SlideShare a Scribd company logo

Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmugasundaram

Shanmuga KS
Shanmuga KS

This training comprises of 2 sessions Session -1 (Theory) 1. Understanding Dump File 2. Varieties of Dump File 3. Creation of Dump File 4. Terminologies for analyzing of Dump File 5. Introduction to WinDbg Session -2 ( Lab) 1. Postmortem Debugger Settings 2. WinDbg Setup 3. Dump File creation using Tools 4. Dump File creation using Win32 API 5. Dump File Analyzing case study For Download, drop mail to contactshanmugaks@gmail.com

EducationTechnology
1 of 71
Download to read offline
Crash Dump Analysis using WinDbg By K.S.Shanmuga sundaram
Page 2 2013 By K.S.Shanmuga sundaram About Training +
Page 3 2013 By K.S.Shanmuga sundaram Session - 1
Page 4 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
Page 5 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
Page 6 2013 By K.S.Shanmuga sundaram Varieties of Bugs Bugs Arithmetic Logical syntax Resource Multi Threaded Perform - ance User Interface
Page 7 2013 By K.S.Shanmuga sundaram Impact of Bug on Application Application may Malfunction Application may Crash Application may Hang
Page 8 2013 By K.S.Shanmuga sundaram Application crash Arises due to unhandled exception
Page 9 2013 By K.S.Shanmuga sundaram Application Hang May arise due to Deadlock. May arise due to High CPU usage.
Page 10 2013 By K.S.Shanmuga sundaram How to Fix Crash / Hang Issue? 1. Store Application state i.e. Process(s) Info, Thread(s) Info, Loaded Module Info, Register Info, Memory Info, Handle Info, Callstack Info, Etc., 2. Start Analyze to find the root cause of the issue. Process Dump Information
Page 11 2013 By K.S.Shanmuga sundaram What is Dump File? Definition:- Static snap shot of an application at any given time. Fact sheet File Format Binary File Format File Extension .DMP - Stands for Dump Contents Process, Thread, Stack,Callstack, Handles, Modules, etc., Usage (i) Debugging Crashing application. (ii) Debugging Hanging application. Other terms Crash dump, Core Dump, Hang Dump, Heap Dump, Memory Dump, Process dump or just dump.
Page 12 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
Page 13 2013 By K.S.Shanmuga sundaram Physical Memory Layout User Space Kernel Space Kernel Process User Process Kernel Process Kernel Process User Process User Process Access Restricted
Page 14 2013 By K.S.Shanmuga sundaram Physical Memory Layout – 32 bit User Space Kernel Space 4 GB 2 GB 0 2 32
Page 15 2013 By K.S.Shanmuga sundaram Physical Memory Layout – 32 bit User Space Kernel Space 4 GB 3 GB 0 with /3GB switch in boot.ini file 2 32
Page 16 2013 By K.S.Shanmuga sundaram Types of Dump File
Page 17 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
Page 18 2013 By K.S.Shanmuga sundaram Dump File creation
Page 19 2013 By K.S.Shanmuga sundaram Dump File creation using Win32 API BOOL MiniDumpWriteDump ( HANDLE hProcess, DWORD ProcessId, HANDLE hFile, MINIDUMP_TYPE DumpType, PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam, PMINIDUMP_CALLBACK_INFORMATION CallbackParam );
Page 20 2013 By K.S.Shanmuga sundaram Dump File creation using Win32 API API Name MiniDumpWriteDump DLL Dbghelp.dll Header file Dbghelp.h Arguments HANDLE hProcess Target process handle. DWORD ProcessId Target process ID. HANDLE hFile Dump file handle. MINIDUMP_TYPE DumpType Type of information to be written dump file PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, Pointer to Exception info like ThreadID, Exception pointers. PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam Pointer to user defined information. [Optional] PMINIDUMP_CALLBACK_INFORMATION CallbackParam Callback to receive extended dump information. [Optional].
Page 21 2013 By K.S.Shanmuga sundaram Dump File creation using Win32 API Argument MINIDUMP_TYPE DumpType Description Enumerator constants. It can have any one of the values MiniDumpNormal MiniDumpWithDataSegs MiniDumpWithFullMemory MiniDumpWithHandleData MiniDumpFilterMemory MiniDumpScanMe MiniDumpWithUnloadedModules MiniDumpWithIndirectlyReferencedMe mory MiniDumpFilterModulePaths MiniDumpWithProcessThreadData MiniDumpWithPrivateReadWriteMe mory MiniDumpWithoutOptionalData MiniDumpWithFullMemoryInfo MiniDumpWithThreadInfo MiniDumpWithCodeSegs
Page 22 2013 By K.S.Shanmuga sundaram Kernel Dump creation using System settings
Page 23 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
Page 24 2013 By K.S.Shanmuga sundaram Symbols  Global variables  Local variables  Function names and the addresses of their entry points  Frame pointer omission (FPO) records  Source File name and line number for each Instruction  Functions (except for functions declared static)  Global variables specified as extern  (and any other global variables visible across multiple object files) Also called as Full Symbol Also called as Stripped Symbol  Stores Debugging information about a program
Page 25 2013 By K.S.Shanmuga sundaram Symbols in detail  Name of the item  Address of the item in virtual memory  Frame pointer omission (FPO) records for each function  Data type of each variable, structure, and function  Types and names of the parameters for each function  Scope of each local variable  Symbols associated with each line in each source file  The name of the item.  The address of the item in the virtual memory space of its module. For a function, this is the address of its entry point.  Frame pointer omission (FPO) records for each function.
Page 26 2013 By K.S.Shanmuga sundaram Symbols Relation Public symbol data can be thought of as a subset of the private symbol .
Page 27 2013 By K.S.Shanmuga sundaram Symbol File Format PDB stands for “Program Database” Fact sheet Microsoft proprietary file format (.pdb) Extracted from Source files ( .cpp,.c, ,cs, etc.,). PDB file information extracted by using the DIA (Debug Interface Access) SDK. A .NET PDB file only contains only Source Filename, Line number , Local variable names as .NET Metadata already contains rest of the symbols. Visual studio 5.0 generates .dbg file format.
Page 28 2013 By K.S.Shanmuga sundaram Dump file relation • DMP • PDB • DBG • C • CPP • H • CS • EXE • DLL • LIB
Page 29 2013 By K.S.Shanmuga sundaram Application Dependency
Page 30 2013 By K.S.Shanmuga sundaram Dump File Dependency IMAGE SYMBOLS SOURCES Required Files For Dump File Analysing
Page 31 2013 By K.S.Shanmuga sundaram Process & Threads User Space Kernel Space User Process Thread 1 Thread 2 Thread N 1 MB Stack Memory 1 MB Stack Memory 1 MB Stack Memory
Page 32 2013 By K.S.Shanmuga sundaram Stack User Space Kernel Space Stack Memory – Thread 1 Committed Guard ReservedStack Memory – Thread 2 Stack Memory – Thread 3 Stack Growth
Page 33 2013 By K.S.Shanmuga sundaram Callstack Call Stack Method2() Frame 2 Method1 Frame 1 Main() Frame 0 Void Method1(int) { Method2(40,50); } Void Method2(int,int) { Do something… } Void main() { Method1(20); }
Page 34 2013 By K.S.Shanmuga sundaram C compiler Name Mangling Function Name Function Address Method1() 0x1234 Method1() 0x3423 Method2() 0x1654 Void Method1(int) { Do something… } Void Method1(char) { Do something… } Void Method2(int,int) { Do something… } Void main() { Method1(20); Method1(‘a’); Method2(40,50); } Typical Representation __Method1_0x1234 __Method1_0x3423 __Method2_0x1654
Page 35 2013 By K.S.Shanmuga sundaram C++ compiler Name Mangling Void Method1(int) { Do something… } Void Method1(char) { Do something… } Void Method2(int,int) { Do something… } Void main() { Method1(20); Method1(‘a’); Method2(40,50); } Typical Representation __Method1_1_@INT_0x1234 __Method1_1_@CHAR_0x3423 __Method2_2_@INT_@INT_0x1654 Function Name No of Param Param Type Function Address Method1() 1 Int 0x1234 Method1() 1 Char 0x3423 Method2() 2 Int,Int 0x1654
