. Net Memory Object Analysis

In a production environment, by running the log we will find some anomalies, at this time, we can not directly take vs remote to the server debugging, while the log output information can not reflect the state of the object in memory, for example, we want to see all the socket connection status, service routing information and so on.

That is: how to analyze. Net Runtime memory objects?

So, today we recommend. NET Advanced prerequisite Artifact:Windbg, which analyzes the state of an object in memory based on Windbg.

Take the actual scene as an example, this can be more fit for practical application, at the same time more reference significance.

Business Scenario: in a distributed environment, each service container process caches the socket connection information of each service, which facilitates mutual access between services. But the network is occasionally to jitter, in the moment of jitter, many socket connections are interrupted, the service caller received the exception message is: The connection has been interrupted.

How do I quickly locate which socket connections are interrupted? What servers and ports are connected to these disconnected socket connections? This information can help us analyze specific network problems while doing some procedural compensation: connection reconstruction. A goal to keep the program high availability!

So, please out of our protagonist today: Windbg, Microsoft's official introduction:

http://windbg.org/

Further, we need to crawl the memory image for a moment in the specified process and then use WinDbg to analyze the state of various objects, threads, thread pools, destructor queues, heaps, CPU cores, and so on in memory.

Therefore, in the first step, we need to crawl a full dump file: Memory image file for the process to be in memory analysis.

Create a dump file, Task Manager, select process

The dump file is stored in the specified directory, and the directory needs to be copied for backup.

The second step is to download and install WinDbg from the following path:

https://developer.microsoft.com/en-us/windows/hardware/download-windbg

Choose X86 or X64 based on the number of digits in the operating system. Here we use the 64-bit operating system, the selected WinDbg (X64)

Step three: ctrl+d, open the dump file you just crawled

Fourth step: Load Debug with SOS.dll:. Loadby SOS CLR

. Loadby SOS CLR

Fifth Step: View objects of the specified type in memory

!dumpheap-type Socket

The socket here is the specific type, we want to see the socket connection status, so the type is socket

Mt=method Table in the header here

The mt:00007ffafe50d700 we need to use.

Sixth, look at the address of all the socket objects in memory:

!DUMPHEAP-MT 00007ffafe50d700

In the output, the first column is the memory address of one of the socket objects

At this point, we can use the following command to randomly view the information of a socket object:

!  do 000001b2d188ae00

The meaning of!do:!dumpobj

So the question comes, hundreds of socket objects, if one! Do view, this workload is too big! Of course you can't do that, WinDbg. foreach command

Search debugging Help.chm document,. Foreach gives a sample:

" G:\myfile.txt "

That is, looping through a text file, performing a command operation on each row of data.

OK, let's go back to our previous step in the output: The address list of each socket object, we copy it, and use the text Editing tool only to remove the first column (Socket address column), Save to 1.txt

Seventh step: Iterate through each Memory object

" C:\1.txt ") {!  do ADR}

Output:

Copy all the output to a text editor, search for the specified properties, such as M_isconnected=0, to find the disconnected socket object, and then further use!gcroot to view the reference relationship of the object. A step-by-step look at the information of each reference object can be roughly analyzed.

The above is the entire process of. Net Memory object analysis, shared to everyone.

Zhou

2017/10/06

. Net Memory Object Analysis