[转][Windbg] Windows Memory Analysis Checklist

http://www.dumpanalysis.org/windows-memory-analysis-checklist

General:

  • Symbol servers (.symfix)
  • Internal database(s) search
  • Google or Microsoft search for suspected components as this could be a known issue. Sometimes a simple search immediately points to the fix on a vendor?ˉs site
  • The tool used to save a dump (to flag false positive, incomplete or inconsistent dumps)
  • OS/SP version (version)
  • Language
  • Debug time
  • System uptime
  • Computer name (dS srv!srvcomputername or !envvar COMPUTERNAME)
  • List of loaded and unloaded modules (lmv or !dlls)
  • Hardware configuration (!sysinfo)
  • .kframes 1000

Application or service:

  • Default analysis (!analyze -v or !analyze -v -hang for hangs)
  • Critical sections (!cs -s -l -o, !locks) for both crashes and hangs
  • Component timestamps, duplication and paths. DLL Hell- (lmv and !dlls)
  • Do any newer components exist-
  • Process threads (~*kv or !uniqstack) for multiple exceptions and blocking functions
  • Process uptime
  • Your components on the full raw stack of the problem thread
  • Your components on the full raw stack of the main application thread
  • Process size
  • Number of threads
  • Gflags value (!gflag)
  • Time consumed by threads (!runaway)
  • Environment (!peb)
  • Import table (!dh)
  • Hooked functions (!chkimg)
  • Exception handlers (!exchain)
  • Computer name (!envvar COMPUTERNAME)
  • Process heap stats and validation (!heap -s, !heap -s -v)
  • CLR threads- (mscorwks or clr modules on stack traces) Yes: use .NET checklist below
  • Hidden (unhandled and handled) exceptions on thread raw stacks

System hang:

  • Default analysis (!analyze -v -hang)
  • ERESOURCE contention (!locks)
  • Processes and virtual memory including session space (!vm 4)
  • Important services are present and not hanging
  • Pools (!poolused)
  • Waiting threads (!stacks)
  • Critical system queues (!exqueue f)
  • I/O (!irpfind)
  • The list of all thread stack traces (!process 0 3f)
  • LPC/ALPC chain for suspected threads (!lpc message or !alpc /m after search for "Waiting for reply to LPC" or "Waiting for reply to ALPC" in !process 0 3f output)
  • RPC threads (search for "RPCRT4!OSF" in !process 0 3f output)
  • Mutants (search for "Mutants - owning thread" in !process 0 3f output)
  • Critical sections for suspected processes (!cs -l -o -s)
  • Sessions, session processes (!session, !sprocess)
  • Processes (size, handle table size) (!process 0 0)
  • Running threads (!running)
  • Ready threads (!ready)
  • DPC queues (!dpcs)
  • The list of APCs (!apc)
  • Internal queued spinlocks (!qlocks)
  • Computer name (dS srv!srvcomputername)
  • File cache, VACB (!filecache)
  • File objects for blocked thread IRPs (!irp -> !fileobj)
  • Network (!ndiskd.miniports and !ndiskd.pktpools)
  • Disk (!scsikd.classext -> !scsikd.classext class_device 2)
  • Modules rdbss, mrxdav, mup, mrxsmb in stack traces
  • Functions Ntfs!Ntfs, nt!Fs and fltmgr!Flt* in stack traces

BSOD:

  • Default analysis (!analyze -v)
  • Pool address (!pool)
  • Component timestamps (lmv)
  • Processes and virtual memory (!vm 4)
  • Current threads on other processors
  • Raw stack
  • Bugcheck description (including ln exception address for corrupt or truncated dumps)
  • Bugcheck callback data (!bugdump for systems prior to Windows XP SP1)
  • Bugcheck secondary callback data (.enumtag)
  • Computer name (dS srv!srvcomputername)
  • Hardware configuration (!sysinfo)

.NET application or service:

  • CLR module and SOS extension versions (lmv and .chain)
  • Managed exceptions (~*e !pe)
  • Nested managed exceptions (!pe -nested)
  • Managed threads (!Threads -special)
  • Managed stack traces (~*e !CLRStack)
  • Managed execution residue (~*e !DumpStackObjects and !DumpRuntimeTypes)
  • Managed heap (!VerifyHeap, !DumpHeap -stat and !eeheap -gc)
  • GC handles (!GCHandles, !GCHandleLeaks)
  • Finalizer queue (!FinalizeQueue)
  • Sync blocks (!syncblk)