Page 36 2013 By K.S.Shanmuga sundaram Calling convention
Page 37 2013 By K.S.Shanmuga sundaram Calling convention comparison
Page 38 2013 By K.S.Shanmuga sundaram Exception Dispatching Debugger Frame Handlers Operation System Default Post Mortem Debugger Windows Error Reporting First Chance exception Second Chance exception Unhandled exceptions 1 2 3 4 6 8 Exception 5 7 9
Page 39 2013 By K.S.Shanmuga sundaram C++ Exception Test void TestMethod { int Temp = 100; Temp = Temp /(Temp-Temp); } void main() { try { TestMethod(); } catch(…) { printf(“ Exception Caught”); } } Is Program will crash?
Page 40 2013 By K.S.Shanmuga sundaram C++ Exception Answer C/C++ --> Code Generation --> Enable C++ Exceptions C++ Exceptions Command line Option Remarks No No Exception handled. Yes /EHsc Only C++ Exception handled. With SEH /EHa Both C++ and SEH exception handled. (Destructor will not be called on stack unwinding)
Page 41 2013 By K.S.Shanmuga sundaram Terminologies
Page 42 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
Page 43 2013 By K.S.Shanmuga sundaram WinDbg – A Introduction  Microsoft Windows Debugger  GUI Debugger. Both user and kernel mode debugger. Non-Invasive Debugger.  Freeware.  Light weight
Page 44 2013 By K.S.Shanmuga sundaram WinDbg – Command Types Command Types Description Regular Commands Used debug processes Meta or Dot-Commands usually to control the behavior of the debugger Extension Commands implemented as exported functions in extension DLLs
Page 45 2013 By K.S.Shanmuga sundaram WinDbg – Commands Command Types Examples Regular Commands K Meta or Dot-Commands .cls, .reload, .time Extension Commands !analyze, !locks, !teb, !peb
Page 46 2013 By K.S.Shanmuga sundaram WinDbg Commands Command Description !analyze –v Analyze Exceptions. !analyze -hang –v Analyze Hanging. !gle Get Last Error. .lastevent Get last exception Event. .ecxr Display Exception context. !sym noisy While loading symbols displays error information. Be default it is OFF. K Display Call stack. ld * Load all Modules. !for_each_frame Display call stack with Frame number. .frame N Set “N” Frame as context
Page 47 2013 By K.S.Shanmuga sundaram WinDbg Commands Command Description .reload /f /v /i Load all modules forecefully with verbose !teb Thread Environment block ( Formatted output) !peb Process Environment block ( Formatted output) !runaway Displays information about time consumed by each thread. dt nt!_TEB Full Thread Environment block ~ Display all threads Info || Display process Info !wow64exts.sw Switches 64bit dump file into 32bit. dt ModulName!* Display all available data type in a module. dt ModulName!Type Display declaration for a given data type.
Page 48 2013 By K.S.Shanmuga sundaram WinDbg Commands Command Description .symopt Display Current Symbol loading settings .symopt +0x40 Forcefully try to match PDB with Target Binary. set's flag of "SYMOPT_LOAD_ANYTHING". It mean it will not check for timestamp !locks Display critical section Info !handles Display handles Info
Page 49 2013 By K.S.Shanmuga sundaram Any Questions? Session - 1
Page 50 2013 By K.S.Shanmuga sundaram Session - 2
Page 51 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
Page 52 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Setup1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
Page 53 2013 By K.S.Shanmuga sundaram Registry Path HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NT CurrentVersion AeDebug Registry Values Value Name Remarks Debugger Debugger Executable full path Auto 0 - message box will be displayed prior to postmortem debugging. 1 - No message box. Postmortem Debugger Setup Registry Settings - Windows XP and prior OS.
Page 54 2013 By K.S.Shanmuga sundaram Registry Path HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsWindow s Error ReportingLocalDumps In case of 64 bit set corrresponding registry locations (wow64). Registry Path Value Name Value Data DumpFolder Dump file complete path DumpCount Total Dump file count DumpType 0 - custom, 1 - Mini, 2 – Full CustomDumpFlags Valid if DumpType=0, Possible hexadecimal values = 0,1,2,4,8,10,20,40,80,100,200,400,800,1000,2000,4000,100 00, 20000,40000,80000,100000,1fffff. Refer MSDN for details. Postmortem Debugger Setup Registry Settings - Windows Server 2008, Vista with SP1 and 7.0.
Page 55 2013 By K.S.Shanmuga sundaram Postmortem Debugger Setup Default Enabling Tool Settings Dr.Watson drwtsn32 –I WinDbg WinDbg –I Visual Studio Tools -> options --> Debugging --> Just-In-Time Enable All
Page 56 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
Page 57 2013 By K.S.Shanmuga sundaram WinDbg Setup Environment Variables _NT_SYMBOL_PATH _NT_ALT_SYMBOL_PATH _NT_DEBUGGER_EXTENSION_PATH _NT_EXECUTABLE_IMAGE_PATH _NT_SOURCE_PATH
Page 58 2013 By K.S.Shanmuga sundaram WinDbg Setup Symbol, Image & Source path Setup Path Type File type Files Symbol path Program database files (.pdb) Target application, Windows binaries, and all dependents binaries. Source path Source files (.cpp & .h, .cs) Target application, CRT libraries, and all dependent binaries. Image Path Binary files (.exe, .dll) Target application, Windows dll, and all dependents.
Page 59 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
Page 60 2013 By K.S.Shanmuga sundaram Dump File Creation Using Tools Tool Remarks Process Explorer Right Click  Create Dump ProcDump procdump.exe -ma Target.exe WinDbg WinDbg -pv -pn Target.exe -c ".dump /ma DumpFileName.dmp;q" Task Manager Right Click  Create Dump Dr.Watson Drwatson.exe (Enable Create Dump File)
Page 61 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
Page 62 2013 By K.S.Shanmuga sundaram Dump File Creation Using Win32 API Refer Sample MFC_1
Page 63 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
Page 64 2013 By K.S.Shanmuga sundaram Case Study - 1 Exception type Access violation exception Sample code 1 – Refer Sample MFC_1 int* i = NULL; *i = 100; Sample code 2 Printf(“%s%s%s%s%s%s%s%s%s%s”);
Page 65 2013 By K.S.Shanmuga sundaram Case Study - 2 Exception type Stack Overflow Sample code 1 – Refer Sample MFC_1 Void TestMethod() { unsigned char Temp[1024*1024*1024]; } Sample code 2 Void TestMethod() { TestMethod(); }
Page 66 2013 By K.S.Shanmuga sundaram Case Study - 3 Exception type Divide by Zero Sample code 1 - Refer Sample MFC_1 Void TestMethod() { int nTemp = 100; nTemp = nTemp / (nTemp - nTemp ) }
Page 67 2013 By K.S.Shanmuga sundaram Case Study - 4 Exception type High CPU usage Sample code 1 – Refer Sample MFC_2 UINT ThreadProc1(LPVOID pParam_in) { while(1); eturn 1; } UINT ThreadProc2(LPVOID pParam_in) { for(long i=0;i<200000;i++); return 1; } UINT ThreadProc3(LPVOID pParam_in) { for(long i=0;i<900000;i++); return 1; }
Page 68 2013 By K.S.Shanmuga sundaram Case Study - 5 Exception type Deadlock Sample code 1 – Refer Sample MFC_3 UINT ThreadProc1(LPVOID pParam_in) { CommonMethod(); return 1; } UINT ThreadProc2(LPVOID pParam_in) { CommonMethod(); return 1; } void CommonMethod() { EnterCriticalSection(&CriticalSection); //LeaveCriticalSection(&CriticalSection); }
Page 69 2013 By K.S.Shanmuga sundaram References "Microsoft Windows Internals” by Mark Russinovich and David Solomon 5th Edition "Advanced Windows Debugging" by Mario Hewardt and Daniel Pravat “Memory Dump Analysis Anthology“ by Dmitry Vostokov
Page 70 2013 By K.S.Shanmuga sundaram Any Questions? Session - 2
Page 71 2013 By K.S.Shanmuga sundaram Questions? For more details, please contact http://www.linkedin.com/in/shanmugasundaramks sundarammails@gmail.com K.S.Shanmuga sundaram Software Architect, Bangalore, India

