SlideShare una empresa de Scribd logo

Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmugasundaram

Shanmuga KS
Shanmuga KS

This training comprises of 2 sessions Session -1 (Theory) 1. Understanding Dump File 2. Varieties of Dump File 3. Creation of Dump File 4. Terminologies for analyzing of Dump File 5. Introduction to WinDbg Session -2 ( Lab) 1. Postmortem Debugger Settings 2. WinDbg Setup 3. Dump File creation using Tools 4. Dump File creation using Win32 API 5. Dump File Analyzing case study For Download, drop mail to contactshanmugaks@gmail.com

EducaciónTecnología
1 de 71
Descargar para leer sin conexión
Crash Dump Analysis using WinDbg By K.S.Shanmuga sundaram
Page 2 2013 By K.S.Shanmuga sundaram About Training +
Page 3 2013 By K.S.Shanmuga sundaram Session - 1
Page 4 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
Page 5 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
Page 6 2013 By K.S.Shanmuga sundaram Varieties of Bugs Bugs Arithmetic Logical syntax Resource Multi Threaded Perform - ance User Interface
Page 7 2013 By K.S.Shanmuga sundaram Impact of Bug on Application Application may Malfunction Application may Crash Application may Hang
Page 8 2013 By K.S.Shanmuga sundaram Application crash Arises due to unhandled exception
Page 9 2013 By K.S.Shanmuga sundaram Application Hang May arise due to Deadlock. May arise due to High CPU usage.
Page 10 2013 By K.S.Shanmuga sundaram How to Fix Crash / Hang Issue? 1. Store Application state i.e. Process(s) Info, Thread(s) Info, Loaded Module Info, Register Info, Memory Info, Handle Info, Callstack Info, Etc., 2. Start Analyze to find the root cause of the issue. Process Dump Information
Page 11 2013 By K.S.Shanmuga sundaram What is Dump File? Definition:- Static snap shot of an application at any given time. Fact sheet File Format Binary File Format File Extension .DMP - Stands for Dump Contents Process, Thread, Stack,Callstack, Handles, Modules, etc., Usage (i) Debugging Crashing application. (ii) Debugging Hanging application. Other terms Crash dump, Core Dump, Hang Dump, Heap Dump, Memory Dump, Process dump or just dump.
Page 12 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
Page 13 2013 By K.S.Shanmuga sundaram Physical Memory Layout User Space Kernel Space Kernel Process User Process Kernel Process Kernel Process User Process User Process Access Restricted
Page 14 2013 By K.S.Shanmuga sundaram Physical Memory Layout – 32 bit User Space Kernel Space 4 GB 2 GB 0 2 32
Page 15 2013 By K.S.Shanmuga sundaram Physical Memory Layout – 32 bit User Space Kernel Space 4 GB 3 GB 0 with /3GB switch in boot.ini file 2 32
Page 16 2013 By K.S.Shanmuga sundaram Types of Dump File
Page 17 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
Page 18 2013 By K.S.Shanmuga sundaram Dump File creation
Page 19 2013 By K.S.Shanmuga sundaram Dump File creation using Win32 API BOOL MiniDumpWriteDump ( HANDLE hProcess, DWORD ProcessId, HANDLE hFile, MINIDUMP_TYPE DumpType, PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam, PMINIDUMP_CALLBACK_INFORMATION CallbackParam );
Page 20 2013 By K.S.Shanmuga sundaram Dump File creation using Win32 API API Name MiniDumpWriteDump DLL Dbghelp.dll Header file Dbghelp.h Arguments HANDLE hProcess Target process handle. DWORD ProcessId Target process ID. HANDLE hFile Dump file handle. MINIDUMP_TYPE DumpType Type of information to be written dump file PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, Pointer to Exception info like ThreadID, Exception pointers. PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam Pointer to user defined information. [Optional] PMINIDUMP_CALLBACK_INFORMATION CallbackParam Callback to receive extended dump information. [Optional].
Page 21 2013 By K.S.Shanmuga sundaram Dump File creation using Win32 API Argument MINIDUMP_TYPE DumpType Description Enumerator constants. It can have any one of the values MiniDumpNormal MiniDumpWithDataSegs MiniDumpWithFullMemory MiniDumpWithHandleData MiniDumpFilterMemory MiniDumpScanMe MiniDumpWithUnloadedModules MiniDumpWithIndirectlyReferencedMe mory MiniDumpFilterModulePaths MiniDumpWithProcessThreadData MiniDumpWithPrivateReadWriteMe mory MiniDumpWithoutOptionalData MiniDumpWithFullMemoryInfo MiniDumpWithThreadInfo MiniDumpWithCodeSegs
Page 22 2013 By K.S.Shanmuga sundaram Kernel Dump creation using System settings
Page 23 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
Page 24 2013 By K.S.Shanmuga sundaram Symbols  Global variables  Local variables  Function names and the addresses of their entry points  Frame pointer omission (FPO) records  Source File name and line number for each Instruction  Functions (except for functions declared static)  Global variables specified as extern  (and any other global variables visible across multiple object files) Also called as Full Symbol Also called as Stripped Symbol  Stores Debugging information about a program
Page 25 2013 By K.S.Shanmuga sundaram Symbols in detail  Name of the item  Address of the item in virtual memory  Frame pointer omission (FPO) records for each function  Data type of each variable, structure, and function  Types and names of the parameters for each function  Scope of each local variable  Symbols associated with each line in each source file  The name of the item.  The address of the item in the virtual memory space of its module. For a function, this is the address of its entry point.  Frame pointer omission (FPO) records for each function.
Page 26 2013 By K.S.Shanmuga sundaram Symbols Relation Public symbol data can be thought of as a subset of the private symbol .
Page 27 2013 By K.S.Shanmuga sundaram Symbol File Format PDB stands for “Program Database” Fact sheet Microsoft proprietary file format (.pdb) Extracted from Source files ( .cpp,.c, ,cs, etc.,). PDB file information extracted by using the DIA (Debug Interface Access) SDK. A .NET PDB file only contains only Source Filename, Line number , Local variable names as .NET Metadata already contains rest of the symbols. Visual studio 5.0 generates .dbg file format.
Page 28 2013 By K.S.Shanmuga sundaram Dump file relation • DMP • PDB • DBG • C • CPP • H • CS • EXE • DLL • LIB
Page 29 2013 By K.S.Shanmuga sundaram Application Dependency
Page 30 2013 By K.S.Shanmuga sundaram Dump File Dependency IMAGE SYMBOLS SOURCES Required Files For Dump File Analysing
Page 31 2013 By K.S.Shanmuga sundaram Process & Threads User Space Kernel Space User Process Thread 1 Thread 2 Thread N 1 MB Stack Memory 1 MB Stack Memory 1 MB Stack Memory
Page 32 2013 By K.S.Shanmuga sundaram Stack User Space Kernel Space Stack Memory – Thread 1 Committed Guard ReservedStack Memory – Thread 2 Stack Memory – Thread 3 Stack Growth
Page 33 2013 By K.S.Shanmuga sundaram Callstack Call Stack Method2() Frame 2 Method1 Frame 1 Main() Frame 0 Void Method1(int) { Method2(40,50); } Void Method2(int,int) { Do something… } Void main() { Method1(20); }
Page 34 2013 By K.S.Shanmuga sundaram C compiler Name Mangling Function Name Function Address Method1() 0x1234 Method1() 0x3423 Method2() 0x1654 Void Method1(int) { Do something… } Void Method1(char) { Do something… } Void Method2(int,int) { Do something… } Void main() { Method1(20); Method1(‘a’); Method2(40,50); } Typical Representation __Method1_0x1234 __Method1_0x3423 __Method2_0x1654
Page 35 2013 By K.S.Shanmuga sundaram C++ compiler Name Mangling Void Method1(int) { Do something… } Void Method1(char) { Do something… } Void Method2(int,int) { Do something… } Void main() { Method1(20); Method1(‘a’); Method2(40,50); } Typical Representation __Method1_1_@INT_0x1234 __Method1_1_@CHAR_0x3423 __Method2_2_@INT_@INT_0x1654 Function Name No of Param Param Type Function Address Method1() 1 Int 0x1234 Method1() 1 Char 0x3423 Method2() 2 Int,Int 0x1654
