Advanced Windows Debugging

1,049 views
919 views

Published on

How to find out production issues? Where to look for errors when application crashes in live environment? How to Visual Studio 2010 for replicating post mortem scenarios in difficult to reproduce errors? Using Source server, PDB symbols in old fashioned way for new age WCF services.

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,049
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
48
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Advanced Windows Debugging

  1. 1.  Mario Hewardt  Daniel Pravat Senior Development Lead Senior Development Lead Microsoft Corporation Microsoft Corporation …and we approve this message
  2. 2. We Need Reliable Software    
  3. 3.   AWD PDC 2008 Feedback/Questions
  4. 4. Open source codeSource: Coverity White Paper
  5. 5. with examples      
  6. 6.  http://www.microsoft.com/whdc/devtools/debug ging/default.mspx
  7. 7.      
  8. 8.     
  9. 9. 
  10. 10.  Daniel Pravat
  11. 11. 
  12. 12.              
  13. 13.  Daniel Pravat
  14. 14.             
  15. 15.  Daniel Pravat
  16. 16.  Daniel Pravat
  17. 17. Thread 0 cs_DB1 Acquisition order cs_DB1 is reversed The length may be No progress different = Deadlock A,B,C = OK B,C = OK A,B = OK A,C = OKThread 1 cs_DB2 B,C,A = Deadlock
  18. 18. 
  19. 19. Remote Test Test client Test SystemTest SystemTest System Smart System Systems client Sources Symbols Sources
  20. 20.  Daniel Pravat
  21. 21. 09async.exeDisplayError calls  There is another thread smashing Sleep the stackReturn address is  How to catch this async saved operation? Sleep calls  What are the implications of this SleepEx bug?Return address is  Can the execution be controlled? changed to X saved  Can this execution be prevented? …  Welcome NX bitExecution starts at X
  22. 22. 
  23. 23. Daniel Pravat
  24. 24. Build a Extract Index Publish Use new public symbols symbols symbolsversion symbols
  25. 25.      
  26. 26. 
  27. 27.         
  28. 28. 
  29. 29.  Store the Extract the information Build a new Publish Use the source file required to version symbols symbols list retrieve the file from SC
  30. 30. 
  31. 31. C:>pdbstr –r –p:%_NT386TREE%sym.priretailexe03sample.pdb –s:srcsrvSRCSRV: ini ------------------------VERSION=1INDEXVERSION=2VERCTRL=Visual Source SafeDATETIME=Mon Jan 8 00:04:15 2007SRCSRV: variables ---------------------SSDIR=C:AWDVSSSRCSRVENV=SSDIR=%AWD%VSSTRGDIR=%targ%%var2%%fnbksl%(%var3%)%var4%VSS_EXTRACT_CMD=ss.exe get -GL”%vsstrgdir%” -GF- -I-Y -W “$/%var3%” -V”%var4%”VSS_EXTRACT_TARGET=%targ%%var2%%fnbksl%(%var3%)%var4%%fnfile%(%var1%)AWD=C:AWDVSSSRCSRVTRG=%VSS_extract_target%SRCSRVCMD=%VSS_extract_cmd%SRCSRV: source files --------------------c:awdchapter3spydbg.cpp*AWD*chapter3/spydbg.cpp*VERSION1SRCSRV: end ------------------------
  32. 32. 
  33. 33.       
  34. 34.    
  35. 35.  
  36. 36. 
  37. 37.    
  38. 38. 
  39. 39.    
  40. 40. CreateEvent( … …); WIN32 APIUserKernel Header Ref Count Obj Count Object Event 1 1 <addr> EPROCESS 1 1 <addr> Header 3 1 <addr> Mutant
  41. 41. HANDLE hFile=CreateFile( pWorkerData->pszFileName, FILE_READ_DATA, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);// Use file handleCloseHandle(hFile);
  42. 42.       
  43. 43. No Done Leak? Type ofresource Initial AnalysisUse toolsAvoidance Strategy
  44. 44. Mario Hewardt
  45. 45. Mario Hewardt
  46. 46. Mario Hewardt
  47. 47. 
  48. 48. ApplicationDefault C RuntimeProcess Other Heaps Heap Heap Heap Manager Virtual Memory Manager
  49. 49. BYTE* pMem=(BYTE*) HeapAlloc(GetProcessHeap(), 0, 100);// Use memoryHeapFree(GetProcessHeap(), 0, pMem);
  50. 50.         
  51. 51. Mario Hewardt
  52. 52. Mario Hewardt
  53. 53.   
  54. 54.  
  55. 55. 
  56. 56.  Web DatabaseWeb client Middle tier front-end back-end
  57. 57.    
  58. 58.   
  59. 59. The User Identity (principal)       
