Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SQL Server CrashDumpAnalysis<br />A brief tour withWinDbg and otheruglytools<br />Pablo Álvarez Doval<br />Debugging & Op...
Who am I?<br />
SessionObjectives<br />Whatisthissessionabout?<br />Whatisn’tthissessionabout?<br />
Who are you?<br />
Agenda<br />Tools of theTrade<br />Brief Windows ArchitectureRefresher<br />SQL Server Post-mortem Debugging<br />Handling...
Debugging Tools for Windows<br />Free download:<br />http://www.microsoft.com/whdc/devtools/debugging<br />Updated several...
Demo 0: … isitreally so ugly?<br />
Thesaurus<br />Just to keep with the forensics analogy:<br />Corpse  Dump file<br />Forensic Lab  WinDbg<br />Forensic S...
Usermode vs. Kernelmode<br />Windows on Windows<br />wowexec.exe<br />UNIX<br />LSA Shell<br />Lsass.exe<br />Client/Serve...
Application, Processes and Threads<br />An application is formed by one or more processes<br />A process is an in-memory e...
… isitreallyworthit?<br />
Othergoodreasons…<br />
Win32 Virtual MemoryAddressing (I)<br />sqlsrv.exe<br />Process n<br />Process 1<br />Process 2<br />Thread 1<br />Thread ...
Win32 Virtual MemoryAddressing(II)<br />
Thread Call Stacks<br />Shows part of the history of the function calls of the thread<br />Each thread has its own Call St...
CallStacks (I)<br />Eachthread of theprocess has itsowncallstack:<br />
CallStacks (II)<br />Eachframe has thefollowingstructure:<br />Frame<br />Parameters<br />ReturnAddress<br />Frame Pointer...
Symbols<br />Symbols make the call stack useful:<br />Without Symbols:<br />With Symbols:<br />kernel32!+136aa<br />kernel...
Symbol formats<br />Current format: .PDB<br />Old Format: .DBG<br />Retail vs. Debug (Free vs. Checked) builds<br />Privat...
Symbol Servers<br />Uses the File System as a Symbol’s database:<br />Organized by name and a unique identifier<br />Folde...
Demo 1: Scheduler Non-Yielding<br />
Scenario<br />A customer’s SQL Server 2000 ishanging, showing 17883 errors in SQL Server’sErrorLog<br />Whenthese errores ...
Demo 2: DBCC CHECKDB<br />
Demo 3: ClusterResources<br />
ManagedDebuggingwith .NET<br />WinDbgis a nativedebugger<br />In ordertodebug .NET codeweneedto use debuggerextensions:<br...
Demo 4: ManagedDebuggingwith SOS<br />
Somecooltips…<br />Didwereallygettothisslide in time?! <br />Well.. enjoysome free tips! <br />Using SOS from VS.NET<br /...
Resources<br />pablod@plainconcepts.com<br />@Plain Concepts<br />http://www.geeks.ms/blogs/palvarez<br />http://www.geeks...
AnyQuestions?<br />Thanks! <br />
Upcoming SlideShare
Loading in …5
×

Sql Bits Sql Server Crash Dump Analysis

3,356 views

Published on

Deck used in my session on debugging SQLServer crash dumps at SQL Bits VI.

