windbg

I'm using WINDBG to analyze a dump file for a program that exhibits a bit too high memory usage. One of the objects involved is holding an object array, referencing a lot of objects I'd like to look at, to try to find out why they were allocated. Here's what I've tried: First, my collection of ServiceContainer objects: 0:000> !do 05633014 Name: System.Collections.Generic.List`1[[LVK.IoC.ServiceContainer, LVK.Core]] MethodTable: 08b3c7fc EEClass: 6f70ca78 Size: 24(0x18) bytes (C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll) Fields: MT Field Offset Type VT Attr Value

My application, an executable, is crashing on a remote machine. I don't have access to that machine, so I requested a dump, generated through Task Manager. Using WinDbg, on executing the command !analyze -v , I can see the following text among many others EXCEPTION_RECORD: (.exr -1) ExceptionAddress: 0000000000000000 ExceptionCode: 80000003 (Break instruction exception) ExceptionFlags: 00000000 NumberParameters: 0 How can I know if it is responsible for the crash? If it is not, how do I identify the real cause? Is the INT3 breakpoint the root cause? TLDR: if !findstack kernel32!WerpReportFault

My multithreaded app in C# 2.0 using threadpool hangs every few weeks or so in prod. I did a syncblk !syncblk Index SyncBlock MonitorHeld Recursion Owning Thread Info SyncBlock Owner 201 05b9493c 979 1 05bc1040 bcc 45 022f3490 System.Collections.ArrayList 2875 05b4c914 1 1 17b99e10 1af8 290 024862d8 MyProg.MyChildClass 3045 05b4dbec 1 1 17ca7e98 1990 664 02392120 MyProg.MyChildClass 3046 05b4dc1c 1 1 17ca8668 1038 666 02394b00 MyProg.MyChildClass 3194 05b4f80c 3 1 05b5b638 1594 31 02537b88 MyProg.MyChildClass 3072 05b4e114 1 1 17d660f0 1120 848 023dd578 MyProg.MyChildClass 3073 05b4e144 1 1

Based on following output of !address -summary command, I think I have got a native memory leak. In order to deterine the callstack on where these allocations are happening, I am following article at http://www.codeproject.com/KB/cpp/MemoryLeak.aspx 0:000> !address -summary TEB 7efdd000 in range 7efdb000 7efde000 TEB 7efda000 in range 7efd8000 7efdb000 TEB 7efd7000 in range 7efd5000 7efd8000 TEB 7efaf000 in range 7efad000 7efb0000 TEB 7efac000 in range 7efaa000 7efad000 ProcessParametrs 00441b78 in range 00440000 00540000 Environment 004407f0 in range 00440000 00540000 --------------------

Looking at a crash dump in windbg, I can see that all current threads are stalled at > ~2k ChildEBP RetAddr 00d2fcc8 7d4e27dc ntdll_7d600000!ZwWaitForMultipleObjects+0x15 or SingleObject variations of the same. As a handle to the object to wait on is passed to ZwWaitForMultipleObjects, I assumed that I could work out which object it was using a variation of !do <address> with the right address -- but I don't know how to construct the right address. I'm assuming I need some offset from the ChildEBP? Aeham Try these steps: Use the "~2s" command to switch context to thread #2 (this step is

I am using a third party closed source API which throws an exception stating that "all named pipes are busy". I would like to debug this further (rather than just stepping through) so I can actually learn what is happening under the covers. I have taken a dump of this process using WinDbg. What commands should I now use to analyse this dump? Thanks You could start doing as follows to get an overview of the exception: !analyze -v Now you could load the exception context record: .ecxr And now... just take a look at the stack, registers, threads,... kb ;will show you the stack trace of the crash.