windbg

问题 One can dump all the string using the following command !dumpheap -type System.string How can dump or print only those string which starts or contains a specific "string" Example. I am only intrested to view the string which contains "/my/app/request" 回答1: Use sosex instead of sos for this. It has a !strings command which allows you to filter strings using the /m:<filter> option. 回答2: Use !sosex.strings. See !sosex.help for options to filter strings based on content and/or length. 回答3: Not

问题 I'm analyzing a dump which shows something strange: there seem to be a contradiciton between the command !heap -x -v hexadecimal_address and !heap -flt s size_of_block I'm inquiring about dangling pointers. In this dump, this dangling pointer happened to be: 0x0bdd00c0 To retrieve info about the heap memory block I use !heap -x -v 0bdd00c0 which returns Entry User Heap Segment Size PrevSize Unused Flags ----------------------------------------------------------------------------- 0bdd00b8

问题 I have a managed code Windows Service application that is crashing occasionally in production due to a managed StackOverFlowException. I know this because I've run adplus in crash mode and analyzed the crash dump post mortem using SoS. I have even attached the windbg debugger and set it to "go unhandled exception". My problem is, I can't see any of the managed stacks or switch to any of the threads. They're all being torn down by the time the debugger breaks. I'm not a Windbg expert, and,

问题 I have a .Net application dump which captured an exception, I'm analysing using windbg and interested in the value of a String parameter on one of the methods. I've isolated the String object. My windbg working is: 0:000> .loadby sos mscorwks 0:000> !dso OS Thread Id: 0x16f0 (0) RSP/REG Object Name 00000000001fe908 000000000f011440 System.AppDomainSetup 00000000001fe918 000000000f0335f8 System.ArgumentException 00000000001fe920 000000000f011b60 System.String 0:000> !do 000000000f011b60 Name:

问题 I am interested in which symbol file is used when we analyze dump file using Windbg or Visual Studio. Suppose my application is using a utility library, and the utility library has related private symbol file. When there is crash dump in my application, I need the symbol of the utility library to analyze the full call stack. But sometimes the build/runtime/debug environments are installed with different versions of the utility library -- which are (for sure) of different versions of utility

问题 The section object from a 3thParty vendor is named rpsPdf10.mutex and it's intended use is to mimic a semaphore by writing a Boolean flag to it. Using LiveKd and with a lot of help from SO, I've issued following command's trying to get detailed info of this Section object. 0: kd>!process 0 0 3thParty.exe ... PROCESS fffffa800ea80060 SessionId: 0 Cid: 0a00 Peb: fffdf000 ParentCid: 014c DirBase: 99349000 ObjectTable: fffff8a004448bf0 HandleCount: 338. Image: 3thParty.exe ... 0: kd> !handle 0 7

问题 While dumping heap of a win32 processes (Mostly in process which has high heap memory consumption like IE ) using !heap -a 004e0000 I find multiple segments of a particular heap like , Heap entries for Segment00 in Heap 004e0000 Heap entries for Segment01 in Heap 004e0000 Heap entries for Segment02 in Heap 004e0000 My questions are Question 1. Why its necessory to divide single heap into multiple segments ? Question 2. Most of the times I find a large gap between two segments. For example in

问题 I have used the following sos command to enumerate all instances of a particular type in a running asp application (hosted on windows xp 4 GB machine). .foreach (obj { !dumpheap -type ::my type:: -short ::start of address space:: ::end of address space:: }) { !objsize ${obj} }. This enumerates all objects of the given type in gc gen2. The object size on an average seems to be around 500 KB and there are around 2000 objects. This alone adds up to around 1 GB of memory whereas my asp-process

问题 I have a situation where IE7 hangs accessing my web app. Based on the excellent suggestion from George V. Reilly, I installed WinDbg to download the IE symbols, setup Process Explorer to use those symbols, and then used Process Explorer to get a stack trace for the hung thread. I have pasted the stack trace below. Does someone more familiar with the IE internals have an idea of what is happening, or a suggestion on how to progress with this? ntkrnlpa.exe!KiUnexpectedInterrupt+0x8d ntkrnlpa

问题 Let's say I have a memory dump of a process. I want to run a report on it, so essentially I want to open WinDBG, load SOS and run a script that runs some commands, parses the output and then runs some more commands based on that. Apart from hackish stuff like SendKeys, is there a way to automate/script this process? Or can I write my own tool on top of SOS.dll/whatever? 回答1: The best way to do this is through a DbgEng based application. Essentially this serves as a replacement for WinDBG,