advanced windows debugging
DESCRIPTION
How do you deal with issues that happen in production? Error and Event logs are helpful but often they provide little to no help with things like deadlocks and memory leaks. In this session we'll explore some low level utilities that allow us to take snapshots of running code and bring it back in house for analysis.TRANSCRIPT
Advanced Windows DebuggingChris Ortman, Innovative Systems
@chriso
About meProfessional developer for 11 years
Telecom
Lots of web
Language wonk
Former Castle Contributor
User Group Founder
INETA Senior Mentor
About this talk
Learn to troubleshoot systems in production using a low-level utility called windbg
Sometimes things go wrong in production
• Event Logs• Performance Monitor• Reproduce (Testing &
Staging)• Capture a dump of the
process and analyze
True Story
Obtaining a crash dump• Easiest way is with task manager
• Be careful of .NET version and platform architecture.
• Best to have them match
• Other tools• DebugDiag - Automate capture of
exceptions from IIS• ADPlus – Take dumps from the command
line• ProcDump – Capture running application
watches for thresholds
Install windbg• Download from Microsoft
• Install via chocolatey
• Need to configure symbol paths
SOS - .NET Debugging extension
• Installed with .NET framework
• Must be manually copied to windbg folder
http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx
C:\Program Files (x86)\Windows Kits\8.0\Debuggers\{x86,x64}
Symbol Paths
symsrv*symsrv.dll*c:\localsymbols*http://msdl.microsoft.com/download/symbols
Examine Heap!DumpHeap –stat
!DumpHeap –Type Person
We are looking for something with a high count of objects
Sometimes we will take 2 dumps and look for what is changing
!pe can print your exception
DumpObjWe can see fields here.
Value types we see the value
Reference types we see the reference on the heap
MethodTable
EEClass
DumpMTLookup for method invocation
Very fast
DumpClassMore info about each type
Stuff you would get from reflection
GCRootFind what is holding reference to your object
Pass an address or -all
lmShows the modules loaded into your program
!threadsView managed threads
~ shows all threads
~Ns – switch to a thread
~N e – do something to that thread like:~2 e !clrstack
Threads that are locked
!clrstack-p shows function arguments
-l shows information on local variables (no names for these, just address)
-a same as -l -p
Review
• !DumpHeap – Look at all the objects in your process, memory leaks• !GCRoot – Find what is referencing the object• !GCWhere – Tells you if the runtime has tried to collect it
• !DumpObj – Examine the internals of an object, figure out behavior• !DumpMT• !DumpClass
• !threads – See whats going on right now, look for locks. Deadlocks• !clrstack – Drill into specific thread
More Resources
• http://msdn.microsoft.com/en-us/library/bb190764(v=vs.110).aspx• http://www.slideshare.net/CoryFoy/debugging-net-applications-with-
windbg• http://blogs.msdn.com/tess• http://windbg.info/
Thank You!
Don’t forget to rate the talk
http://tinyurl.com/rsdcc13
Further questions
@chriso
Firstnamelastname at gmail dot com