Advanced windows debugging

Uploaded on

How do you deal with issues that happen in production? Error and Event logs are helpful but often they provide little to no help with things like deadlocks and memory leaks. …

How do you deal with issues that happen in production? Error and Event logs are helpful but often they provide little to no help with things like deadlocks and memory leaks.
In this session we'll explore some low level utilities that allow us to take snapshots of running code and bring it back in house for analysis.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • We talk a lot about taking dumps.Please no toilet humour
  • Parameter is address = value? 64Which is really? 00000064Which is really? 0x00000064Because I am currently in base 16 which I now because of n


  • 1. Advanced Windows Debugging Chris Ortman, Innovative Systems @chriso
  • 2. About me Professional developer for 11 years Telecom Lots of web Language wonk Former Castle Contributor User Group Founder INETA Senior Mentor
  • 3. About this talk Learn to troubleshoot systems in production using a low-level utility called windbg
  • 4. Sometimes things go wrong in production
  • 5. • Event Logs • Performance Monitor • Reproduce (Testing & Staging) • Capture a dump of the process and analyze
  • 6. True Story
  • 7. Obtaining a crash dump • Easiest way is with task manager • • • Be careful of .NET version and platform architecture. Best to have them match Other tools • • • DebugDiag - Automate capture of exceptions from IIS ADPlus – Take dumps from the command line ProcDump – Capture running application watches for thresholds
  • 8. Install windbg • Download from Microsoft • Install via chocolatey • Need to configure symbol paths SOS - .NET Debugging extension • Installed with .NET framework • Must be manually copied to windbg folder C:Program Files (x86)Windows Kits8.0Debuggers{x86,x64}
  • 9. Symbol Paths symsrv*symsrv.dll*c:localsymbols*
  • 10. Examine Heap !DumpHeap –stat !DumpHeap –Type Person We are looking for something with a high count of objects Sometimes we will take 2 dumps and look for what is changing !pe can print your exception
  • 11. DumpObj We can see fields here. Value types we see the value Reference types we see the reference on the heap MethodTable EEClass
  • 12. DumpMT Lookup for method invocation Very fast
  • 13. DumpClass More info about each type Stuff you would get from reflection
  • 14. GCRoot Find what is holding reference to your object Pass an address or -all
  • 15. lm Shows the modules loaded into your program
  • 16. !threads View managed threads ~ shows all threads ~Ns – switch to a thread ~N e – do something to that thread like: ~2 e !clrstack
  • 17. Threads that are locked
  • 18. !clrstack -p shows function arguments -l shows information on local variables (no names for these, just address) -a same as -l -p
  • 19. Review • !DumpHeap – Look at all the objects in your process, memory leaks • !GCRoot – Find what is referencing the object • !GCWhere – Tells you if the runtime has tried to collect it • !DumpObj – Examine the internals of an object, figure out behavior • !DumpMT • !DumpClass • !threads – See whats going on right now, look for locks. Deadlocks • !clrstack – Drill into specific thread
  • 20. More Resources • • • •
  • 21. Thank You! Don’t forget to rate the talk Further questions @chriso Firstnamelastname at gmail dot com