Recommended

Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharingJames Hsieh
 
The Joy of Sandbox Mitigations
The Joy of Sandbox MitigationsThe Joy of Sandbox Mitigations
The Joy of Sandbox Mitigations
James Forshaw
 
In the DOM, no one will hear you scream
In the DOM, no one will hear you screamIn the DOM, no one will hear you scream
In the DOM, no one will hear you scream
Mario Heiderich
 
A Step Towards Data Orientation
A Step Towards Data OrientationA Step Towards Data Orientation
A Step Towards Data Orientation
Electronic Arts / DICE
 
Linqの速度測ってみた
Linqの速度測ってみたLinqの速度測ってみた
Linqの速度測ってみた
Core Concept Technologies
 
Presto anatomy
Presto anatomyPresto anatomy
Presto anatomy
Dongmin Yu
 
Operating and Supporting Delta Lake in Production
Operating and Supporting Delta Lake in ProductionOperating and Supporting Delta Lake in Production
Operating and Supporting Delta Lake in Production
Databricks
 
Stage Level Scheduling Improving Big Data and AI Integration
Stage Level Scheduling Improving Big Data and AI IntegrationStage Level Scheduling Improving Big Data and AI Integration
Stage Level Scheduling Improving Big Data and AI Integration
Databricks
 

Recommended

Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharingJames Hsieh
 
The Joy of Sandbox Mitigations
The Joy of Sandbox MitigationsThe Joy of Sandbox Mitigations
The Joy of Sandbox Mitigations
James Forshaw
 
In the DOM, no one will hear you scream
In the DOM, no one will hear you screamIn the DOM, no one will hear you scream
In the DOM, no one will hear you scream
Mario Heiderich
 
A Step Towards Data Orientation
A Step Towards Data OrientationA Step Towards Data Orientation
A Step Towards Data Orientation
Electronic Arts / DICE
 
Linqの速度測ってみた
Linqの速度測ってみたLinqの速度測ってみた
Linqの速度測ってみた
Core Concept Technologies
 
Presto anatomy
Presto anatomyPresto anatomy
Presto anatomy
Dongmin Yu
 
Operating and Supporting Delta Lake in Production
Operating and Supporting Delta Lake in ProductionOperating and Supporting Delta Lake in Production
Operating and Supporting Delta Lake in Production
Databricks
 
Stage Level Scheduling Improving Big Data and AI Integration
Stage Level Scheduling Improving Big Data and AI IntegrationStage Level Scheduling Improving Big Data and AI Integration
Stage Level Scheduling Improving Big Data and AI Integration
Databricks
 
[0204 구경원] sse 병렬 프로그래밍
[0204 구경원] sse 병렬 프로그래밍[0204 구경원] sse 병렬 프로그래밍
[0204 구경원] sse 병렬 프로그래밍KyeongWon Koo
 
2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...
2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...
2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...
Andrew Lamb
 
Api first design 개발의 선순환
Api first design 개발의 선순환Api first design 개발의 선순환
Api first design 개발의 선순환
Jeong-gyu Kim
 
BoostAsioで可読性を求めるのは間違っているだろうか
BoostAsioで可読性を求めるのは間違っているだろうかBoostAsioで可読性を求めるのは間違っているだろうか
BoostAsioで可読性を求めるのは間違っているだろうか
Yuki Miyatake
 
Top 5 mistakes when writing Spark applications
Top 5 mistakes when writing Spark applicationsTop 5 mistakes when writing Spark applications
Top 5 mistakes when writing Spark applications
hadooparchbook
 
Why your Spark Job is Failing
Why your Spark Job is FailingWhy your Spark Job is Failing
Why your Spark Job is Failing
DataWorks Summit
 
Memory Management in Apache Spark
Memory Management in Apache SparkMemory Management in Apache Spark
Memory Management in Apache Spark
Databricks
 
Portable Streaming Pipelines with Apache Beam
Portable Streaming Pipelines with Apache BeamPortable Streaming Pipelines with Apache Beam
Portable Streaming Pipelines with Apache Beam
confluent
 
MongoDB vs Scylla: Production Experience from Both Dev & Ops Standpoint at Nu...
MongoDB vs Scylla: Production Experience from Both Dev & Ops Standpoint at Nu...MongoDB vs Scylla: Production Experience from Both Dev & Ops Standpoint at Nu...
MongoDB vs Scylla: Production Experience from Both Dev & Ops Standpoint at Nu...
ScyllaDB
 
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtKernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Anne Nicolas
 
Devel::NYTProf 2009-07 (OUTDATED, see 201008)
Devel::NYTProf 2009-07 (OUTDATED, see 201008)Devel::NYTProf 2009-07 (OUTDATED, see 201008)
Devel::NYTProf 2009-07 (OUTDATED, see 201008)
Tim Bunce
 
Unix v6 Internals
Unix v6 InternalsUnix v6 Internals
Unix v6 Internals
National Cheng Kung University
 
How Prometheus Store the Data
How Prometheus Store the DataHow Prometheus Store the Data
How Prometheus Store the Data
Hao Chen
 
ARMアーキテクチャにおけるセキュリティ機構の紹介
ARMアーキテクチャにおけるセキュリティ機構の紹介ARMアーキテクチャにおけるセキュリティ機構の紹介
ARMアーキテクチャにおけるセキュリティ機構の紹介
sounakano
 
The Rise of ZStandard: Apache Spark/Parquet/ORC/Avro
The Rise of ZStandard: Apache Spark/Parquet/ORC/AvroThe Rise of ZStandard: Apache Spark/Parquet/ORC/Avro
The Rise of ZStandard: Apache Spark/Parquet/ORC/Avro
Databricks
 
How to use Parquet as a basis for ETL and analytics
How to use Parquet as a basis for ETL and analyticsHow to use Parquet as a basis for ETL and analytics
How to use Parquet as a basis for ETL and analytics
Julien Le Dem
 
Pitfalls of Object Oriented Programming by SONY
Pitfalls of Object Oriented Programming by SONYPitfalls of Object Oriented Programming by SONY
Pitfalls of Object Oriented Programming by SONY
Anaya Medias Swiss
 