Page 36 2013 By K.S.Shanmuga sundaram Calling convention
Page 37 2013 By K.S.Shanmuga sundaram Calling convention comparison
Page 38 2013 By K.S.Shanmuga sundaram Exception Dispatching Debugger Frame Handlers Operation System Default Post Mortem Debugger Windows Error Reporting First Chance exception Second Chance exception Unhandled exceptions 1 2 3 4 6 8 Exception 5 7 9
Page 39 2013 By K.S.Shanmuga sundaram C++ Exception Test void TestMethod { int Temp = 100; Temp = Temp /(Temp-Temp); } void main() { try { TestMethod(); } catch(…) { printf(“ Exception Caught”); } } Is Program will crash?
Page 40 2013 By K.S.Shanmuga sundaram C++ Exception Answer C/C++ --> Code Generation --> Enable C++ Exceptions C++ Exceptions Command line Option Remarks No No Exception handled. Yes /EHsc Only C++ Exception handled. With SEH /EHa Both C++ and SEH exception handled. (Destructor will not be called on stack unwinding)
Page 41 2013 By K.S.Shanmuga sundaram Terminologies
Page 42 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
Page 43 2013 By K.S.Shanmuga sundaram WinDbg – A Introduction  Microsoft Windows Debugger  GUI Debugger. Both user and kernel mode debugger. Non-Invasive Debugger.  Freeware.  Light weight
Page 44 2013 By K.S.Shanmuga sundaram WinDbg – Command Types Command Types Description Regular Commands Used debug processes Meta or Dot-Commands usually to control the behavior of the debugger Extension Commands implemented as exported functions in extension DLLs
Page 45 2013 By K.S.Shanmuga sundaram WinDbg – Commands Command Types Examples Regular Commands K Meta or Dot-Commands .cls, .reload, .time Extension Commands !analyze, !locks, !teb, !peb
Page 46 2013 By K.S.Shanmuga sundaram WinDbg Commands Command Description !analyze –v Analyze Exceptions. !analyze -hang –v Analyze Hanging. !gle Get Last Error. .lastevent Get last exception Event. .ecxr Display Exception context. !sym noisy While loading symbols displays error information. Be default it is OFF. K Display Call stack. ld * Load all Modules. !for_each_frame Display call stack with Frame number. .frame N Set “N” Frame as context
Page 47 2013 By K.S.Shanmuga sundaram WinDbg Commands Command Description .reload /f /v /i Load all modules forecefully with verbose !teb Thread Environment block ( Formatted output) !peb Process Environment block ( Formatted output) !runaway Displays information about time consumed by each thread. dt nt!_TEB Full Thread Environment block ~ Display all threads Info || Display process Info !wow64exts.sw Switches 64bit dump file into 32bit. dt ModulName!* Display all available data type in a module. dt ModulName!Type Display declaration for a given data type.
Page 48 2013 By K.S.Shanmuga sundaram WinDbg Commands Command Description .symopt Display Current Symbol loading settings .symopt +0x40 Forcefully try to match PDB with Target Binary. set's flag of "SYMOPT_LOAD_ANYTHING". It mean it will not check for timestamp !locks Display critical section Info !handles Display handles Info
Page 49 2013 By K.S.Shanmuga sundaram Any Questions? Session - 1
Page 50 2013 By K.S.Shanmuga sundaram Session - 2
Page 51 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
Page 52 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Setup1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
Page 53 2013 By K.S.Shanmuga sundaram Registry Path HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NT CurrentVersion AeDebug Registry Values Value Name Remarks Debugger Debugger Executable full path Auto 0 - message box will be displayed prior to postmortem debugging. 1 - No message box. Postmortem Debugger Setup Registry Settings - Windows XP and prior OS.
Page 54 2013 By K.S.Shanmuga sundaram Registry Path HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsWindow s Error ReportingLocalDumps In case of 64 bit set corrresponding registry locations (wow64). Registry Path Value Name Value Data DumpFolder Dump file complete path DumpCount Total Dump file count DumpType 0 - custom, 1 - Mini, 2 – Full CustomDumpFlags Valid if DumpType=0, Possible hexadecimal values = 0,1,2,4,8,10,20,40,80,100,200,400,800,1000,2000,4000,100 00, 20000,40000,80000,100000,1fffff. Refer MSDN for details. Postmortem Debugger Setup Registry Settings - Windows Server 2008, Vista with SP1 and 7.0.
Page 55 2013 By K.S.Shanmuga sundaram Postmortem Debugger Setup Default Enabling Tool Settings Dr.Watson drwtsn32 –I WinDbg WinDbg –I Visual Studio Tools -> options --> Debugging --> Just-In-Time Enable All
Page 56 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
Page 57 2013 By K.S.Shanmuga sundaram WinDbg Setup Environment Variables _NT_SYMBOL_PATH _NT_ALT_SYMBOL_PATH _NT_DEBUGGER_EXTENSION_PATH _NT_EXECUTABLE_IMAGE_PATH _NT_SOURCE_PATH
Page 58 2013 By K.S.Shanmuga sundaram WinDbg Setup Symbol, Image & Source path Setup Path Type File type Files Symbol path Program database files (.pdb) Target application, Windows binaries, and all dependents binaries. Source path Source files (.cpp & .h, .cs) Target application, CRT libraries, and all dependent binaries. Image Path Binary files (.exe, .dll) Target application, Windows dll, and all dependents.
Page 59 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
Page 60 2013 By K.S.Shanmuga sundaram Dump File Creation Using Tools Tool Remarks Process Explorer Right Click  Create Dump ProcDump procdump.exe -ma Target.exe WinDbg WinDbg -pv -pn Target.exe -c ".dump /ma DumpFileName.dmp;q" Task Manager Right Click  Create Dump Dr.Watson Drwatson.exe (Enable Create Dump File)
Page 61 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
Page 62 2013 By K.S.Shanmuga sundaram Dump File Creation Using Win32 API Refer Sample MFC_1
Page 63 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
Page 64 2013 By K.S.Shanmuga sundaram Case Study - 1 Exception type Access violation exception Sample code 1 – Refer Sample MFC_1 int* i = NULL; *i = 100; Sample code 2 Printf(“%s%s%s%s%s%s%s%s%s%s”);
Page 65 2013 By K.S.Shanmuga sundaram Case Study - 2 Exception type Stack Overflow Sample code 1 – Refer Sample MFC_1 Void TestMethod() { unsigned char Temp[1024*1024*1024]; } Sample code 2 Void TestMethod() { TestMethod(); }
Page 66 2013 By K.S.Shanmuga sundaram Case Study - 3 Exception type Divide by Zero Sample code 1 - Refer Sample MFC_1 Void TestMethod() { int nTemp = 100; nTemp = nTemp / (nTemp - nTemp ) }
Page 67 2013 By K.S.Shanmuga sundaram Case Study - 4 Exception type High CPU usage Sample code 1 – Refer Sample MFC_2 UINT ThreadProc1(LPVOID pParam_in) { while(1); eturn 1; } UINT ThreadProc2(LPVOID pParam_in) { for(long i=0;i<200000;i++); return 1; } UINT ThreadProc3(LPVOID pParam_in) { for(long i=0;i<900000;i++); return 1; }
Page 68 2013 By K.S.Shanmuga sundaram Case Study - 5 Exception type Deadlock Sample code 1 – Refer Sample MFC_3 UINT ThreadProc1(LPVOID pParam_in) { CommonMethod(); return 1; } UINT ThreadProc2(LPVOID pParam_in) { CommonMethod(); return 1; } void CommonMethod() { EnterCriticalSection(&CriticalSection); //LeaveCriticalSection(&CriticalSection); }
Page 69 2013 By K.S.Shanmuga sundaram References "Microsoft Windows Internals” by Mark Russinovich and David Solomon 5th Edition "Advanced Windows Debugging" by Mario Hewardt and Daniel Pravat “Memory Dump Analysis Anthology“ by Dmitry Vostokov
Page 70 2013 By K.S.Shanmuga sundaram Any Questions? Session - 2
Page 71 2013 By K.S.Shanmuga sundaram Questions? For more details, please contact http://www.linkedin.com/in/shanmugasundaramks sundarammails@gmail.com K.S.Shanmuga sundaram Software Architect, Bangalore, India

