Your SlideShare is downloading. ×
0
SQL Server CrashDumpAnalysis<br />A brief tour withWinDbg and otheruglytools<br />Pablo Álvarez Doval<br />Debugging & Op...
Who am I?<br />
SessionObjectives<br />Whatisthissessionabout?<br />Whatisn’tthissessionabout?<br />
Who are you?<br />
Agenda<br />Tools of theTrade<br />Brief Windows ArchitectureRefresher<br />SQL Server Post-mortem Debugging<br />Handling...
Debugging Tools for Windows<br />Free download:<br />http://www.microsoft.com/whdc/devtools/debugging<br />Updated several...
Demo 0: … isitreally so ugly?<br />
Thesaurus<br />Just to keep with the forensics analogy:<br />Corpse  Dump file<br />Forensic Lab  WinDbg<br />Forensic S...
Usermode vs. Kernelmode<br />Windows on Windows<br />wowexec.exe<br />UNIX<br />LSA Shell<br />Lsass.exe<br />Client/Serve...
Application, Processes and Threads<br />An application is formed by one or more processes<br />A process is an in-memory e...
… isitreallyworthit?<br />
Othergoodreasons…<br />
Win32 Virtual MemoryAddressing (I)<br />sqlsrv.exe<br />Process n<br />Process 1<br />Process 2<br />Thread 1<br />Thread ...
Win32 Virtual MemoryAddressing(II)<br />
Thread Call Stacks<br />Shows part of the history of the function calls of the thread<br />Each thread has its own Call St...
CallStacks (I)<br />Eachthread of theprocess has itsowncallstack:<br />
CallStacks (II)<br />Eachframe has thefollowingstructure:<br />Frame<br />Parameters<br />ReturnAddress<br />Frame Pointer...
Symbols<br />Symbols make the call stack useful:<br />Without Symbols:<br />With Symbols:<br />kernel32!+136aa<br />kernel...
Symbol formats<br />Current format: .PDB<br />Old Format: .DBG<br />Retail vs. Debug (Free vs. Checked) builds<br />Privat...
Symbol Servers<br />Uses the File System as a Symbol’s database:<br />Organized by name and a unique identifier<br />Folde...
Demo 1: Scheduler Non-Yielding<br />
Scenario<br />A customer’s SQL Server 2000 ishanging, showing 17883 errors in SQL Server’sErrorLog<br />Whenthese errores ...
Demo 2: DBCC CHECKDB<br />
Demo 3: ClusterResources<br />
ManagedDebuggingwith .NET<br />WinDbgis a nativedebugger<br />In ordertodebug .NET codeweneedto use debuggerextensions:<br...
Demo 4: ManagedDebuggingwith SOS<br />
Somecooltips…<br />Didwereallygettothisslide in time?! <br />Well.. enjoysome free tips! <br />Using SOS from VS.NET<br /...
Resources<br />pablod@plainconcepts.com<br />@Plain Concepts<br />http://www.geeks.ms/blogs/palvarez<br />http://www.geeks...
AnyQuestions?<br />Thanks! <br />
Upcoming SlideShare
Loading in...5
×

Sql Bits Sql Server Crash Dump Analysis

2,455

Published on

Deck used in my session on debugging SQLServer crash dumps at SQL Bits VI.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,455
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Sql Bits Sql Server Crash Dump Analysis"