VLDB 2009 Tutorial on Column-Stores
VLDB 2009 Tutorial on Column-StoresVLDB 2009 Tutorial on Column-Stores
VLDB 2009 Tutorial on Column-Stores
Daniel Abadi
 
Materialized Column: An Efficient Way to Optimize Queries on Nested Columns
Materialized Column: An Efficient Way to Optimize Queries on Nested ColumnsMaterialized Column: An Efficient Way to Optimize Queries on Nested Columns
Materialized Column: An Efficient Way to Optimize Queries on Nested Columns
Databricks
 
Killzone Shadow Fall: Threading the Entity Update on PS4
Killzone Shadow Fall: Threading the Entity Update on PS4Killzone Shadow Fall: Threading the Entity Update on PS4
Killzone Shadow Fall: Threading the Entity Update on PS4
jrouwe
 
Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOS
Sasha Goldshtein
 
Debugging NET Applications With WinDBG
Debugging NET Applications With WinDBGDebugging NET Applications With WinDBG
Debugging NET Applications With WinDBG
Cory Foy
 

More Related Content

What's hot

[0204 구경원] sse 병렬 프로그래밍
[0204 구경원] sse 병렬 프로그래밍[0204 구경원] sse 병렬 프로그래밍
[0204 구경원] sse 병렬 프로그래밍KyeongWon Koo
 
2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...
2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...
2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...
Andrew Lamb
 
Api first design 개발의 선순환
Api first design 개발의 선순환Api first design 개발의 선순환
Api first design 개발의 선순환
Jeong-gyu Kim
 
BoostAsioで可読性を求めるのは間違っているだろうか
BoostAsioで可読性を求めるのは間違っているだろうかBoostAsioで可読性を求めるのは間違っているだろうか
BoostAsioで可読性を求めるのは間違っているだろうか
Yuki Miyatake
 
Top 5 mistakes when writing Spark applications
Top 5 mistakes when writing Spark applicationsTop 5 mistakes when writing Spark applications
Top 5 mistakes when writing Spark applications
hadooparchbook
 
Why your Spark Job is Failing
Why your Spark Job is FailingWhy your Spark Job is Failing
Why your Spark Job is Failing
DataWorks Summit
 
Memory Management in Apache Spark
Memory Management in Apache SparkMemory Management in Apache Spark
Memory Management in Apache Spark
Databricks
 
Portable Streaming Pipelines with Apache Beam
Portable Streaming Pipelines with Apache BeamPortable Streaming Pipelines with Apache Beam
Portable Streaming Pipelines with Apache Beam
confluent
 
MongoDB vs Scylla: Production Experience from Both Dev & Ops Standpoint at Nu...
MongoDB vs Scylla: Production Experience from Both Dev & Ops Standpoint at Nu...MongoDB vs Scylla: Production Experience from Both Dev & Ops Standpoint at Nu...
MongoDB vs Scylla: Production Experience from Both Dev & Ops Standpoint at Nu...
ScyllaDB
 
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtKernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Anne Nicolas
 
Devel::NYTProf 2009-07 (OUTDATED, see 201008)
Devel::NYTProf 2009-07 (OUTDATED, see 201008)Devel::NYTProf 2009-07 (OUTDATED, see 201008)
Devel::NYTProf 2009-07 (OUTDATED, see 201008)
Tim Bunce
 
Unix v6 Internals
Unix v6 InternalsUnix v6 Internals
Unix v6 Internals
National Cheng Kung University
 
How Prometheus Store the Data
How Prometheus Store the DataHow Prometheus Store the Data
How Prometheus Store the Data
Hao Chen
 
ARMアーキテクチャにおけるセキュリティ機構の紹介
ARMアーキテクチャにおけるセキュリティ機構の紹介ARMアーキテクチャにおけるセキュリティ機構の紹介
ARMアーキテクチャにおけるセキュリティ機構の紹介
sounakano
 
The Rise of ZStandard: Apache Spark/Parquet/ORC/Avro
The Rise of ZStandard: Apache Spark/Parquet/ORC/AvroThe Rise of ZStandard: Apache Spark/Parquet/ORC/Avro
The Rise of ZStandard: Apache Spark/Parquet/ORC/Avro
Databricks
 
How to use Parquet as a basis for ETL and analytics
How to use Parquet as a basis for ETL and analyticsHow to use Parquet as a basis for ETL and analytics
How to use Parquet as a basis for ETL and analytics
Julien Le Dem
 
Pitfalls of Object Oriented Programming by SONY
Pitfalls of Object Oriented Programming by SONYPitfalls of Object Oriented Programming by SONY
Pitfalls of Object Oriented Programming by SONY
Anaya Medias Swiss
 
VLDB 2009 Tutorial on Column-Stores
VLDB 2009 Tutorial on Column-StoresVLDB 2009 Tutorial on Column-Stores
VLDB 2009 Tutorial on Column-Stores
Daniel Abadi
 
Materialized Column: An Efficient Way to Optimize Queries on Nested Columns
Materialized Column: An Efficient Way to Optimize Queries on Nested ColumnsMaterialized Column: An Efficient Way to Optimize Queries on Nested Columns
Materialized Column: An Efficient Way to Optimize Queries on Nested Columns
Databricks
 
Killzone Shadow Fall: Threading the Entity Update on PS4
Killzone Shadow Fall: Threading the Entity Update on PS4Killzone Shadow Fall: Threading the Entity Update on PS4
Killzone Shadow Fall: Threading the Entity Update on PS4
jrouwe
 

What's hot (20)

[0204 구경원] sse 병렬 프로그래밍
[0204 구경원] sse 병렬 프로그래밍[0204 구경원] sse 병렬 프로그래밍
[0204 구경원] sse 병렬 프로그래밍
 
2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...
2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...
2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...
 
Api first design 개발의 선순환
Api first design 개발의 선순환Api first design 개발의 선순환
Api first design 개발의 선순환
 
BoostAsioで可読性を求めるのは間違っているだろうか
BoostAsioで可読性を求めるのは間違っているだろうかBoostAsioで可読性を求めるのは間違っているだろうか
BoostAsioで可読性を求めるのは間違っているだろうか
 
Top 5 mistakes when writing Spark applications
Top 5 mistakes when writing Spark applicationsTop 5 mistakes when writing Spark applications
Top 5 mistakes when writing Spark applications
 
Why your Spark Job is Failing
Why your Spark Job is FailingWhy your Spark Job is Failing
Why your Spark Job is Failing
 
Memory Management in Apache Spark
Memory Management in Apache SparkMemory Management in Apache Spark
Memory Management in Apache Spark
 
Portable Streaming Pipelines with Apache Beam
Portable Streaming Pipelines with Apache BeamPortable Streaming Pipelines with Apache Beam
Portable Streaming Pipelines with Apache Beam
 
MongoDB vs Scylla: Production Experience from Both Dev & Ops Standpoint at Nu...
MongoDB vs Scylla: Production Experience from Both Dev & Ops Standpoint at Nu...MongoDB vs Scylla: Production Experience from Both Dev & Ops Standpoint at Nu...
MongoDB vs Scylla: Production Experience from Both Dev & Ops Standpoint at Nu...
 