Recomendados

Go Programming Language (Golang)
Go Programming Language (Golang)Go Programming Language (Golang)
Go Programming Language (Golang)Ishin Vin
 
Clean code
Clean codeClean code
Clean codeAlvaro García Loaisa
 
Cursor & Content Value.pdf
Cursor & Content Value.pdfCursor & Content Value.pdf
Cursor & Content Value.pdfuttamrao7
 
Hunting rootkits with windbg
Hunting rootkits with windbgHunting rootkits with windbg
Hunting rootkits with windbgFrank Boldewin
 
Introduction to GoLang
Introduction to GoLangIntroduction to GoLang
Introduction to GoLangNVISIA
 
MapReduce
MapReduceMapReduce
MapReduceTilani Gunawardena PhD(UNIBAS), BSc(Pera), FHEA(UK), CEng, MIESL
 
Clean code
Clean codeClean code
Clean codeHenrique Smoco
 
Golang 101
Golang 101Golang 101
Golang 101宇 傅
 

Recomendados

Go Programming Language (Golang)
Go Programming Language (Golang)Go Programming Language (Golang)
Go Programming Language (Golang)Ishin Vin
 
Clean code
Clean codeClean code
Clean codeAlvaro García Loaisa
 
Cursor & Content Value.pdf
Cursor & Content Value.pdfCursor & Content Value.pdf
Cursor & Content Value.pdfuttamrao7
 
Hunting rootkits with windbg
Hunting rootkits with windbgHunting rootkits with windbg
Hunting rootkits with windbgFrank Boldewin
 
Introduction to GoLang
Introduction to GoLangIntroduction to GoLang
Introduction to GoLangNVISIA
 
MapReduce
MapReduceMapReduce
MapReduceTilani Gunawardena PhD(UNIBAS), BSc(Pera), FHEA(UK), CEng, MIESL
 
Clean code
Clean codeClean code
Clean codeHenrique Smoco
 
Golang 101
Golang 101Golang 101
Golang 101宇 傅
 
Introduction to Go programming language
Introduction to Go programming languageIntroduction to Go programming language
Introduction to Go programming languageSlawomir Dorzak
 
[FFE19] Build a Flink AI Ecosystem
[FFE19] Build a Flink AI Ecosystem[FFE19] Build a Flink AI Ecosystem
[FFE19] Build a Flink AI EcosystemJiangjie Qin
 
Battle of the Stream Processing Titans – Flink versus RisingWave
Battle of the Stream Processing Titans – Flink versus RisingWaveBattle of the Stream Processing Titans – Flink versus RisingWave
Battle of the Stream Processing Titans – Flink versus RisingWaveYingjun Wu
 
Exp_3_20BCA1066 Linux.docx
Exp_3_20BCA1066 Linux.docxExp_3_20BCA1066 Linux.docx
Exp_3_20BCA1066 Linux.docxApkaAmitbro
 
File Handling in C++
File Handling in C++File Handling in C++
File Handling in C++Kulachi Hansraj Model School Ashok Vihar
 
File handling-c
File handling-cFile handling-c
File handling-cCGC Technical campus,Mohali
 
Clean code
Clean codeClean code
Clean codeArturo Herrero
 
Clean code and Code Smells
Clean code and Code SmellsClean code and Code Smells
Clean code and Code SmellsMario Sangiorgio
 
File handling in c
File handling in cFile handling in c
File handling in caakanksha s
 
Introduction to Django
Introduction to DjangoIntroduction to Django
Introduction to DjangoKnoldus Inc.
 