  60. 60. 0:000> !token 7bc -nTS Session ID: 0User: S-1-5-21-1060284298-2111687655-1957994488-1003 (User: XP-SP2TestAdmin)Groups:00 S-1-5-21-1060284298-2111687655-1957994488-513 (Group: XP-SP2None)Attributes - Mandatory Default Enabled01 S-1-1-0 (Well Known Group: localhostEveryone)Attributes - Mandatory Default Enabled02 S-1-5-32-544 (Alias: BUILTINAdministrators)Attributes - Mandatory Default Enabled Owner03 S-1-5-32-545 (Alias: BUILTINUsers)Attributes - Mandatory Default Enabled04 S-1-5-4 (Well Known Group: NT AUTHORITYINTERACTIVE)Attributes - Mandatory Default Enabled05 S-1-5-11 (Well Known Group: NT AUTHORITYAuthenticated Users)Attributes - Mandatory Default Enabled06 S-1-5-5-0-35778 (no name mapped)Attributes - Mandatory Default Enabled LogonId07 S-1-2-0 (Well Known Group: localhostLOCAL)Attributes - Mandatory Default EnabledPrimary Group: S-1-5-21-1060284298-2111687655-1957994488-513 (Group: XP-SP2None)Privs:00 0x000000017 SeChangeNotifyPrivilege Attributes - Enabled Default01 0x000000008 SeSecurityPrivilege Attributes -...17 0x000000009 SeTakeOwnershipPrivilege Attributes -18 0x00000001e SeCreateGlobalPrivilege Attributes - Enabled Default19 0x00000001d SeImpersonatePrivilege Attributes - Enabled DefaultAuth ID: 0:1c3a8Impersonation Level: IdentificationTokenType: Impersonation
  61. 61. The Discretionary Access Control List (DACL)       
  62. 62. 0:000> !acl 000840acACL is:ACL is: ->AclRevision: 0x2ACL is: ->Sbz1 : 0x0ACL is: ->AclSize : 0x1cACL is: ->AceCount : 0x1ACL is: ->Sbz2 : 0x0ACL is: ->Ace[0]: ->AceType: ACCESS_ALLOWED_ACE_TYPEACL is: ->Ace[0]: ->AceFlags: 0x0ACL is: ->Ace[0]: ->AceSize: 0x14ACL is: ->Ace[0]: ->Mask : 0x00120089ACL is: ->Ace[0]: ->SID: S-1-1-0
  63. 63. kd> !sd 00084098->Revision: 0x1->Sbz1 : 0x0->Control : 0x8004SE_DACL_PRESENTSE_SELF_RELATIVE->Owner : S-1-5-18->Group : S-1-5-32-544->Dacl :->Dacl : ->AclRevision: 0x2->Dacl : ->Sbz1 : 0x0->Dacl : ->AclSize : 0x1c->Dacl : ->AceCount : 0x1->Dacl : ->Sbz2 : 0x0->Dacl : ->Ace[0]: ->AceType: ACCESS_ALLOWED_ACE_TYPE->Dacl : ->Ace[0]: ->AceFlags: 0x0->Dacl : ->Ace[0]: ->AceSize: 0x14->Dacl : ->Ace[0]: ->Mask : 0x00120089->Dacl : ->Ace[0]: ->SID: S-1-1-0->Sacl : is NULL
  64. 64. The Security Reference Monitor (SRM)         
  65. 65.  Daniel Pravat
  66. 66. void MTAClientCall(){ COSERVERINFO si; MULTI_QI mqi; ... if (SUCCEEDED(CoCreateInstanceEx( CLSID_Calculator, NULL, CLSCTX_LOCAL_SERVER | CLSCTX_REMOTE_SERVER, &si, 1, &mqi ))) { ICalculator * pCalculator = NULL; pCalculator = (ICalculator*)mqi.pItf; __int32 result = 0; wprintf(L"Calling SumSlow ..."); pCalculator->SumSlow(1,2, &result); pCalculator->Release(); wprintf(L"donen"); }}
  67. 67.  DCOM HOST OS SCM Launch Remote RPCSS DCOM client Server server DCOM client
  68. 68.  Daniel Pravat
  69. 69. 
  70. 70.       
  71. 71.
  72. 72. 
  73. 73. 
  74. 74. ApplicationDefault C RuntimeProcess Other Heaps Heap Heap Heap Manager Virtual Memory Manager
  75. 75. Look aside Table0 Unused1 162 243 32… …127 1024
  76. 76. Free Lists Segment List0 Variable Size 1 21 unused …2 16 X3 24… …127 1016
  77. 77. 
  78. 78. Free Block Busy Block Busy Block Uncommitted range
  79. 79.   
  80. 80. Pre-allocation Metadata User accessible part Post-allocation MetadataPre-allocation MetadataCurrent Previous Seg Tag Flags Unused User accessible part Size Size Index IndexPost-allocation Metadata Suffix Fill Area Heap User accessible part Bytes (debug) Extra
  81. 81.  Allocation Size: 16 Allocation Size: 32 Allocation Size: 16 Allocation Size: 64
  82. 82.   
  83. 83. Mario Hewardt
  84. 84. Mario Hewardt
  85. 85. Mario Hewardt
  86. 86.   
  87. 87.      
  88. 88.    
  89. 89. Windows Error Reporting Service Crash data over HTTPS Error Sent Dr. Query FaultWatson Fault response over HTTPS DataProcess Crash ISV
  90. 90. Mario Hewardt
  91. 91.   http://www.codeplex.com/wer/   
  92. 92. 
  93. 93. Daniel Pravat
  94. 94. Debugging Tools for Windows          
  95. 95. Debugging Tools for Windows            
  96. 96. Debugging Tools for Windows         
  97. 97. Main(){... int operationCount = 0; for (; ; ) { operationCount++; HostInfo hi = HostInfo.GetDefault(hostAddress,userName, password); IWSManSession session = GetSession(hi); string response =session.Get("wmicimv2/Win32_OperatingSystem", 0); Console.Write("rNumber of calls: " +operationCount); }...}
  98. 98. static public IWSManSession GetSession(HostInfo hi) { IWSManSession session = null; // Get a cached session string key = hi.GetKey(); if (!sessionCache.TryGetValue(key, out session)) { session = CreateSession(hi); sessionCache[key] = session; } return session; }
  99. 99.  Daniel Pravat
  100. 100. 
  101. 101. Debugging Tools for Windows         
  102. 102. 
  103. 103.      Microsoft Advanced Windows Debugging and Troubleshooting  Crash Dump Analysis  If broken it is, fix it you should 
  104. 104. 
  105. 105. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

×