  • Be the first to comment

  • Be the first to like this

Sql Bits Sql Server Crash Dump Analysis

  1. 1. SQL Server CrashDumpAnalysis<br />A brief tour withWinDbg and otheruglytools<br />Pablo Álvarez Doval<br />Debugging & OptimizationTeam Lead<br />pablod@plainconcepts.com<br />
  2. 2. Who am I?<br />
  3. 3.
  4. 4.
  5. 5. SessionObjectives<br />Whatisthissessionabout?<br />Whatisn’tthissessionabout?<br />
  6. 6.
  7. 7. Who are you?<br />
  8. 8. Agenda<br />Tools of theTrade<br />Brief Windows ArchitectureRefresher<br />SQL Server Post-mortem Debugging<br />Handling SQL Server dumps<br />Analyzing SQL Server dumps<br />Debugging .NET Applicationswith SOS<br />
  9. 9. Debugging Tools for Windows<br />Free download:<br />http://www.microsoft.com/whdc/devtools/debugging<br />Updated several times a year<br />Debuggers, extensions, tools and a great help file:<br />windbg.exe, kd.exe, cdb.exe<br />gflags.exe, tlist.exe, etc<br />debugger.chm<br />Can be installed via xcopy<br />
  10. 10. Demo 0: … isitreally so ugly?<br />
  11. 11. Thesaurus<br />Just to keep with the forensics analogy:<br />Corpse  Dump file<br />Forensic Lab  WinDbg<br />Forensic Scientist  You!<br />Gray’s Anathomy  Windows Internals 5th Ed. <br />We are not going to get into details, but we will do a little refresher of some key concepts<br />
  12. 12. Usermode vs. Kernelmode<br />Windows on Windows<br />wowexec.exe<br />UNIX<br />LSA Shell<br />Lsass.exe<br />Client/Server<br />csrss.exe<br />Notepad<br />notepad.exe<br />Virtual DOS Machine<br />ntvdm.exe<br />Win32<br />Interix<br />User Mode<br />Kernel Mode<br />ExecutiveServices<br />I/O<br />IPC<br />Memory<br />Processes<br />Security<br />WM<br />PNP<br />GraphicsController<br />Object Manager<br />FS<br />Device Drivers<br />Microkernel<br />Hardware AbstractionLayer (HAL)<br />
  13. 13. Application, Processes and Threads<br />An application is formed by one or more processes<br />A process is an in-memory executable, which is made up of one or more threads and its resources<br />A thread is the basic unit of execution and schedulingin the OS.<br />
  14. 14. … isitreallyworthit?<br />
  15. 15.
  16. 16. Othergoodreasons…<br />
  17. 17. Win32 Virtual MemoryAddressing (I)<br />sqlsrv.exe<br />Process n<br />Process 1<br />Process 2<br />Thread 1<br />Thread 1<br />Thread 1<br />Thread 1<br />Thread2<br />Thread2<br />Thread2<br />Thread2<br />…<br />:<br />:<br />:<br />:<br />2 Gb<br />Thread n<br />Thread n<br />Thread n<br />Thread n<br />4Gb<br />Kernel<br />2 Gb<br />
  18. 18. Win32 Virtual MemoryAddressing(II)<br />
  19. 19. Thread Call Stacks<br />Shows part of the history of the function calls of the thread<br />Each thread has its own Call Stack<br />i.e:<br />ntdll!KiFastSystemCallRet<br />USER32!NtUserGetMessage+0xc<br />notepad!WinMain+0xe5<br />notepad!WinMainCRTStartup+0x174<br />kernel32!BaseProcessStart+0x23<br />
  20. 20. CallStacks (I)<br />Eachthread of theprocess has itsowncallstack:<br />
  21. 21. CallStacks (II)<br />Eachframe has thefollowingstructure:<br />Frame<br />Parameters<br />ReturnAddress<br />Frame Pointer<br />ExceptionHandler<br />Local Variables<br />Registros<br />
  22. 22. Symbols<br />Symbols make the call stack useful:<br />Without Symbols:<br />With Symbols:<br />kernel32!+136aa<br />kernel32!CreateFileW+0x35f<br />
  23. 23. Symbol formats<br />Current format: .PDB<br />Old Format: .DBG<br />Retail vs. Debug (Free vs. Checked) builds<br />Private symbols vs. public symbols<br />
  24. 24. Symbol Servers<br />Uses the File System as a Symbol’s database:<br />Organized by name and a unique identifier<br />Folder structure:<br /> ymSrvfile_name.pdbunique_number___<br />i.e:<br />ymbols tdll.pdb3B5EDCA52 tdll.pdb<br />ymbols tdll.pdb380FCC4F2 tdll.pdb<br />
  25. 25. Demo 1: Scheduler Non-Yielding<br />
  26. 26. Scenario<br />A customer’s SQL Server 2000 ishanging, showing 17883 errors in SQL Server’sErrorLog<br />Whenthese errores ocurr, SQL Server automaticallytriggersthecreation of a dump<br />…<br />2007-02-12 11:17:14.10 server Error: 17883, Severity: 1, State: 0<br />2007-02-12 11:17:14.10 server Process 59:0 (834) UMS Context 0x125ABD80 appears to be non-yielding on Scheduler 1.<br />…<br />
  27. 27. Demo 2: DBCC CHECKDB<br />
  28. 28. Demo 3: ClusterResources<br />
  29. 29. ManagedDebuggingwith .NET<br />WinDbgis a nativedebugger<br />In ordertodebug .NET codeweneedto use debuggerextensions:<br />SOS.dll (untilframework .NET 3.5)<br />CLR.dll (framework 4.0)<br />Whyallthis? Isitworthit?<br />
  30. 30. Demo 4: ManagedDebuggingwith SOS<br />
  31. 31. Somecooltips…<br />Didwereallygettothisslide in time?! <br />Well.. enjoysome free tips! <br />Using SOS from VS.NET<br />Memorydumpanalysisfrominside VS2010<br />
  32. 32. Resources<br />pablod@plainconcepts.com<br />@Plain Concepts<br />http://www.geeks.ms/blogs/palvarez<br />http://www.geeks.ms/blogs/rcorral<br />http://www.geeks.ms/blogs/luisguerrero<br />@MSDN:<br />http://blogs.msdn.com/tess/<br />Books:<br />Microsoft Windows Internals, 5th Ed. [Mark E. Russinovich and David A. Solomon]Microsoft Press.<br />Debugging Applications for Microsoft .NET and Microsoft Windows[John Robbins]Microsoft Press.<br />
  33. 33. AnyQuestions?<br />Thanks! <br />

×