Polymorphism presentation in java
Polymorphism presentation in javaPolymorphism presentation in java
Polymorphism presentation in javaAhsan Raja
 
Airflow at lyft
Airflow at lyftAirflow at lyft
Airflow at lyftTao Feng
 
A Deep Dive into Spark SQL's Catalyst Optimizer with Yin Huai
A Deep Dive into Spark SQL's Catalyst Optimizer with Yin HuaiA Deep Dive into Spark SQL's Catalyst Optimizer with Yin Huai
A Deep Dive into Spark SQL's Catalyst Optimizer with Yin HuaiDatabricks
 
Go vs Python Comparison
Go vs Python ComparisonGo vs Python Comparison
Go vs Python ComparisonSimplilearn
 
clean code book summary - uncle bob - English version
clean code book summary - uncle bob - English versionclean code book summary - uncle bob - English version
clean code book summary - uncle bob - English versionsaber tabatabaee
 
PostgreSQL 12 New Features with Examples (English) GA
PostgreSQL 12 New Features with Examples (English) GAPostgreSQL 12 New Features with Examples (English) GA
PostgreSQL 12 New Features with Examples (English) GANoriyoshi Shinoda
 
Grep - A powerful search utility
Grep - A powerful search utilityGrep - A powerful search utility
Grep - A powerful search utilityNirajan Pant
 
Golang and Eco-System Introduction / Overview
Golang and Eco-System Introduction / OverviewGolang and Eco-System Introduction / Overview
Golang and Eco-System Introduction / OverviewMarkus Schneider
 
Practical learnings from running thousands of Flink jobs
Practical learnings from running thousands of Flink jobsPractical learnings from running thousands of Flink jobs
Practical learnings from running thousands of Flink jobsFlink Forward
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharingJames Hsieh
 
Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSSasha Goldshtein
 

Más contenido relacionado

La actualidad más candente

Introduction to Go programming language
Introduction to Go programming languageIntroduction to Go programming language
Introduction to Go programming languageSlawomir Dorzak
 
[FFE19] Build a Flink AI Ecosystem
[FFE19] Build a Flink AI Ecosystem[FFE19] Build a Flink AI Ecosystem
[FFE19] Build a Flink AI EcosystemJiangjie Qin
 
Battle of the Stream Processing Titans – Flink versus RisingWave
Battle of the Stream Processing Titans – Flink versus RisingWaveBattle of the Stream Processing Titans – Flink versus RisingWave
Battle of the Stream Processing Titans – Flink versus RisingWaveYingjun Wu
 
Exp_3_20BCA1066 Linux.docx
Exp_3_20BCA1066 Linux.docxExp_3_20BCA1066 Linux.docx
Exp_3_20BCA1066 Linux.docxApkaAmitbro
 
Clean code and Code Smells
Clean code and Code SmellsClean code and Code Smells
Clean code and Code SmellsMario Sangiorgio
 
File handling in c
File handling in cFile handling in c
File handling in caakanksha s
 
Introduction to Django
Introduction to DjangoIntroduction to Django
Introduction to DjangoKnoldus Inc.
 
Polymorphism presentation in java
Polymorphism presentation in javaPolymorphism presentation in java
Polymorphism presentation in javaAhsan Raja
 
Airflow at lyft
Airflow at lyftAirflow at lyft
Airflow at lyftTao Feng
 
A Deep Dive into Spark SQL's Catalyst Optimizer with Yin Huai
A Deep Dive into Spark SQL's Catalyst Optimizer with Yin HuaiA Deep Dive into Spark SQL's Catalyst Optimizer with Yin Huai
A Deep Dive into Spark SQL's Catalyst Optimizer with Yin HuaiDatabricks
 
Go vs Python Comparison
Go vs Python ComparisonGo vs Python Comparison
Go vs Python ComparisonSimplilearn
 
clean code book summary - uncle bob - English version
clean code book summary - uncle bob - English versionclean code book summary - uncle bob - English version
clean code book summary - uncle bob - English versionsaber tabatabaee
 
PostgreSQL 12 New Features with Examples (English) GA
PostgreSQL 12 New Features with Examples (English) GAPostgreSQL 12 New Features with Examples (English) GA
PostgreSQL 12 New Features with Examples (English) GANoriyoshi Shinoda
 
Grep - A powerful search utility
Grep - A powerful search utilityGrep - A powerful search utility
Grep - A powerful search utilityNirajan Pant
 
Golang and Eco-System Introduction / Overview
Golang and Eco-System Introduction / OverviewGolang and Eco-System Introduction / Overview
Golang and Eco-System Introduction / OverviewMarkus Schneider
 
Practical learnings from running thousands of Flink jobs
Practical learnings from running thousands of Flink jobsPractical learnings from running thousands of Flink jobs
Practical learnings from running thousands of Flink jobsFlink Forward
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 

La actualidad más candente (20)

Introduction to Go programming language
Introduction to Go programming languageIntroduction to Go programming language
Introduction to Go programming language
 
[FFE19] Build a Flink AI Ecosystem
[FFE19] Build a Flink AI Ecosystem[FFE19] Build a Flink AI Ecosystem
[FFE19] Build a Flink AI Ecosystem
 
Battle of the Stream Processing Titans – Flink versus RisingWave
Battle of the Stream Processing Titans – Flink versus RisingWaveBattle of the Stream Processing Titans – Flink versus RisingWave
Battle of the Stream Processing Titans – Flink versus RisingWave
 
