experience Yes No.
These are available to everyone. There are some concepts that go along with Debugging that are sometimes not addressed directly when we look at the topic of debugging itself. These concepts are extremely helpful when we start going through dumps and understand how to connect the dots.
Foundational knowledge really helps in this complex topic. If you really are interested in this topic, there is a wealth of information out there that can help with some of the background. Specifically the chapter on Memory Management and how this works. When talking about Dumps and Debugging, we are working with the contents of Memory. Understanding how memory works is extremely helpful. Note: Volume 6 Part 1 was just recently release, but it looks like the Memory Management pieces for Volume 6 will be in Part 2.
Having some development experience is also helpful. While you may not need to look at Code directly in a dump, you are looking at the results of code. Even when we are debugging a Managed. The above books are not for the feint of heart, but do provide a lot of great information.
I definitely recommend them for yours and will really help with regards to this topic. Here are some links to some core concepts that I will talk about below. These can be general pointers to help explain some of the items I talk about below. Memory Management. A dump is basically the contents of Memory written out to a file. The contents of this can vary depending on how the dump was generated.
A Kernel Dump is a dump of Windows itself, including all applications running on the system. A user mode dump is a dump created for a specific process i. Think of a Memory dump as a snapshot of that application.
You can then poke around and see what was in Memory at that point in time. A full dump is everything in memory for that process. This includes any modules that are loaded, Handle Tables, Thread stacks and other information that is application specific.
A mini dump only includes selected parts of the process and can be set with options when the dump is created. Have a look at the. SQL Server is a great example of this. They have another dump option that we refer to as a Filtered Dump. A filtered dump is really a Full dump but it excludes the memory region for the Buffer Pool. When we want a full dump, if we included the Buffer Pool, this could be really huge.
The Buffer Pool is probably pretty large. However, if we grab a Filtered Dump, this dump may only be GB in size. You can also have a Crash Dump or a Hang dump. A Crash dump is a dump triggered by an error or Exception. A Hang dump is a dump you manually invoke a dump.
This is great to see if what is going on if we are encountering a hang in the application, or you just want to poke around. Moving between threads is important in a dump. A Crash dump will typically open on the Thread where the exception was thrown, which is helpful. You can move around to other threads though. The 13 here indicates the current thread we are on from a context point of view.
So, if we a command like k, it is within the context of Thread Whenever you switch to a new thread, you will see the register information. You will then be in the context of that thread 5 in this case. There are different ways to debug a dump. This will install both the x64 and x86 version of WinDBG. I always have both on my system. You can technically use the x64 version of WinDBG with a 32bit process and make use of the.
I just stick to the same bitness when matching Debugger with Process to be safe. Also, KD for kernel debugging. VS is a great Debugger. Maybe not with a raw dump, but can help with live debugging an application you may have and give you insight. In this case, the additional memory is due to a header that my version of Windows adds to each memory allocation for management purposes. Different versions of Windows will provide different results.
The second call stack tells us that, as expected, we have a leak of FC4 bytes. Once again, we have an extra 36 bytes, which confirms my assumption regarding the allocation header. Once the leak site has been identified, the hardest part of the work is done. All you need to do is to check the code to see how to fix it so that it properly releases memory once it is no longer needed.
Spiria home page. Blog and discussions. We are hiring! We currently have 13 job openings. Check them out. View jobs. Enter your keyword When autocomplete results are available use up and down arrows to review and enter to select.
Memory-Related Bugs There are various types of memory-related problems; the following is a description of the two most common ones. Memory Leak Memory leak refers to a gradual loss of memory space due to memory blocks not being released when they are no longer needed.
Leaky applications will require more and more memory, until the program is shut down. Memory Corruption Memory corruption can occur in many situations, but is usually caused by programs writing at the wrong memory space. Activating call stack capture The simplest way to activate call stack capture for any given application is to use the Global Flags application, also provided with Debugging Tools for Windows. Happy debugging!
Share this article: Facebook Linkedin Twitter. Discover our success stories. Go to page.
0コメント