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtKernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
 
Devel::NYTProf 2009-07 (OUTDATED, see 201008)
Devel::NYTProf 2009-07 (OUTDATED, see 201008)Devel::NYTProf 2009-07 (OUTDATED, see 201008)
Devel::NYTProf 2009-07 (OUTDATED, see 201008)
 
Unix v6 Internals
Unix v6 InternalsUnix v6 Internals
Unix v6 Internals
 
How Prometheus Store the Data
How Prometheus Store the DataHow Prometheus Store the Data
How Prometheus Store the Data
 
ARMアーキテクチャにおけるセキュリティ機構の紹介
ARMアーキテクチャにおけるセキュリティ機構の紹介ARMアーキテクチャにおけるセキュリティ機構の紹介
ARMアーキテクチャにおけるセキュリティ機構の紹介
 
The Rise of ZStandard: Apache Spark/Parquet/ORC/Avro
The Rise of ZStandard: Apache Spark/Parquet/ORC/AvroThe Rise of ZStandard: Apache Spark/Parquet/ORC/Avro
The Rise of ZStandard: Apache Spark/Parquet/ORC/Avro
 
How to use Parquet as a basis for ETL and analytics
How to use Parquet as a basis for ETL and analyticsHow to use Parquet as a basis for ETL and analytics
How to use Parquet as a basis for ETL and analytics
 
Pitfalls of Object Oriented Programming by SONY
Pitfalls of Object Oriented Programming by SONYPitfalls of Object Oriented Programming by SONY
Pitfalls of Object Oriented Programming by SONY
 
VLDB 2009 Tutorial on Column-Stores
VLDB 2009 Tutorial on Column-StoresVLDB 2009 Tutorial on Column-Stores
VLDB 2009 Tutorial on Column-Stores
 
Materialized Column: An Efficient Way to Optimize Queries on Nested Columns
Materialized Column: An Efficient Way to Optimize Queries on Nested ColumnsMaterialized Column: An Efficient Way to Optimize Queries on Nested Columns
Materialized Column: An Efficient Way to Optimize Queries on Nested Columns
 
Killzone Shadow Fall: Threading the Entity Update on PS4
Killzone Shadow Fall: Threading the Entity Update on PS4Killzone Shadow Fall: Threading the Entity Update on PS4
Killzone Shadow Fall: Threading the Entity Update on PS4
 

Viewers also liked

Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOS
Sasha Goldshtein
 
Debugging NET Applications With WinDBG
Debugging NET Applications With WinDBGDebugging NET Applications With WinDBG
Debugging NET Applications With WinDBG
Cory Foy
 
Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debugging
chrisortman
 
Who’s afraid of WinDbg
Who’s afraid of WinDbgWho’s afraid of WinDbg
Who’s afraid of WinDbg
Dror Helper
 
Debugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherDebugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir Dresher
Tamir Dresher
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbg
Arno Huetter
 
VS Debugging Tricks
VS Debugging TricksVS Debugging Tricks
VS Debugging Tricks
Sasha Goldshtein
 
C++ Production Debugging
C++ Production DebuggingC++ Production Debugging
C++ Production Debugging
Sasha Goldshtein
 
Windows memory management
Windows memory managementWindows memory management
Windows memory managementTech_MX
 
Buxton voices joint meeting feedback ppt nov 25 2016
Buxton voices joint meeting feedback ppt nov 25 2016Buxton voices joint meeting feedback ppt nov 25 2016
Buxton voices joint meeting feedback ppt nov 25 2016
buxton77
 
Business Consulting Presentation
Business Consulting PresentationBusiness Consulting Presentation
Business Consulting Presentation
JoeHart
 
Windows Crash Dump Analysis
Windows Crash Dump AnalysisWindows Crash Dump Analysis
Windows Crash Dump Analysis
Microsoft TechNet - Belgium and Luxembourg
 

Viewers also liked (13)

Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOS
 
Debugging NET Applications With WinDBG
Debugging NET Applications With WinDBGDebugging NET Applications With WinDBG
Debugging NET Applications With WinDBG
 
Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debugging
 
Who’s afraid of WinDbg
Who’s afraid of WinDbgWho’s afraid of WinDbg
Who’s afraid of WinDbg
 
Debugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherDebugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir Dresher
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbg
 
Memory Dump
Memory DumpMemory Dump
Memory Dump
 
VS Debugging Tricks
VS Debugging TricksVS Debugging Tricks
VS Debugging Tricks
 
C++ Production Debugging
C++ Production DebuggingC++ Production Debugging
C++ Production Debugging
 
Windows memory management
Windows memory managementWindows memory management
Windows memory management
 
Buxton voices joint meeting feedback ppt nov 25 2016
Buxton voices joint meeting feedback ppt nov 25 2016Buxton voices joint meeting feedback ppt nov 25 2016
Buxton voices joint meeting feedback ppt nov 25 2016
 
Business Consulting Presentation
Business Consulting PresentationBusiness Consulting Presentation
Business Consulting Presentation
 
Windows Crash Dump Analysis
Windows Crash Dump AnalysisWindows Crash Dump Analysis
Windows Crash Dump Analysis
 

Similar to Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmugasundaram

Introduction to 3D Mapping with X3D
Introduction to 3D Mapping with X3DIntroduction to 3D Mapping with X3D
Introduction to 3D Mapping with X3D
Ian Panganiban
 
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK BehaviorsStarted from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
JamieWilliams130
 
Grokking Techtalk #38: Escape Analysis in Go compiler
Grokking Techtalk #38: Escape Analysis in Go compiler Grokking Techtalk #38: Escape Analysis in Go compiler
Grokking Techtalk #38: Escape Analysis in Go compiler
Grokking VN
 
SEMLA_logging_infra
SEMLA_logging_infraSEMLA_logging_infra
SEMLA_logging_infra
swy351
 
PGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live forever
PGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live foreverPGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live forever
PGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live forever
PGDay.Amsterdam
 
MongoDB and DigitalOcean Automation with Cloud Manager
MongoDB and DigitalOcean Automation with Cloud ManagerMongoDB and DigitalOcean Automation with Cloud Manager
MongoDB and DigitalOcean Automation with Cloud Manager
Jay Gordon
 
What’s New in Imply 3.3 & Apache Druid 0.18
What’s New in Imply 3.3 & Apache Druid 0.18What’s New in Imply 3.3 & Apache Druid 0.18
What’s New in Imply 3.3 & Apache Druid 0.18
Imply
 
Virtual Memory (Making a Process)
Virtual Memory (Making a Process)Virtual Memory (Making a Process)
Virtual Memory (Making a Process)
David Evans
 
Automated Historical Performance Analysis with kmemtracer
Automated Historical Performance Analysis with kmemtracerAutomated Historical Performance Analysis with kmemtracer
Automated Historical Performance Analysis with kmemtracer
Kyungmin Lee
 
Skiron - Experiments in CPU Design in D
Skiron - Experiments in CPU Design in DSkiron - Experiments in CPU Design in D
Skiron - Experiments in CPU Design in D
Mithun Hunsur
 
Дмитрий Демчук. Кроссплатформенный краш-репорт
Дмитрий Демчук. Кроссплатформенный краш-репортДмитрий Демчук. Кроссплатформенный краш-репорт
Дмитрий Демчук. Кроссплатформенный краш-репорт
Sergey Platonov
 
Trivadis TechEvent 2016 Go - The Cloud Programming Language by Andija Sisko
Trivadis TechEvent 2016 Go - The Cloud Programming Language by Andija SiskoTrivadis TechEvent 2016 Go - The Cloud Programming Language by Andija Sisko
Trivadis TechEvent 2016 Go - The Cloud Programming Language by Andija Sisko
Trivadis
 
Eric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyondEric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyond
GuardSquare
 
Eric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyondEric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyond
GuardSquare
 