Exp_3_20BCA1066 Linux.docx
Exp_3_20BCA1066 Linux.docxExp_3_20BCA1066 Linux.docx
Exp_3_20BCA1066 Linux.docx
 
File Handling in C++
File Handling in C++File Handling in C++
File Handling in C++
 
File handling-c
File handling-cFile handling-c
File handling-c
 
Clean code
Clean codeClean code
Clean code
 
Clean code and Code Smells
Clean code and Code SmellsClean code and Code Smells
Clean code and Code Smells
 
File handling in c
File handling in cFile handling in c
File handling in c
 
Introduction to Django
Introduction to DjangoIntroduction to Django
Introduction to Django
 
Polymorphism presentation in java
Polymorphism presentation in javaPolymorphism presentation in java
Polymorphism presentation in java
 
Airflow at lyft
Airflow at lyftAirflow at lyft
Airflow at lyft
 
A Deep Dive into Spark SQL's Catalyst Optimizer with Yin Huai
A Deep Dive into Spark SQL's Catalyst Optimizer with Yin HuaiA Deep Dive into Spark SQL's Catalyst Optimizer with Yin Huai
A Deep Dive into Spark SQL's Catalyst Optimizer with Yin Huai
 
Go vs Python Comparison
Go vs Python ComparisonGo vs Python Comparison
Go vs Python Comparison
 
clean code book summary - uncle bob - English version
clean code book summary - uncle bob - English versionclean code book summary - uncle bob - English version
clean code book summary - uncle bob - English version
 
PostgreSQL 12 New Features with Examples (English) GA
PostgreSQL 12 New Features with Examples (English) GAPostgreSQL 12 New Features with Examples (English) GA
PostgreSQL 12 New Features with Examples (English) GA
 
Grep - A powerful search utility
Grep - A powerful search utilityGrep - A powerful search utility
Grep - A powerful search utility
 
Golang and Eco-System Introduction / Overview
Golang and Eco-System Introduction / OverviewGolang and Eco-System Introduction / Overview
Golang and Eco-System Introduction / Overview
 
Practical learnings from running thousands of Flink jobs
Practical learnings from running thousands of Flink jobsPractical learnings from running thousands of Flink jobs
Practical learnings from running thousands of Flink jobs
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
 

Destacado

Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharingJames Hsieh
 
Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSSasha Goldshtein
 
Debugging NET Applications With WinDBG
Debugging NET Applications With WinDBGDebugging NET Applications With WinDBG
Debugging NET Applications With WinDBGCory Foy
 
Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debuggingchrisortman
 
Who’s afraid of WinDbg
Who’s afraid of WinDbgWho’s afraid of WinDbg
Who’s afraid of WinDbgDror Helper
 
Debugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherDebugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherTamir Dresher
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbgArno Huetter
 
Windows memory management
Windows memory managementWindows memory management
Windows memory managementTech_MX
 
Buxton voices joint meeting feedback ppt nov 25 2016
Buxton voices joint meeting feedback ppt nov 25 2016Buxton voices joint meeting feedback ppt nov 25 2016
Buxton voices joint meeting feedback ppt nov 25 2016buxton77
 
Business Consulting Presentation
Business Consulting PresentationBusiness Consulting Presentation
Business Consulting PresentationJoeHart
 

Destacado (14)

Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharing
 
Advanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOSAdvanced Debugging with WinDbg and SOS
Advanced Debugging with WinDbg and SOS
 
Debugging NET Applications With WinDBG
Debugging NET Applications With WinDBGDebugging NET Applications With WinDBG
Debugging NET Applications With WinDBG
 
Advanced windows debugging
Advanced windows debuggingAdvanced windows debugging
Advanced windows debugging
 
Who’s afraid of WinDbg
Who’s afraid of WinDbgWho’s afraid of WinDbg
Who’s afraid of WinDbg
 
Debugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir DresherDebugging tricks you wish you knew - Tamir Dresher
Debugging tricks you wish you knew - Tamir Dresher
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbg
 
Memory Dump
Memory DumpMemory Dump
Memory Dump
 
VS Debugging Tricks
VS Debugging TricksVS Debugging Tricks
VS Debugging Tricks
 
C++ Production Debugging
C++ Production DebuggingC++ Production Debugging
C++ Production Debugging
 
Windows memory management
Windows memory managementWindows memory management
Windows memory management
 
Buxton voices joint meeting feedback ppt nov 25 2016
Buxton voices joint meeting feedback ppt nov 25 2016Buxton voices joint meeting feedback ppt nov 25 2016
Buxton voices joint meeting feedback ppt nov 25 2016
 
Business Consulting Presentation
Business Consulting PresentationBusiness Consulting Presentation
Business Consulting Presentation
 
Windows Crash Dump Analysis
Windows Crash Dump AnalysisWindows Crash Dump Analysis
Windows Crash Dump Analysis
 

Similar a Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmugasundaram

Introduction to 3D Mapping with X3D
Introduction to 3D Mapping with X3DIntroduction to 3D Mapping with X3D
Introduction to 3D Mapping with X3DIan Panganiban
 
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK BehaviorsStarted from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK BehaviorsJamieWilliams130
 
Grokking Techtalk #38: Escape Analysis in Go compiler
Grokking Techtalk #38: Escape Analysis in Go compiler Grokking Techtalk #38: Escape Analysis in Go compiler
Grokking Techtalk #38: Escape Analysis in Go compilerGrokking VN
 
SEMLA_logging_infra
SEMLA_logging_infraSEMLA_logging_infra
SEMLA_logging_infraswy351
 
PGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live forever
PGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live foreverPGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live forever
PGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live foreverPGDay.Amsterdam
 
MongoDB and DigitalOcean Automation with Cloud Manager
MongoDB and DigitalOcean Automation with Cloud ManagerMongoDB and DigitalOcean Automation with Cloud Manager
MongoDB and DigitalOcean Automation with Cloud ManagerJay Gordon
 
What’s New in Imply 3.3 & Apache Druid 0.18
What’s New in Imply 3.3 & Apache Druid 0.18What’s New in Imply 3.3 & Apache Druid 0.18
What’s New in Imply 3.3 & Apache Druid 0.18Imply
 
Virtual Memory (Making a Process)
Virtual Memory (Making a Process)Virtual Memory (Making a Process)
Virtual Memory (Making a Process)David Evans
 
Automated Historical Performance Analysis with kmemtracer
Automated Historical Performance Analysis with kmemtracerAutomated Historical Performance Analysis with kmemtracer
Automated Historical Performance Analysis with kmemtracerKyungmin Lee
 