  1. 1. SQL Server CrashDumpAnalysis<br />A brief tour withWinDbg and otheruglytools<br />Pablo Álvarez Doval<br />Debugging & OptimizationTeam Lead<br />pablod@plainconcepts.com<br />
  2. 2. Who am I?<br />
  3. 3.
  4. 4.
  5. 5. SessionObjectives<br />Whatisthissessionabout?<br />Whatisn’tthissessionabout?<br />
  6. 6.
  7. 7. Who are you?<br />
  8. 8. Agenda<br />Tools of theTrade<br />Brief Windows ArchitectureRefresher<br />SQL Server Post-mortem Debugging<br />Handling SQL Server dumps<br />Analyzing SQL Server dumps<br />Debugging .NET Applicationswith SOS<br />
  9. 9. Debugging Tools for Windows<br />Free download:<br />http://www.microsoft.com/whdc/devtools/debugging<br />Updated several times a year<br />Debuggers, extensions, tools and a great help file:<br />windbg.exe, kd.exe, cdb.exe<br />gflags.exe, tlist.exe, etc<br />debugger.chm<br />Can be installed via xcopy<br />
  10. 10. Demo 0: … isitreally so ugly?<br />
  11. 11. Thesaurus<br />Just to keep with the forensics analogy:<br />Corpse  Dump file<br />Forensic Lab  WinDbg<br />Forensic Scientist  You!<br />Gray’s Anathomy  Windows Internals 5th Ed. <br />We are not going to get into details, but we will do a little refresher of some key concepts<br />
  12. 12. Usermode vs. Kernelmode<br />Windows on Windows<br />wowexec.exe<br />UNIX<br />LSA Shell<br />Lsass.exe<br />Client/Server<br />csrss.exe<br />Notepad<br />notepad.exe<br />Virtual DOS Machine<br />ntvdm.exe<br />Win32<br />Interix<br />User Mode<br />Kernel Mode<br />ExecutiveServices<br />I/O<br />IPC<br />Memory<br />Processes<br />Security<br />WM<br />PNP<br />GraphicsController<br />Object Manager<br />FS<br />Device Drivers<br />Microkernel<br />Hardware AbstractionLayer (HAL)<br />
  13. 13. Application, Processes and Threads<br />An application is formed by one or more processes<br />A process is an in-memory executable, which is made up of one or more threads and its resources<br />A thread is the basic unit of execution and schedulingin the OS.<br />
  14. 14. … isitreallyworthit?<br />
  15. 15.
  16. 16. Othergoodreasons…<br />
  17. 17. Win32 Virtual MemoryAddressing (I)<br />sqlsrv.exe<br />Process n<br />Process 1<br />Process 2<br />Thread 1<br />Thread 1<br />Thread 1<br />Thread 1<br />Thread2<br />Thread2<br />Thread2<br />Thread2<br />…<br />:<br />:<br />:<br />:<br />2 Gb<br />Thread n<br />Thread n<br />Thread n<br />Thread n<br />4Gb<br />Kernel<br />2 Gb<br />
  18. 18. Win32 Virtual MemoryAddressing(II)<br />
  19. 19. Thread Call Stacks<br />Shows part of the history of the function calls of the thread<br />Each thread has its own Call Stack<br />i.e:<br />ntdll!KiFastSystemCallRet<br />USER32!NtUserGetMessage+0xc<br />notepad!WinMain+0xe5<br />notepad!WinMainCRTStartup+0x174<br />kernel32!BaseProcessStart+0x23<br />
  20. 20. CallStacks (I)<br />Eachthread of theprocess has itsowncallstack:<br />
  21. 21. CallStacks (II)<br />Eachframe has thefollowingstructure:<br />Frame<br />Parameters<br />ReturnAddress<br />Frame Pointer<br />ExceptionHandler<br />Local Variables<br />Registros<br />
  22. 22. Symbols<br />Symbols make the call stack useful:<br />Without Symbols:<br />With Symbols:<br />kernel32!+136aa<br />kernel32!CreateFileW+0x35f<br />
  23. 23. Symbol formats<br />Current format: .PDB<br />Old Format: .DBG<br />Retail vs. Debug (Free vs. Checked) builds<br />Private symbols vs. public symbols<br />
  24. 24. Symbol Servers<br />Uses the File System as a Symbol’s database:<br />Organized by name and a unique identifier<br />Folder structure:<br /> ymSrvfile_name.pdbunique_number___<br />i.e:<br />ymbols tdll.pdb3B5EDCA52 tdll.pdb<br />ymbols tdll.pdb380FCC4F2 tdll.pdb<br />
  25. 25. Demo 1: Scheduler Non-Yielding<br />
  26. 26. Scenario<br />A customer’s SQL Server 2000 ishanging, showing 17883 errors in SQL Server’sErrorLog<br />Whenthese errores ocurr, SQL Server automaticallytriggersthecreation of a dump<br />…<br />2007-02-12 11:17:14.10 server Error: 17883, Severity: 1, State: 0<br />2007-02-12 11:17:14.10 server Process 59:0 (834) UMS Context 0x125ABD80 appears to be non-yielding on Scheduler 1.<br />…<br />
  27. 27. Demo 2: DBCC CHECKDB<br />
  28. 28. Demo 3: ClusterResources<br />
  29. 29. ManagedDebuggingwith .NET<br />WinDbgis a nativedebugger<br />In ordertodebug .NET codeweneedto use debuggerextensions:<br />SOS.dll (untilframework .NET 3.5)<br />CLR.dll (framework 4.0)<br />Whyallthis? Isitworthit?<br />
  30. 30. Demo 4: ManagedDebuggingwith SOS<br />
  31. 31. Somecooltips…<br />Didwereallygettothisslide in time?! <br />Well.. enjoysome free tips! <br />Using SOS from VS.NET<br />Memorydumpanalysisfrominside VS2010<br />
  32. 32. Resources<br />pablod@plainconcepts.com<br />@Plain Concepts<br />http://www.geeks.ms/blogs/palvarez<br />http://www.geeks.ms/blogs/rcorral<br />http://www.geeks.ms/blogs/luisguerrero<br />@MSDN:<br />http://blogs.msdn.com/tess/<br />Books:<br />Microsoft Windows Internals, 5th Ed. [Mark E. Russinovich and David A. Solomon]Microsoft Press.<br />Debugging Applications for Microsoft .NET and Microsoft Windows[John Robbins]Microsoft Press.<br />
  33. 33. AnyQuestions?<br />Thanks! <br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×