[Droidcon Paris 2013]Multi-Versioning Android Tips
[Droidcon Paris 2013]Multi-Versioning Android Tips[Droidcon Paris 2013]Multi-Versioning Android Tips
[Droidcon Paris 2013]Multi-Versioning Android Tips
Kenichi Kambara
 
Serverless observability - a hero's perspective
Serverless observability - a hero's perspectiveServerless observability - a hero's perspective
Serverless observability - a hero's perspective
Yan Cui
 
Graph ql api gateway
Graph ql api gatewayGraph ql api gateway
Graph ql api gateway
AnastasiiaPanchenko3
 
Graph ql api gateway
Graph ql api gatewayGraph ql api gateway
Graph ql api gateway
AnastasiiaPanchenko3
 
C++ oop
C++ oopC++ oop
C++ oop
Sunil OS
 
DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...
DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...
DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...
FIDE Master Tihomir Dovramadjiev PhD
 

Similar to Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmugasundaram (20)

Introduction to 3D Mapping with X3D
Introduction to 3D Mapping with X3DIntroduction to 3D Mapping with X3D
Introduction to 3D Mapping with X3D
 
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK BehaviorsStarted from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
 
Grokking Techtalk #38: Escape Analysis in Go compiler
Grokking Techtalk #38: Escape Analysis in Go compiler Grokking Techtalk #38: Escape Analysis in Go compiler
Grokking Techtalk #38: Escape Analysis in Go compiler
 
SEMLA_logging_infra
SEMLA_logging_infraSEMLA_logging_infra
SEMLA_logging_infra
 
PGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live forever
PGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live foreverPGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live forever
PGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live forever
 
MongoDB and DigitalOcean Automation with Cloud Manager
MongoDB and DigitalOcean Automation with Cloud ManagerMongoDB and DigitalOcean Automation with Cloud Manager
MongoDB and DigitalOcean Automation with Cloud Manager
 
What’s New in Imply 3.3 & Apache Druid 0.18
What’s New in Imply 3.3 & Apache Druid 0.18What’s New in Imply 3.3 & Apache Druid 0.18
What’s New in Imply 3.3 & Apache Druid 0.18
 
Virtual Memory (Making a Process)
Virtual Memory (Making a Process)Virtual Memory (Making a Process)
Virtual Memory (Making a Process)
 
Automated Historical Performance Analysis with kmemtracer
Automated Historical Performance Analysis with kmemtracerAutomated Historical Performance Analysis with kmemtracer
Automated Historical Performance Analysis with kmemtracer
 
Skiron - Experiments in CPU Design in D
Skiron - Experiments in CPU Design in DSkiron - Experiments in CPU Design in D
Skiron - Experiments in CPU Design in D
 
Дмитрий Демчук. Кроссплатформенный краш-репорт
Дмитрий Демчук. Кроссплатформенный краш-репортДмитрий Демчук. Кроссплатформенный краш-репорт
Дмитрий Демчук. Кроссплатформенный краш-репорт
 
Trivadis TechEvent 2016 Go - The Cloud Programming Language by Andija Sisko
Trivadis TechEvent 2016 Go - The Cloud Programming Language by Andija SiskoTrivadis TechEvent 2016 Go - The Cloud Programming Language by Andija Sisko
Trivadis TechEvent 2016 Go - The Cloud Programming Language by Andija Sisko
 
Eric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyondEric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyond
 
Eric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyondEric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyond
 
[Droidcon Paris 2013]Multi-Versioning Android Tips
[Droidcon Paris 2013]Multi-Versioning Android Tips[Droidcon Paris 2013]Multi-Versioning Android Tips
[Droidcon Paris 2013]Multi-Versioning Android Tips
 
Serverless observability - a hero's perspective
Serverless observability - a hero's perspectiveServerless observability - a hero's perspective
Serverless observability - a hero's perspective
 
Graph ql api gateway
Graph ql api gatewayGraph ql api gateway
Graph ql api gateway
 
Graph ql api gateway
Graph ql api gatewayGraph ql api gateway
Graph ql api gateway
 
C++ oop
C++ oopC++ oop
C++ oop
 
DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...
DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...
DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...
 

Recently uploaded

kitab khulasah nurul yaqin jilid 1 - 2.pptx
kitab khulasah nurul yaqin jilid 1 - 2.pptxkitab khulasah nurul yaqin jilid 1 - 2.pptx
kitab khulasah nurul yaqin jilid 1 - 2.pptx
datarid22
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
Priyankaranawat4
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
Dr. Shivangi Singh Parihar
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
MERN Stack Developer Roadmap By ScholarHat PDF
MERN Stack Developer Roadmap By ScholarHat PDFMERN Stack Developer Roadmap By ScholarHat PDF
MERN Stack Developer Roadmap By ScholarHat PDF
scholarhattraining
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
chanes7
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
Reflective and Evaluative Practice...pdf
Reflective and Evaluative Practice...pdfReflective and Evaluative Practice...pdf
Reflective and Evaluative Practice...pdf
amberjdewit93
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
Celine George
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
RitikBhardwaj56
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
Bisnar Chase Personal Injury Attorneys
 
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
National Information Standards Organization (NISO)
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

kitab khulasah nurul yaqin jilid 1 - 2.pptx
kitab khulasah nurul yaqin jilid 1 - 2.pptxkitab khulasah nurul yaqin jilid 1 - 2.pptx
kitab khulasah nurul yaqin jilid 1 - 2.pptx
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
MERN Stack Developer Roadmap By ScholarHat PDF
MERN Stack Developer Roadmap By ScholarHat PDFMERN Stack Developer Roadmap By ScholarHat PDF
MERN Stack Developer Roadmap By ScholarHat PDF
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
Reflective and Evaluative Practice...pdf
Reflective and Evaluative Practice...pdfReflective and Evaluative Practice...pdf
Reflective and Evaluative Practice...pdf
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
 