Skiron - Experiments in CPU Design in D
Skiron - Experiments in CPU Design in DSkiron - Experiments in CPU Design in D
Skiron - Experiments in CPU Design in DMithun Hunsur
 
Дмитрий Демчук. Кроссплатформенный краш-репорт
Дмитрий Демчук. Кроссплатформенный краш-репортДмитрий Демчук. Кроссплатформенный краш-репорт
Дмитрий Демчук. Кроссплатформенный краш-репортSergey Platonov
 
Trivadis TechEvent 2016 Go - The Cloud Programming Language by Andija Sisko
Trivadis TechEvent 2016 Go - The Cloud Programming Language by Andija SiskoTrivadis TechEvent 2016 Go - The Cloud Programming Language by Andija Sisko
Trivadis TechEvent 2016 Go - The Cloud Programming Language by Andija SiskoTrivadis
 
Eric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyondEric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyondGuardSquare
 
Eric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyondEric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyondGuardSquare
 
[Droidcon Paris 2013]Multi-Versioning Android Tips
[Droidcon Paris 2013]Multi-Versioning Android Tips[Droidcon Paris 2013]Multi-Versioning Android Tips
[Droidcon Paris 2013]Multi-Versioning Android TipsKenichi Kambara
 
Serverless observability - a hero's perspective
Serverless observability - a hero's perspectiveServerless observability - a hero's perspective
Serverless observability - a hero's perspectiveYan Cui
 
DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...
DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...
DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...FIDE Master Tihomir Dovramadjiev PhD
 

Similar a Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmugasundaram (20)

Introduction to 3D Mapping with X3D
Introduction to 3D Mapping with X3DIntroduction to 3D Mapping with X3D
Introduction to 3D Mapping with X3D
 
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK BehaviorsStarted from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
Started from the Bottom: Exploiting Data Sources to Uncover ATT&CK Behaviors
 
Grokking Techtalk #38: Escape Analysis in Go compiler
Grokking Techtalk #38: Escape Analysis in Go compiler Grokking Techtalk #38: Escape Analysis in Go compiler
Grokking Techtalk #38: Escape Analysis in Go compiler
 
SEMLA_logging_infra
SEMLA_logging_infraSEMLA_logging_infra
SEMLA_logging_infra
 
PGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live forever
PGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live foreverPGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live forever
PGDay.Amsterdam 2018 - Bruce Momjian - Will postgres live forever
 
MongoDB and DigitalOcean Automation with Cloud Manager
MongoDB and DigitalOcean Automation with Cloud ManagerMongoDB and DigitalOcean Automation with Cloud Manager
MongoDB and DigitalOcean Automation with Cloud Manager
 
What’s New in Imply 3.3 & Apache Druid 0.18
What’s New in Imply 3.3 & Apache Druid 0.18What’s New in Imply 3.3 & Apache Druid 0.18
What’s New in Imply 3.3 & Apache Druid 0.18
 
Virtual Memory (Making a Process)
Virtual Memory (Making a Process)Virtual Memory (Making a Process)
Virtual Memory (Making a Process)
 
Automated Historical Performance Analysis with kmemtracer
Automated Historical Performance Analysis with kmemtracerAutomated Historical Performance Analysis with kmemtracer
Automated Historical Performance Analysis with kmemtracer
 
Skiron - Experiments in CPU Design in D
Skiron - Experiments in CPU Design in DSkiron - Experiments in CPU Design in D
Skiron - Experiments in CPU Design in D
 
Дмитрий Демчук. Кроссплатформенный краш-репорт
Дмитрий Демчук. Кроссплатформенный краш-репортДмитрий Демчук. Кроссплатформенный краш-репорт
Дмитрий Демчук. Кроссплатформенный краш-репорт
 
Trivadis TechEvent 2016 Go - The Cloud Programming Language by Andija Sisko
Trivadis TechEvent 2016 Go - The Cloud Programming Language by Andija SiskoTrivadis TechEvent 2016 Go - The Cloud Programming Language by Andija Sisko
Trivadis TechEvent 2016 Go - The Cloud Programming Language by Andija Sisko
 
Eric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyondEric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyond
 
Eric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyondEric Lafortune - Fighting application size with ProGuard and beyond
Eric Lafortune - Fighting application size with ProGuard and beyond
 
[Droidcon Paris 2013]Multi-Versioning Android Tips
[Droidcon Paris 2013]Multi-Versioning Android Tips[Droidcon Paris 2013]Multi-Versioning Android Tips
[Droidcon Paris 2013]Multi-Versioning Android Tips
 
Serverless observability - a hero's perspective
Serverless observability - a hero's perspectiveServerless observability - a hero's perspective
Serverless observability - a hero's perspective
 
Graph ql api gateway
Graph ql api gatewayGraph ql api gateway
Graph ql api gateway
 
Graph ql api gateway
Graph ql api gatewayGraph ql api gateway
Graph ql api gateway
 
C++ oop
C++ oopC++ oop
C++ oop
 
DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...
DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...
DrTAD Blender software. Example 8b. 3D Model of Anchor from Text. Change Font...
 

Último

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 

Último (20)

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 

Crash (or) Hang dump analysis using WinDbg in Windows platform by K.S.Shanmugasundaram

