If broken it is, fix it you should

Using the powers of the debugger to solve the problems of the world - and a bag of chips    by Tess Ferrandez, ASP.NET Escalation Engineer (Microsoft)

Posts
  • If broken it is, fix it you should

    Back to Basics - How do I get the memory dumps in the first place? And what is SOS.dll?

    • 20 Comments
    Windbg.exe and its friends can be installed from http://www.microsoft.com/whdc/devtools/debugging/default.mspx Once you have them installed on a machine, you can simply copy the directory where they are installed (usually c:\program files\debugging tools for windows) to any machine that you need them on. No other installation is really necessary. Before we even start with how you get the dumps, you might be interested in what a memory dump actually is... A memory dump is a snapshot of a...
  • If broken it is, fix it you should

    A Hang Scenario, Locks and Critical Sections

    • 19 Comments
    The situation here is that the server at times slows down considerably, or even hangs completely. Requests start timing out and no new requests seem to be getting through. The scenario below is a bit simplified but it shows the technique to find owners, waiters and locations for locks. A quick look with ~* kb (listing the native stack for all threads) shows us that most threads are sitting in this type of stack… 30 Id: d78.c68 Suspend: 1 Teb: 7ff5a000 Unfrozen ChildEBP RetAddr Args to Child ...
  • If broken it is, fix it you should

    Things to ignore when debugging an ASP.NET hang

    • 14 Comments
    When looking at a dump, a lot of the art of debugging (I like to call it an art because it makes me feel more important:)) is knowing what you can ignore so you can get to the goodies. Especially if you are looking at a hang, it’s nice to know what the most common threads are so you can just scan them and say not that one, not that one, well you get the idea. Since I work mostly with asp.net I’m going to dissect a w3wp.exe dump (IIS 6) and show you some of the more common stacks. Common for...
  • If broken it is, fix it you should

    Why do I get weird function names on my stack? (a discussion on symbols)

    • 20 Comments
    Symbols can contain information about global variables, local variables, function names, parameters, structures and source line numbers. There are 3 types of symbols, export symbols, pdb symbols (public symbols) and private pdb symbols (private symbols). The export symbols are part of the dll itself. For example ntdll.dll and kernel32.dll expose a big part of their functions as export symbols so that they can be called as API’s, but most dll’s that you find in a process have a very small set...
  • If broken it is, fix it you should

    Associate windbg with .dmp files

    • 17 Comments
    If you get tired of starting the debugger, loading your dump, setting up your sympath, loading your extensions, etc. etc. here is a nifty way of getting "Debug this dump" on the context menu for .dmp files and get all your favourite commands automatically loaded. First create a .reg file with the following contents (as always be very careful when modifying the registry) Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.dmp] @="Debugger.Dump" [HKEY_CLASSES_ROOT\Debugger.Dump] ...
  • If broken it is, fix it you should

    Are you aware that you have thrown over 40,000 exceptions in the last 3 hours?

    • 51 Comments
    This may seem like a preposterous statement, but unfortunately it’s all too common. In my work I go through a lot of dumps, somewhere in the neighborhood of 5-20 in a day:) Since the information is readily available to me, I usually do a quick check for the number of exceptions that the application has thrown and what types of exceptions they are so I can make the customers aware. More often than not, the applications are throwing a lot more exceptions than the developers expected, or they were...
  • If broken it is, fix it you should

    What on earth caused my process to crash?

    • 10 Comments
    So you got a 1000 w3wp.exe stopped unexpectedly in the eventviewer or your process just exited in some weird undefined way and you don't know why. When a process crashes or exits a special event will be fired called EPR (Exit PRocess) so with a debugger like windbg.exe we can attach to the process, wait for epr to be thrown and take a memory dump. When you install the debugging tools for windows you get a vbs script called adplus ( http://support.microsoft.com/default.aspx?scid=kb;en-us;286350...
  • If broken it is, fix it you should

    !dumpheap –stat explained… (debugging .net leaks)

    • 15 Comments
    The most powerful command when debugging a managed memory leak is by far !dumpheap. It will show you all the objects on the managed heaps and using the different switches of !dumpheap you can display the output in virtually any way you want. !dumpheap is a function of the sos.dll extension that comes with the framework installation (in the framework directory) and if you have the SDK installed you can find some basic help for it’s usage in C:\Program Files\Microsoft Visual Studio .NET 2003...
  • If broken it is, fix it you should

    I have a memory leak!!! What do i do? (defining the "where")

    • 17 Comments
    Not that it matters a tremendous lot but just because it is a big pet-peeve of mine I want to differentiate between a real memory-leak and high memory usage. A memory leak is when you used some memory and lost the pointer to the allocation so you can no longer de-allocate that memory. If you still have a pointer to it, you have high-memory usage, which might be just as bad in terms of what happens to the process but still different J Just to make things simple I’ll use the term memory leak for both...
  • If broken it is, fix it you should

    Who is this OutOfMemory guy and why does he make my process crash when I have plenty of memory left?

    • 11 Comments
    To answer this question, there are a few concepts we need to discuss. Working on a 32-bit system, you can address 4 GB of memory, out of this 2 GB is typically reserved to the Operating System and 2 GB are allowed for each user mode process, such as w3wp.exe (asp.net) for example. This memory is called virtual memory and the 2 GB’s are 2GB independently of how much RAM you have added to the system. The amount of RAM simply decides how much paging and swapping you will do, i.e. how fast memory access...
  • If broken it is, fix it you should

    Why I love the debugger...

    • 30 Comments
    10 years ago, still in college, I started working for a company developing real-time systems for trains in Motorola HC11 assembly. Although very interesting and challenging it was a relief to later move on to some more high-level languages, but in the end, no matter how high-level the programming language you work in, everything comes down to machine instructions and ones and zeros. There is just a bunch of stuff between you and the nitty-gritty that normally you might think you don't need to care...
Page 11 of 11 (261 items) «7891011