Background
The dump file is a memory image of the process. You can save the execution state of the program through the debugger to the dump file. On Windows systems, the dump file is divided into kernel dump and user state dump two. The former is typically used to analyze kernel-related issues, such as drivers, which are typically used to analyze user-state programs.
The average programmer may not be able to reach the dump file, but it will be used more by operations. But if you fight on the front lines, learning to dump analysis is undoubtedly a tool to master. because there are many scenarios in which unit tests or performance tests under-line are not sufficient due to insufficient test cases or different hardware and PV levels for production and test environments, there is not enough log or stack information in the production environment to point to the cause of the problem. This time the analysis of the dump file appears to be very useful.
The body is divided into 3 sections to crawl dump and dump manual and automatic analysis. It is a convenient channel for beginners to analyze dump automatically.
I. Crawl dump
1. The simplest method through the Task Manager
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301448140713419.jpg "/>650) this.width=650 ; "src=" http://images.cnitblog.com/i/87114/201407/301459076336417.jpg "/>
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301459223522621.jpg "/>
2. By Debugdiag
Debugdiag is a dump crawl and analysis tool provided by Microsoft. Various rules can be established to crawl the dump under different conditions, while having a powerful dump analysis function.
: http://www.microsoft.com/en-us/download/details.aspx?id=26798
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301503142909461.jpg "/>
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301534370244277.jpg "/>
3. ADPlus mode
Run cmd, enter the directory where the Adplus.exe file is located, and run the following command:
Single process: ADPlus. exe – Hang – P <PID> – o D: ¥
Multiple processes: ADPlus. exe – Hang – P <PID1> p <PID2> – o D: ¥
Mini dump:adplus. Exe-minionsecond – Hang – P <PID> – o D: ¥
The choice of grasping mode:
Task Manager crawl is not suitable for dump files, corresponding to the system disk default storage path space is fully sufficient situation.
The Debugdiag crawl can be adapted to a variety of situations and is accomplished through the configuration of the tool.
ADPlus solves the limitations of how Task Manager crawls, and can handle large files that correspond to multiple processes.
Two. Dump Manual analysis
Tool: WINBDG
WinDbg is not a tool dedicated to debugging. NET programs, it is more on the ground floor and can be used for kernel and driver debugging. Carry on the ordinary. NET program debugging or using a Microsoft-developed debugging tool for. NET is mdbg more convenient. But WinDbg can see more of the underlying information, which is helpful for debugging some particularly problematic issues, such as memory leaks.
Tool Download: Winbdgtool.zip
Test code Download: mydumptest.7z
First add the Set symbol file path, when you compile the program using Visual Studio, are you aware of the. pdb suffix files under the Bin/debug folder? These files contain debug symbols with DLL assemblies, and PDB files do not contain execution code, but enable the debug tool to translate code execution instructions into the correct recognizable characters. Microsoft provides a public server with a large number of PDB files, with the following address: Http://msdl.microsoft.com/download/symbols. Open the WinDbg program, select “ File->symbol File path…“, copy the contents below to save. Srv*c:\temp*http://msdl.microsoft.com/download/symbols.
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301649271027966.jpg "/>
Below this line of command if you find out unable to verify checksum ... Or the message that's because you didn't add. NET SOS extension or SOS version does not correspond to: The SOS extension of the Net1.1 era has been brought to the WinDbg of the download installation, and since. Net2.0, the SOS extension has been brought into the. NET Framework: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ SOS.dll, the best way to avoid confusion is to use the previous Loadby Debugger meta command to let WinDbg decide what version of SOS to load.
Add Sos:.load C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\sos.dll.
After you load SOS, use the command. Chain to see if the SOS extension has been successfully included in the debug chain.
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301705555081802.jpg "/>
View the version number of SOS through!eeversion.
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301706480872506.jpg "/>
Combat Command: ~ View threads
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301658551801915.jpg "/>
This indicates the number of threads logged in the current dump. If you want to switch threads, use the wavy line + ordinal +s to switch, such as switch to Thread 2, then use ~2s.
LM View the modules you loaded
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301710063999087.jpg "/>
KB View native code call stack
With ~ Now only the thread information, for each thread, at the moment of being caught, in executing what we have command: KB.
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301702043524089.jpg "/>
You should look familiar to the CLR. More detailed debugging information can be seen here.
!runaway (view threads corresponding to CPU uptime)
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301712492274309.jpg "/>
Because our test program is a thread-blocking test, we choose a run time of 0, for example 415
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301715006495926.jpg "/>
!dso to view objects in this stack
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301720366961062.jpg "/>
!clrstack View the managed code call stack for this thread
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301727546497664.jpg "/>
By the above we can see that this thread has always been in a blocking state.
Here basically a small test program can be over, of course WinDbg function far more than that, here to share some resources for everyone.
Resource download: WinDbg getting started. rar WinDbg usage details. 7z
three. Dump Auto-Analysis
1. Debugdiag
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301531220878364.jpg "/>
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301535311021723.jpg "/>
Here are a few rule types of choice, generally we often use crash to see the lock and blockage situation, performance to check the performance of the problem.
Click to start analysis directly after selecting
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301537013529683.jpg "/>
Generating reports
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301747538686228.jpg "/>
View Description
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301749236802491.jpg "/>
Click Details
650) this.width=650; "src=" http://images.cnitblog.com/i/87114/201407/301552455718853.jpg "/>
In this way, the red font is where the problem lies. Then according to the specific issues issued to the corresponding development department to solve.
2. Hang Automation analysis
Enter the following command in WinDbg
. Shell-ci "~* kb;. Echo MANAGED threads;! Threads;. echo MANAGED callstacks;~* e!clrstack; " D:\xx.exe
This article first come to this hope to be helpful to everybody
This article is from the "Internet of concern" blog, please be sure to keep this source http://dubing.blog.51cto.com/3911153/1537081