  • 1. Crash Dump Analysis using WinDbg By K.S.Shanmuga sundaram
  • 2. Page 2 2013 By K.S.Shanmuga sundaram About Training +
  • 3. Page 3 2013 By K.S.Shanmuga sundaram Session - 1
  • 4. Page 4 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
  • 5. Page 5 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
  • 6. Page 6 2013 By K.S.Shanmuga sundaram Varieties of Bugs Bugs Arithmetic Logical syntax Resource Multi Threaded Perform - ance User Interface
  • 7. Page 7 2013 By K.S.Shanmuga sundaram Impact of Bug on Application Application may Malfunction Application may Crash Application may Hang
  • 8. Page 8 2013 By K.S.Shanmuga sundaram Application crash Arises due to unhandled exception
  • 9. Page 9 2013 By K.S.Shanmuga sundaram Application Hang May arise due to Deadlock. May arise due to High CPU usage.
  • 10. Page 10 2013 By K.S.Shanmuga sundaram How to Fix Crash / Hang Issue? 1. Store Application state i.e. Process(s) Info, Thread(s) Info, Loaded Module Info, Register Info, Memory Info, Handle Info, Callstack Info, Etc., 2. Start Analyze to find the root cause of the issue. Process Dump Information
  • 11. Page 11 2013 By K.S.Shanmuga sundaram What is Dump File? Definition:- Static snap shot of an application at any given time. Fact sheet File Format Binary File Format File Extension .DMP - Stands for Dump Contents Process, Thread, Stack,Callstack, Handles, Modules, etc., Usage (i) Debugging Crashing application. (ii) Debugging Hanging application. Other terms Crash dump, Core Dump, Hang Dump, Heap Dump, Memory Dump, Process dump or just dump.
  • 12. Page 12 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
  • 13. Page 13 2013 By K.S.Shanmuga sundaram Physical Memory Layout User Space Kernel Space Kernel Process User Process Kernel Process Kernel Process User Process User Process Access Restricted
  • 14. Page 14 2013 By K.S.Shanmuga sundaram Physical Memory Layout – 32 bit User Space Kernel Space 4 GB 2 GB 0 2 32
  • 15. Page 15 2013 By K.S.Shanmuga sundaram Physical Memory Layout – 32 bit User Space Kernel Space 4 GB 3 GB 0 with /3GB switch in boot.ini file 2 32
  • 16. Page 16 2013 By K.S.Shanmuga sundaram Types of Dump File
  • 17. Page 17 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
  • 18. Page 18 2013 By K.S.Shanmuga sundaram Dump File creation
  • 19. Page 19 2013 By K.S.Shanmuga sundaram Dump File creation using Win32 API BOOL MiniDumpWriteDump ( HANDLE hProcess, DWORD ProcessId, HANDLE hFile, MINIDUMP_TYPE DumpType, PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam, PMINIDUMP_CALLBACK_INFORMATION CallbackParam );
  • 20. Page 20 2013 By K.S.Shanmuga sundaram Dump File creation using Win32 API API Name MiniDumpWriteDump DLL Dbghelp.dll Header file Dbghelp.h Arguments HANDLE hProcess Target process handle. DWORD ProcessId Target process ID. HANDLE hFile Dump file handle. MINIDUMP_TYPE DumpType Type of information to be written dump file PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, Pointer to Exception info like ThreadID, Exception pointers. PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam Pointer to user defined information. [Optional] PMINIDUMP_CALLBACK_INFORMATION CallbackParam Callback to receive extended dump information. [Optional].
  • 21. Page 21 2013 By K.S.Shanmuga sundaram Dump File creation using Win32 API Argument MINIDUMP_TYPE DumpType Description Enumerator constants. It can have any one of the values MiniDumpNormal MiniDumpWithDataSegs MiniDumpWithFullMemory MiniDumpWithHandleData MiniDumpFilterMemory MiniDumpScanMe MiniDumpWithUnloadedModules MiniDumpWithIndirectlyReferencedMe mory MiniDumpFilterModulePaths MiniDumpWithProcessThreadData MiniDumpWithPrivateReadWriteMe mory MiniDumpWithoutOptionalData MiniDumpWithFullMemoryInfo MiniDumpWithThreadInfo MiniDumpWithCodeSegs
  • 22. Page 22 2013 By K.S.Shanmuga sundaram Kernel Dump creation using System settings
  • 23. Page 23 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
  • 24. Page 24 2013 By K.S.Shanmuga sundaram Symbols  Global variables  Local variables  Function names and the addresses of their entry points  Frame pointer omission (FPO) records  Source File name and line number for each Instruction  Functions (except for functions declared static)  Global variables specified as extern  (and any other global variables visible across multiple object files) Also called as Full Symbol Also called as Stripped Symbol  Stores Debugging information about a program
  • 25. Page 25 2013 By K.S.Shanmuga sundaram Symbols in detail  Name of the item  Address of the item in virtual memory  Frame pointer omission (FPO) records for each function  Data type of each variable, structure, and function  Types and names of the parameters for each function  Scope of each local variable  Symbols associated with each line in each source file  The name of the item.  The address of the item in the virtual memory space of its module. For a function, this is the address of its entry point.  Frame pointer omission (FPO) records for each function.
  • 26. Page 26 2013 By K.S.Shanmuga sundaram Symbols Relation Public symbol data can be thought of as a subset of the private symbol .
  • 27. Page 27 2013 By K.S.Shanmuga sundaram Symbol File Format PDB stands for “Program Database” Fact sheet Microsoft proprietary file format (.pdb) Extracted from Source files ( .cpp,.c, ,cs, etc.,). PDB file information extracted by using the DIA (Debug Interface Access) SDK. A .NET PDB file only contains only Source Filename, Line number , Local variable names as .NET Metadata already contains rest of the symbols. Visual studio 5.0 generates .dbg file format.
  • 28. Page 28 2013 By K.S.Shanmuga sundaram Dump file relation • DMP • PDB • DBG • C • CPP • H • CS • EXE • DLL • LIB
  • 29. Page 29 2013 By K.S.Shanmuga sundaram Application Dependency
  • 30. Page 30 2013 By K.S.Shanmuga sundaram Dump File Dependency IMAGE SYMBOLS SOURCES Required Files For Dump File Analysing
  • 31. Page 31 2013 By K.S.Shanmuga sundaram Process & Threads User Space Kernel Space User Process Thread 1 Thread 2 Thread N 1 MB Stack Memory 1 MB Stack Memory 1 MB Stack Memory
  • 32. Page 32 2013 By K.S.Shanmuga sundaram Stack User Space Kernel Space Stack Memory – Thread 1 Committed Guard ReservedStack Memory – Thread 2 Stack Memory – Thread 3 Stack Growth
