windbg | 易学教程

What the “EE” means in SOS?

阅读更多关于 What the “EE” means in SOS?

问题 I found "EE" is a magic word for me. Inside CLR, there is a "EEClass", which is created by CLR class loader. And I don't know why it is called EEClass. Now, come to the SOS world, there are more EE here, like EEHeap, EEStack [-EE], Name2EE.... Do they stand for the same meaning here ? 回答1: The CLR started life long before it was adopted to run .NET code. Started as the Universal Runtime in Project 42, a highfaluting project that failed but whose parts survived in subsequent projects, like

Get method name from delegate with WinDbg

阅读更多关于 Get method name from delegate with WinDbg

问题 I have the following dump of delegate object: Name: MyEventHandler MethodTable: 132648fc EEClass: 1319e2b4 Size: 32(0x20) bytes Fields: MT Field Offset Type VT Attr Value Name 790fd0f0 40000ff 4 System.Object 0 instance 014037a4 _target 7910ebc8 4000100 8 ...ection.MethodBase 0 instance 00000000 _methodBase 791016bc 4000101 c System.IntPtr 1 instance 2ef38748 _methodPtr 791016bc 4000102 10 System.IntPtr 1 instance 0 _methodPtrAux 790fd0f0 400010c 14 System.Object 0 instance 00000000

How to use WinDbg to analyze the crash dump for VC++ application?

阅读更多关于 How to use WinDbg to analyze the crash dump for VC++ application?

How do I use WinDbg for analyzing a dump file? John Dibling Here are some general steps that will get you on your way: First, you must change your compiler's settings so that it creates PDB files, even for release builds. Later versions of the Visual C++ compiler do this by default, but in many versions of Visual C++ you must do this yourself. Create program database files, and then keep an archive of those files along with each build of your application. It is critical that every build of your applications has its own set of PDBs. You can't just reuse the same ones you made with build 10 to

windbg crash dump analysis, high cpu usage -

阅读更多关于 windbg crash dump analysis, high cpu usage -

问题 My application(web api) is suffering with high cpu, while analyzing dump, I see my most of the threads have this !dumpstack -: Child-SP RetAddr Caller, Callee 00000030497bec00 00007ffbb19e1118 KERNELBASE!WaitForSingleObjectEx+0x94, calling ntdll!NtWaitForSingleObject 00000030497beca0 00007ffba8375dda clr!CLRSemaphore::Wait+0xee, calling kernel32!WaitForSingleObjectEx 00000030497becd0 00007ffba837345d clr!GCCoop::GCCoop+0xe, calling clr!GetThread 00000030497bed60 00007ffba8375842 clr

TP 笔记～

阅读更多关于 TP 笔记～

、安装与配置 windbg 的 symbol (符号) 本篇是新手自己写的一点心得.建议新手看看.同时希望前辈多多指教. 写这篇的动机:在网上找了一上午的 windbg 配置符号教程.楞是没找到详细的,都讲的太模糊而且互相抄袭.不适合新手看.终于靠自己的努力弄懂了一点,呵呵写出来新手们分享. 安装与配置 windbg 的 symbol (符号) 第一步是从 http://www.microsoft.com/ddk/debugging 下载最新版本的 WinDBG，因为符号服务器二进制文件是由 WinDBG 小组开发的。您将需要检查是否有 WinDBG 更新版本，因为该小组似乎具有相当紧凑的发布日程安排，并且每隔几个月就会发布更新版本。第二步双击下载的文件安装 windbg .安装时注意记住安装到那里了. 第三步 windbg 访问符号需要两个文件(SYMSRV.DLL 和 SYMSTORE.EXE)所以添加主 path 环境变量中它们的路径进去,即:你的 windbg 安装目录. 操作方法:在桌面我的电脑点右键--属性--高级--环境变量,在系统变量列表框中找到 path 双击,在变量值最后面加一个分号再把你的安装目录写上.点确定. 这一步是告诉 windbg 那两个文件放在什么地方. 第四步新建一个环境变量_NT_SYMBOL_PATH 值为: SRV*c:

PEB windbg笔记

阅读更多关于 PEB windbg笔记

windbg 调试进程。 0:001> dg @fs P Si Gr Pr Lo Sel Base Limit Type l ze an es ng Flags ---- -------- -------- ---------- - -- -- -- -- -------- 0038 7ffde000 00000fff Data RW Ac 3 Bg By P Nl 000004f3 <--------------7ffde000 0:001> r $teb $teb=7ffde000 <-------------- fs:[0x30] 就是 PEB结构的指针. 继续分析怎么得出 0x30是peb的。 0:001> dt ntdll!*teb* <----------------------------dt查看结构使用通配符查处TEB结构的名称 ntdll!_TEB ntdll!_GDI_TEB_BATCH ntdll!_TEB_ACTIVE_FRAME ntdll!_TEB_ACTIVE_FRAME_CONTEXT ntdll!_TEB_ACTIVE_FRAME_CONTEXT 0:001> dt -r -v ntdll!_TEB <------------------------- -r -v 不清楚怎么解释反正就这样用吧。获取信息更多。 struct _TEB, 66

Why use WinDbg vs the Visual Studio (VS) debugger?

阅读更多关于 Why use WinDbg vs the Visual Studio (VS) debugger?

问题 What are the major reasons for using WinDbg vs the Visual Studio debugger? And is it commonly used as a complete replacement for the Visual Studio debugger, or more for when the need arises. 回答1: If you are wondering why you should use windbg over Visual Studio, then you need to read Advanced Windows Debugging. Any time you need to debug a truly ugly problem windbg has better technology to do it with than Visual Studio. Windbg has a more powerful scripting language and allows you to write

LOH fragmentation - 2015 update

阅读更多关于 LOH fragmentation - 2015 update

问题 There is a lot of information available about the .NET LOH and it has been explained in various articles. However, it seems that some articles lack a bit of precision. Outdated information In Brian Rasmussen's answer (2009), program manager at Microsoft, he says the limit is 85000 bytes. He also let's us know that there is an even more curious case of double[] with a size of 1000 elements. The same 85000 limit is stated by Maoni Stephens (MSDN, 2008), member of the CLR team. In the comments,

How to use WinDBG to track down .net out of memory exceptions?

阅读更多关于 How to use WinDBG to track down .net out of memory exceptions?

I need to track down the reason for out of memory (OOM) exceptions in a .NET application. Using perfmon, the app crashes with an OOM when using relatively low memory (500-700mb), so I'm assuming some sort of heap fragmentation. After researching it looks like WinDBG is the tool to use to track this kind of problem down. I've set up DebugDiag on the server running the processes. I've also managed to load the dump from DebugDiag into WinDBG, hook up the symbol server and my own private symbol files and it all seems to work - I can run commands like !clrstack and !dumpheap -stat and I'll see my

What to do with “The version of SOS does not match the version of CLR you are debugging” in WinDbg?

阅读更多关于 What to do with “The version of SOS does not match the version of CLR you are debugging” in WinDbg?

问题 I'm having a problem with some of my apps. It's a wcf-based app running under IIS6 in Windows 2003 Server (x86): In Event Log I get such an error from "W3SVC-WP" source (EventID=2262): ISAPI 'C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll' reported itself as unhealthy for the following reason: 'Deadlock detected'. I'm trying figuring out what's going on. I've set up creating dump for Orphan Worker Process as described in this KB. When an deadlock occured a minidump is created.