windbg

.formats (Show Number Formats) .formats命令在当前线程和进程的上下文中计算表达式或符号，并以多种数字格式显示它。 .formats expression 参数： expression 指定要计算的表达式。 环境： 模式 用户模式下，内核模式 目标 实时、 崩溃转储 平台 全部 计算的表达式以十六进制、十进制、八进制和二进制格式以及单精度和双精度浮点格式显示。当字节对应于标准的ascii字符时，也会显示ascii字符格式。如果表达式在允许的范围内，则它也被解释为时间戳。 下面的示例显示十六进制的0x12。 0:000> .formats 0x12Evaluate expression: Hex: 00000012 Decimal: 18 Octal: 00000000022 Binary: 00000000 00000000 00000000 00010010 Chars: .... Time: Thu Jan 1 08:00:18 1970 Float: low 2.52234e-044 high 0 Double: 8.89318e-323 下面显示一个10进制的12 0:000> .formats 0n12 Evaluate expression: Hex: 0000000c Decimal: 12 Octal: 00000000014

I have a crash dump from a production server that shows an OutOfMemoryException. The exception itself is not relevant here. I happened to run a !dso to view the stack objects: 0:042> !dso OS Thread Id: 0x1014 (42) ESP/REG Object Name 246eeb24 109a21bc System.UnhandledExceptionEventHandler 246eeb2c 39083998 System.Runtime.Remoting.Proxies.__TransparentProxy 246eeb34 39083b5c System.UnhandledExceptionEventArgs 246eeb48 39073280 System.Byte[] 246eec10 2e720050 System.OutOfMemoryException [snip] 246ef250 0ac1c4d0 System.IO.MemoryStream <-- interesting I thought the MemoryStream might have

In the last month our ASP.NET web app has stopped responding to requests and we have had to reset the app pool to get it back up. We are having trouble identifying the exact cause of the issue, as there are no errors in the server's event log. The site simply stops responding. So we have been using WinDbg to try and analyse a memory dump taken when the site was not responding with the help of Tess Ferrandez's blog entries: GC Hangs & High CPU Hang By running !threadpool I can see the following: CPU utilization: 81% Worker Thread: Total: 10 Running: 8 Idle: 2 MaxLimit: 400 MinLimit: 160 Work

.effmach (Effective Machine) .effmach命令显示或更改调试器使用的处理器模式。 .effmach [MachineType] 参数： MachineType 指定调试器用于此会话的处理器类型。如果省略此参数，调试器将显示当前计算机类型。 您可以输入下列机器类型之一。 计算机类型 说明 . 使用目标计算机的本机处理器模式的处理器模式。 # 使用为最近事件执行的代码的处理器模式。 x86 使用基于 x86 的处理器模式。 amd64 使用基于 x64 的处理器模式。 ebc 使用 EFI 字节代码处理器模式。 arm 使用 ARM64 处理器模式。 chpe 使用 CHPE 处理器模式。 环境： 模式 用户模式下，内核模式 目标 实时、 崩溃转储 平台 全部 处理器模式影响许多调试器功能： 哪个处理器用于堆栈跟踪。 进程是使用32位指针还是64位指针。 哪个处理器的寄存器集是活动的。 来源： https://www.cnblogs.com/yilang/p/11563225.html

I have a dump created from a managed application. I am using SOS/SOSEX extentions to ease my dump analysis. I'd like to list down the call stack of all managed threads as we do ~*kb with native applications. How do we do that? Justin Use the sos !EEStack command: 0:007> .load sos 0:007> !EEStack See SOS.dll (SOS Debugging Extension) This command will dump all managed threads ~*e!dumpstack with sosex, use ~*e!mk (~ - thread, * - all, e - execute this command, !mk - display managed stack. Most of the commands in sosex mirror the native command, but have the m (managed) in front of them. 来源：

When I issued clrstack command, I got the following output. It is the callstack of a blocking thread which owns a deadlock and results in a deadlock. Is that its exact purpose? Does it have any other purposes (without any parameters). Where can I get more information? !clrstack OS Thread Id: 0x1b2c (6956) ESP EIP 0012f370 7c90e514 [HelperMethodFrame: 0012f370] System.Threading.Thread.SleepInternal(Int32) 0012f3c4 79299275 System.Threading.Thread.Sleep(Int32) 0012f3c8 00e0030f testlock.LockTest.Test() 0012f420 00e00146 testlock.Program.Main(System.String[]) 0012f69c 79e71b4c [GCFrame: 0012f69c]

I attached WinDbg to a running process and had the process crashed (I have a separate question re. that case). Once the program crashed, WinDbg stopped and allowed me to debug the program. I took a crash dump for further investigation with a command ".dump /ma". The program was compiled as "Any CPU" and I used WinDbg x64 to take the dump. Now I open WinDbg x64 on the same computer again and open the crash dump. Here is what it says: Loading Dump File [C:\crashdump.dmp] User Mini Dump File with Full Memory: Only application data is available Symbol search path is: SRV*c:\symbols*http://msdl

.exr (Display Exception Record) .exr命令显示异常记录的内容。 .exr Address .exr -1 参数： Address 指定异常记录的地址。如果指定-1作为地址，调试器将显示最新的异常。 环境： 模式 用户模式下，内核模式 目标 实时、 崩溃转储 平台 全部 .exr命令显示与调试器在目标计算机上遇到的异常相关的信息。 显示的信息包括异常地址、异常代码、异常标志和异常参数的变量列表。 通常可以通过使用!pcr扩展命令获取地址。 下面的例子是在dmp文件里的演示 这个是一个具体异常记录地址 0:000> .exr 010fd1c8 ExceptionAddress: 694c4b4c (nvoglv32!DrvPresentBuffers+0x000c19fc) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 4592e000 Attempt to read from address 4592e000 这个地址用-1的结果 0:000> .exr -1 *** ERROR: Symbol file could not be found.