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 

Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmugasundaram

  • 1. Crash Dump Analysis using WinDbg By K.S.Shanmuga sundaram
  • 2. Page 2 2013 By K.S.Shanmuga sundaram About Training +
  • 3. Page 3 2013 By K.S.Shanmuga sundaram Session - 1
  • 4. Page 4 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
  • 5. Page 5 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
  • 6. Page 6 2013 By K.S.Shanmuga sundaram Varieties of Bugs Bugs Arithmetic Logical syntax Resource Multi Threaded Perform - ance User Interface
  • 7. Page 7 2013 By K.S.Shanmuga sundaram Impact of Bug on Application Application may Malfunction Application may Crash Application may Hang
  • 8. Page 8 2013 By K.S.Shanmuga sundaram Application crash Arises due to unhandled exception
  • 9. Page 9 2013 By K.S.Shanmuga sundaram Application Hang May arise due to Deadlock. May arise due to High CPU usage.
  • 10. Page 10 2013 By K.S.Shanmuga sundaram How to Fix Crash / Hang Issue? 1. Store Application state i.e. Process(s) Info, Thread(s) Info, Loaded Module Info, Register Info, Memory Info, Handle Info, Callstack Info, Etc., 2. Start Analyze to find the root cause of the issue. Process Dump Information
  • 11. Page 11 2013 By K.S.Shanmuga sundaram What is Dump File? Definition:- Static snap shot of an application at any given time. Fact sheet File Format Binary File Format File Extension .DMP - Stands for Dump Contents Process, Thread, Stack,Callstack, Handles, Modules, etc., Usage (i) Debugging Crashing application. (ii) Debugging Hanging application. Other terms Crash dump, Core Dump, Hang Dump, Heap Dump, Memory Dump, Process dump or just dump.
  • 12. Page 12 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
  • 13. Page 13 2013 By K.S.Shanmuga sundaram Physical Memory Layout User Space Kernel Space Kernel Process User Process Kernel Process Kernel Process User Process User Process Access Restricted
  • 14. Page 14 2013 By K.S.Shanmuga sundaram Physical Memory Layout – 32 bit User Space Kernel Space 4 GB 2 GB 0 2 32
  • 15. Page 15 2013 By K.S.Shanmuga sundaram Physical Memory Layout – 32 bit User Space Kernel Space 4 GB 3 GB 0 with /3GB switch in boot.ini file 2 32
  • 16. Page 16 2013 By K.S.Shanmuga sundaram Types of Dump File
  • 17. Page 17 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
  • 18. Page 18 2013 By K.S.Shanmuga sundaram Dump File creation
  • 19. Page 19 2013 By K.S.Shanmuga sundaram Dump File creation using Win32 API BOOL MiniDumpWriteDump ( HANDLE hProcess, DWORD ProcessId, HANDLE hFile, MINIDUMP_TYPE DumpType, PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam, PMINIDUMP_CALLBACK_INFORMATION CallbackParam );
  • 20. Page 20 2013 By K.S.Shanmuga sundaram Dump File creation using Win32 API API Name MiniDumpWriteDump DLL Dbghelp.dll Header file Dbghelp.h Arguments HANDLE hProcess Target process handle. DWORD ProcessId Target process ID. HANDLE hFile Dump file handle. MINIDUMP_TYPE DumpType Type of information to be written dump file PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, Pointer to Exception info like ThreadID, Exception pointers. PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam Pointer to user defined information. [Optional] PMINIDUMP_CALLBACK_INFORMATION CallbackParam Callback to receive extended dump information. [Optional].
  • 21. Page 21 2013 By K.S.Shanmuga sundaram Dump File creation using Win32 API Argument MINIDUMP_TYPE DumpType Description Enumerator constants. It can have any one of the values MiniDumpNormal MiniDumpWithDataSegs MiniDumpWithFullMemory MiniDumpWithHandleData MiniDumpFilterMemory MiniDumpScanMe MiniDumpWithUnloadedModules MiniDumpWithIndirectlyReferencedMe mory MiniDumpFilterModulePaths MiniDumpWithProcessThreadData MiniDumpWithPrivateReadWriteMe mory MiniDumpWithoutOptionalData MiniDumpWithFullMemoryInfo MiniDumpWithThreadInfo MiniDumpWithCodeSegs
  • 22. Page 22 2013 By K.S.Shanmuga sundaram Kernel Dump creation using System settings
  • 23. Page 23 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
  • 24. Page 24 2013 By K.S.Shanmuga sundaram Symbols  Global variables  Local variables  Function names and the addresses of their entry points  Frame pointer omission (FPO) records  Source File name and line number for each Instruction  Functions (except for functions declared static)  Global variables specified as extern  (and any other global variables visible across multiple object files) Also called as Full Symbol Also called as Stripped Symbol  Stores Debugging information about a program
  • 25. Page 25 2013 By K.S.Shanmuga sundaram Symbols in detail  Name of the item  Address of the item in virtual memory  Frame pointer omission (FPO) records for each function  Data type of each variable, structure, and function  Types and names of the parameters for each function  Scope of each local variable  Symbols associated with each line in each source file  The name of the item.  The address of the item in the virtual memory space of its module. For a function, this is the address of its entry point.  Frame pointer omission (FPO) records for each function.
  • 26. Page 26 2013 By K.S.Shanmuga sundaram Symbols Relation Public symbol data can be thought of as a subset of the private symbol .
  • 27. Page 27 2013 By K.S.Shanmuga sundaram Symbol File Format PDB stands for “Program Database” Fact sheet Microsoft proprietary file format (.pdb) Extracted from Source files ( .cpp,.c, ,cs, etc.,). PDB file information extracted by using the DIA (Debug Interface Access) SDK. A .NET PDB file only contains only Source Filename, Line number , Local variable names as .NET Metadata already contains rest of the symbols. Visual studio 5.0 generates .dbg file format.
  • 28. Page 28 2013 By K.S.Shanmuga sundaram Dump file relation • DMP • PDB • DBG • C • CPP • H • CS • EXE • DLL • LIB
  • 29. Page 29 2013 By K.S.Shanmuga sundaram Application Dependency
  • 30. Page 30 2013 By K.S.Shanmuga sundaram Dump File Dependency IMAGE SYMBOLS SOURCES Required Files For Dump File Analysing
  • 31. Page 31 2013 By K.S.Shanmuga sundaram Process & Threads User Space Kernel Space User Process Thread 1 Thread 2 Thread N 1 MB Stack Memory 1 MB Stack Memory 1 MB Stack Memory
  • 32. Page 32 2013 By K.S.Shanmuga sundaram Stack User Space Kernel Space Stack Memory – Thread 1 Committed Guard ReservedStack Memory – Thread 2 Stack Memory – Thread 3 Stack Growth
  • 33. Page 33 2013 By K.S.Shanmuga sundaram Callstack Call Stack Method2() Frame 2 Method1 Frame 1 Main() Frame 0 Void Method1(int) { Method2(40,50); } Void Method2(int,int) { Do something… } Void main() { Method1(20); }
  • 34. Page 34 2013 By K.S.Shanmuga sundaram C compiler Name Mangling Function Name Function Address Method1() 0x1234 Method1() 0x3423 Method2() 0x1654 Void Method1(int) { Do something… } Void Method1(char) { Do something… } Void Method2(int,int) { Do something… } Void main() { Method1(20); Method1(‘a’); Method2(40,50); } Typical Representation __Method1_0x1234 __Method1_0x3423 __Method2_0x1654
  • 35. Page 35 2013 By K.S.Shanmuga sundaram C++ compiler Name Mangling Void Method1(int) { Do something… } Void Method1(char) { Do something… } Void Method2(int,int) { Do something… } Void main() { Method1(20); Method1(‘a’); Method2(40,50); } Typical Representation __Method1_1_@INT_0x1234 __Method1_1_@CHAR_0x3423 __Method2_2_@INT_@INT_0x1654 Function Name No of Param Param Type Function Address Method1() 1 Int 0x1234 Method1() 1 Char 0x3423 Method2() 2 Int,Int 0x1654
  • 36. Page 36 2013 By K.S.Shanmuga sundaram Calling convention
  • 37. Page 37 2013 By K.S.Shanmuga sundaram Calling convention comparison