原文地址:https://www.cnblogs.com/herryzz/p/10476958.html

时间: 2024-10-13 06:03:05

[转][Windbg] Windows Memory Analysis Checklist的相关文章

About Memory Analysis

关于内存分析About Memory Analysis 每当应用程序创建对象时,都会为它们分配内存.传统上,它已被应用的工作跟踪这些对象并释放他们时,他们不再需要的内存可以分配其他对象.自动引用计数(ARC)是一种通过让系统负责内存管理而使事情变得更容易的特性.在启用ARC的情况下,系统处理监控对象分配,并在适当时释放它们,只剩下很少的应用程序要做.然而,不管内存是如何管理的,即使是最好的应用程序设计也会遇到难以分离的偶尔内存问题.Whenever your app creates object

Eclipse Memory Analysis进行堆转储文件分析

生成堆转储文件 1.新建项目,设置Eclispe Java堆的大小: (1)限制Java堆大小:将最小值 -Xms参数与最大值-Xmx参数设置一样可避免堆的扩展 -Xmx20m -Xms20m -Xmn10m -Xss1m (2)通过参数:-XX:+HeapDumpOnOutOfMemoryError,可以让VM在出现内存溢出异常时Dump当前内存堆转储快照         -Xmx20m -Xms20m -Xmn10m -Xss1m -XX:+HeapDumpOnOutOfMemoryErro

Memory Analysis Part 1 – Obtaining a Java Heapdump

转自: https://blog.codecentric.de/en/2008/07/memory-analysis-part-1-obtaining-a-java-heapdump/ For troubleshooting Java memory leaks and high memory usage problems, the heapdump is one of the most important analysis features. The advantage of heapdumps

How to detect and avoid memory and resources leaks in .NET applications

Despite what a lot of people believe, it's easy to introduce memory and resources leaks in .NET applications. The Garbage Collector, or GC for close friends, is not a magician who would completely relieve you from taking care of your memory and resou

Migrating Oracle on UNIX to SQL Server on Windows

Appendices Published: April 27, 2005 On This Page Appendix A: SQL Server for Oracle Professionals Appendix B: Getting the Best Out of SQL Server 2000 and Windows Appendix C: Baselining Appendix D: Installing Common Drivers and Applications Installing

.NET Memory Profiler 查看内存使用情况

1 简介 .Net Memory Profiler(以下简称Profiler):专门针对于.NET程序,功能最全的内存分析工具,最大的特点是具有内存动态分析(Automatic Memory Analysis)功能. 2 安装 http://memprofiler.com/download.aspx 下载好后 直接下一步下一步 3 使用方法 支持7种类型.NET程序 启动跟踪(Profiler Application) 选定对应的调试方式,如调试桌面程序,选中Profiler Applicati

[Android Memory] Android内存管理、监测剖析

转载自:http://blog.csdn.net/anlegor/article/details/23398785 Android内存管理机制: Android内存管理主要有:LowMemory Killer机制,Ashmem,PMEM/ION及Native内存和Dalvik内存管理管理和JVM垃圾回收机制. LowMemory Killer机制: 源码位置drivers/staging/Android/lowmemorykiller.c Android是一个多任务系统,也就是说可以同时运行多个

Windows 7 帮助和支持资源—第三方软件

1.Sisoftware Sandra Utilities 提供windows的系统信息和诊断 www.sisoftware.net 2.Windows Sysinternals 微软的工具和应用程序包 www.sysinternals.com 3.Zinstall zPOD 将系统和应用程序制成镜像 www.zinstall.com 4.GoToAssist 用于Apple机器,远程桌面和协助 www.gotoassist.com 5.SpinRite 报告导致功能异常和数据丢失的磁盘错误(物

windows蓝屏代码大全及常见蓝屏解决方案

对于以下的代码查询建议使用ctrl+F查询,而且很多蓝屏与黑屏的问题多是最近操作引起的,例如更新驱动,安装新的硬件.软件--把相关的配置调到最近的正常状况大多可以解决,确实不行时方可考虑重装系统,解决问题的大法,不过重装系统前请注意做好备份工作! 蓝屏代码含义 (代码已经做了省略,每个的x后面都少了4个0) 0 0x0000 作业完成.1 0x0001 不正确的函数.2 0x0002 系统找不到指定的档案.3 0x0003 系统找不到指定的路径.4 0x0004 系统无法开启档案.5 0x000