  • 38. Page 38 2013 By K.S.Shanmuga sundaram Exception Dispatching Debugger Frame Handlers Operation System Default Post Mortem Debugger Windows Error Reporting First Chance exception Second Chance exception Unhandled exceptions 1 2 3 4 6 8 Exception 5 7 9
  • 39. Page 39 2013 By K.S.Shanmuga sundaram C++ Exception Test void TestMethod { int Temp = 100; Temp = Temp /(Temp-Temp); } void main() { try { TestMethod(); } catch(…) { printf(“ Exception Caught”); } } Is Program will crash?
  • 40. Page 40 2013 By K.S.Shanmuga sundaram C++ Exception Answer C/C++ --> Code Generation --> Enable C++ Exceptions C++ Exceptions Command line Option Remarks No No Exception handled. Yes /EHsc Only C++ Exception handled. With SEH /EHa Both C++ and SEH exception handled. (Destructor will not be called on stack unwinding)
  • 41. Page 41 2013 By K.S.Shanmuga sundaram Terminologies
  • 42. Page 42 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
  • 43. Page 43 2013 By K.S.Shanmuga sundaram WinDbg – A Introduction  Microsoft Windows Debugger  GUI Debugger. Both user and kernel mode debugger. Non-Invasive Debugger.  Freeware.  Light weight
  • 44. Page 44 2013 By K.S.Shanmuga sundaram WinDbg – Command Types Command Types Description Regular Commands Used debug processes Meta or Dot-Commands usually to control the behavior of the debugger Extension Commands implemented as exported functions in extension DLLs
  • 45. Page 45 2013 By K.S.Shanmuga sundaram WinDbg – Commands Command Types Examples Regular Commands K Meta or Dot-Commands .cls, .reload, .time Extension Commands !analyze, !locks, !teb, !peb
  • 46. Page 46 2013 By K.S.Shanmuga sundaram WinDbg Commands Command Description !analyze –v Analyze Exceptions. !analyze -hang –v Analyze Hanging. !gle Get Last Error. .lastevent Get last exception Event. .ecxr Display Exception context. !sym noisy While loading symbols displays error information. Be default it is OFF. K Display Call stack. ld * Load all Modules. !for_each_frame Display call stack with Frame number. .frame N Set “N” Frame as context
  • 47. Page 47 2013 By K.S.Shanmuga sundaram WinDbg Commands Command Description .reload /f /v /i Load all modules forecefully with verbose !teb Thread Environment block ( Formatted output) !peb Process Environment block ( Formatted output) !runaway Displays information about time consumed by each thread. dt nt!_TEB Full Thread Environment block ~ Display all threads Info || Display process Info !wow64exts.sw Switches 64bit dump file into 32bit. dt ModulName!* Display all available data type in a module. dt ModulName!Type Display declaration for a given data type.
  • 48. Page 48 2013 By K.S.Shanmuga sundaram WinDbg Commands Command Description .symopt Display Current Symbol loading settings .symopt +0x40 Forcefully try to match PDB with Target Binary. set's flag of "SYMOPT_LOAD_ANYTHING". It mean it will not check for timestamp !locks Display critical section Info !handles Display handles Info
  • 49. Page 49 2013 By K.S.Shanmuga sundaram Any Questions? Session - 1
  • 50. Page 50 2013 By K.S.Shanmuga sundaram Session - 2
  • 51. Page 51 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
  • 52. Page 52 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Setup1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
  • 53. Page 53 2013 By K.S.Shanmuga sundaram Registry Path HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NT CurrentVersion AeDebug Registry Values Value Name Remarks Debugger Debugger Executable full path Auto 0 - message box will be displayed prior to postmortem debugging. 1 - No message box. Postmortem Debugger Setup Registry Settings - Windows XP and prior OS.
  • 54. Page 54 2013 By K.S.Shanmuga sundaram Registry Path HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsWindow s Error ReportingLocalDumps In case of 64 bit set corrresponding registry locations (wow64). Registry Path Value Name Value Data DumpFolder Dump file complete path DumpCount Total Dump file count DumpType 0 - custom, 1 - Mini, 2 – Full CustomDumpFlags Valid if DumpType=0, Possible hexadecimal values = 0,1,2,4,8,10,20,40,80,100,200,400,800,1000,2000,4000,100 00, 20000,40000,80000,100000,1fffff. Refer MSDN for details. Postmortem Debugger Setup Registry Settings - Windows Server 2008, Vista with SP1 and 7.0.
  • 55. Page 55 2013 By K.S.Shanmuga sundaram Postmortem Debugger Setup Default Enabling Tool Settings Dr.Watson drwtsn32 –I WinDbg WinDbg –I Visual Studio Tools -> options --> Debugging --> Just-In-Time Enable All
  • 56. Page 56 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
  • 57. Page 57 2013 By K.S.Shanmuga sundaram WinDbg Setup Environment Variables _NT_SYMBOL_PATH _NT_ALT_SYMBOL_PATH _NT_DEBUGGER_EXTENSION_PATH _NT_EXECUTABLE_IMAGE_PATH _NT_SOURCE_PATH
  • 58. Page 58 2013 By K.S.Shanmuga sundaram WinDbg Setup Symbol, Image & Source path Setup Path Type File type Files Symbol path Program database files (.pdb) Target application, Windows binaries, and all dependents binaries. Source path Source files (.cpp & .h, .cs) Target application, CRT libraries, and all dependent binaries. Image Path Binary files (.exe, .dll) Target application, Windows dll, and all dependents.
  • 59. Page 59 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
  • 60. Page 60 2013 By K.S.Shanmuga sundaram Dump File Creation Using Tools Tool Remarks Process Explorer Right Click  Create Dump ProcDump procdump.exe -ma Target.exe WinDbg WinDbg -pv -pn Target.exe -c ".dump /ma DumpFileName.dmp;q" Task Manager Right Click  Create Dump Dr.Watson Drwatson.exe (Enable Create Dump File)
  • 61. Page 61 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
  • 62. Page 62 2013 By K.S.Shanmuga sundaram Dump File Creation Using Win32 API Refer Sample MFC_1
  • 63. Page 63 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
  • 64. Page 64 2013 By K.S.Shanmuga sundaram Case Study - 1 Exception type Access violation exception Sample code 1 – Refer Sample MFC_1 int* i = NULL; *i = 100; Sample code 2 Printf(“%s%s%s%s%s%s%s%s%s%s”);
  • 65. Page 65 2013 By K.S.Shanmuga sundaram Case Study - 2 Exception type Stack Overflow Sample code 1 – Refer Sample MFC_1 Void TestMethod() { unsigned char Temp[1024*1024*1024]; } Sample code 2 Void TestMethod() { TestMethod(); }
  • 66. Page 66 2013 By K.S.Shanmuga sundaram Case Study - 3 Exception type Divide by Zero Sample code 1 - Refer Sample MFC_1 Void TestMethod() { int nTemp = 100; nTemp = nTemp / (nTemp - nTemp ) }
  • 67. Page 67 2013 By K.S.Shanmuga sundaram Case Study - 4 Exception type High CPU usage Sample code 1 – Refer Sample MFC_2 UINT ThreadProc1(LPVOID pParam_in) { while(1); eturn 1; } UINT ThreadProc2(LPVOID pParam_in) { for(long i=0;i<200000;i++); return 1; } UINT ThreadProc3(LPVOID pParam_in) { for(long i=0;i<900000;i++); return 1; }
  • 68. Page 68 2013 By K.S.Shanmuga sundaram Case Study - 5 Exception type Deadlock Sample code 1 – Refer Sample MFC_3 UINT ThreadProc1(LPVOID pParam_in) { CommonMethod(); return 1; } UINT ThreadProc2(LPVOID pParam_in) { CommonMethod(); return 1; } void CommonMethod() { EnterCriticalSection(&CriticalSection); //LeaveCriticalSection(&CriticalSection); }
  • 69. Page 69 2013 By K.S.Shanmuga sundaram References "Microsoft Windows Internals” by Mark Russinovich and David Solomon 5th Edition "Advanced Windows Debugging" by Mario Hewardt and Daniel Pravat “Memory Dump Analysis Anthology“ by Dmitry Vostokov
  • 70. Page 70 2013 By K.S.Shanmuga sundaram Any Questions? Session - 2
  • 71. Page 71 2013 By K.S.Shanmuga sundaram Questions? For more details, please contact http://www.linkedin.com/in/shanmugasundaramks sundarammails@gmail.com K.S.Shanmuga sundaram Software Architect, Bangalore, India