  • 33. Page 33 2013 By K.S.Shanmuga sundaram Callstack Call Stack Method2() Frame 2 Method1 Frame 1 Main() Frame 0 Void Method1(int) { Method2(40,50); } Void Method2(int,int) { Do something… } Void main() { Method1(20); }
  • 34. Page 34 2013 By K.S.Shanmuga sundaram C compiler Name Mangling Function Name Function Address Method1() 0x1234 Method1() 0x3423 Method2() 0x1654 Void Method1(int) { Do something… } Void Method1(char) { Do something… } Void Method2(int,int) { Do something… } Void main() { Method1(20); Method1(‘a’); Method2(40,50); } Typical Representation __Method1_0x1234 __Method1_0x3423 __Method2_0x1654
  • 35. Page 35 2013 By K.S.Shanmuga sundaram C++ compiler Name Mangling Void Method1(int) { Do something… } Void Method1(char) { Do something… } Void Method2(int,int) { Do something… } Void main() { Method1(20); Method1(‘a’); Method2(40,50); } Typical Representation __Method1_1_@INT_0x1234 __Method1_1_@CHAR_0x3423 __Method2_2_@INT_@INT_0x1654 Function Name No of Param Param Type Function Address Method1() 1 Int 0x1234 Method1() 1 Char 0x3423 Method2() 2 Int,Int 0x1654
  • 36. Page 36 2013 By K.S.Shanmuga sundaram Calling convention
  • 37. Page 37 2013 By K.S.Shanmuga sundaram Calling convention comparison
  • 38. Page 38 2013 By K.S.Shanmuga sundaram Exception Dispatching Debugger Frame Handlers Operation System Default Post Mortem Debugger Windows Error Reporting First Chance exception Second Chance exception Unhandled exceptions 1 2 3 4 6 8 Exception 5 7 9
  • 39. Page 39 2013 By K.S.Shanmuga sundaram C++ Exception Test void TestMethod { int Temp = 100; Temp = Temp /(Temp-Temp); } void main() { try { TestMethod(); } catch(…) { printf(“ Exception Caught”); } } Is Program will crash?
  • 40. Page 40 2013 By K.S.Shanmuga sundaram C++ Exception Answer C/C++ --> Code Generation --> Enable C++ Exceptions C++ Exceptions Command line Option Remarks No No Exception handled. Yes /EHsc Only C++ Exception handled. With SEH /EHa Both C++ and SEH exception handled. (Destructor will not be called on stack unwinding)
  • 41. Page 41 2013 By K.S.Shanmuga sundaram Terminologies
  • 42. Page 42 2013 By K.S.Shanmuga sundaram Agenda – Session1 Understanding Dump File1 Varieties of Dump File2 Creation of Dump File3 Terminologies for analyzing of Dump File4 Introduction to WinDbg5
  • 43. Page 43 2013 By K.S.Shanmuga sundaram WinDbg – A Introduction  Microsoft Windows Debugger  GUI Debugger. Both user and kernel mode debugger. Non-Invasive Debugger.  Freeware.  Light weight
  • 44. Page 44 2013 By K.S.Shanmuga sundaram WinDbg – Command Types Command Types Description Regular Commands Used debug processes Meta or Dot-Commands usually to control the behavior of the debugger Extension Commands implemented as exported functions in extension DLLs
  • 45. Page 45 2013 By K.S.Shanmuga sundaram WinDbg – Commands Command Types Examples Regular Commands K Meta or Dot-Commands .cls, .reload, .time Extension Commands !analyze, !locks, !teb, !peb
  • 46. Page 46 2013 By K.S.Shanmuga sundaram WinDbg Commands Command Description !analyze –v Analyze Exceptions. !analyze -hang –v Analyze Hanging. !gle Get Last Error. .lastevent Get last exception Event. .ecxr Display Exception context. !sym noisy While loading symbols displays error information. Be default it is OFF. K Display Call stack. ld * Load all Modules. !for_each_frame Display call stack with Frame number. .frame N Set “N” Frame as context
  • 47. Page 47 2013 By K.S.Shanmuga sundaram WinDbg Commands Command Description .reload /f /v /i Load all modules forecefully with verbose !teb Thread Environment block ( Formatted output) !peb Process Environment block ( Formatted output) !runaway Displays information about time consumed by each thread. dt nt!_TEB Full Thread Environment block ~ Display all threads Info || Display process Info !wow64exts.sw Switches 64bit dump file into 32bit. dt ModulName!* Display all available data type in a module. dt ModulName!Type Display declaration for a given data type.
  • 48. Page 48 2013 By K.S.Shanmuga sundaram WinDbg Commands Command Description .symopt Display Current Symbol loading settings .symopt +0x40 Forcefully try to match PDB with Target Binary. set's flag of "SYMOPT_LOAD_ANYTHING". It mean it will not check for timestamp !locks Display critical section Info !handles Display handles Info
  • 49. Page 49 2013 By K.S.Shanmuga sundaram Any Questions? Session - 1
  • 50. Page 50 2013 By K.S.Shanmuga sundaram Session - 2
  • 51. Page 51 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
  • 52. Page 52 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Setup1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
  • 53. Page 53 2013 By K.S.Shanmuga sundaram Registry Path HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NT CurrentVersion AeDebug Registry Values Value Name Remarks Debugger Debugger Executable full path Auto 0 - message box will be displayed prior to postmortem debugging. 1 - No message box. Postmortem Debugger Setup Registry Settings - Windows XP and prior OS.
  • 54. Page 54 2013 By K.S.Shanmuga sundaram Registry Path HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsWindow s Error ReportingLocalDumps In case of 64 bit set corrresponding registry locations (wow64). Registry Path Value Name Value Data DumpFolder Dump file complete path DumpCount Total Dump file count DumpType 0 - custom, 1 - Mini, 2 – Full CustomDumpFlags Valid if DumpType=0, Possible hexadecimal values = 0,1,2,4,8,10,20,40,80,100,200,400,800,1000,2000,4000,100 00, 20000,40000,80000,100000,1fffff. Refer MSDN for details. Postmortem Debugger Setup Registry Settings - Windows Server 2008, Vista with SP1 and 7.0.
  • 55. Page 55 2013 By K.S.Shanmuga sundaram Postmortem Debugger Setup Default Enabling Tool Settings Dr.Watson drwtsn32 –I WinDbg WinDbg –I Visual Studio Tools -> options --> Debugging --> Just-In-Time Enable All
  • 56. Page 56 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
  • 57. Page 57 2013 By K.S.Shanmuga sundaram WinDbg Setup Environment Variables _NT_SYMBOL_PATH _NT_ALT_SYMBOL_PATH _NT_DEBUGGER_EXTENSION_PATH _NT_EXECUTABLE_IMAGE_PATH _NT_SOURCE_PATH
  • 58. Page 58 2013 By K.S.Shanmuga sundaram WinDbg Setup Symbol, Image & Source path Setup Path Type File type Files Symbol path Program database files (.pdb) Target application, Windows binaries, and all dependents binaries. Source path Source files (.cpp & .h, .cs) Target application, CRT libraries, and all dependent binaries. Image Path Binary files (.exe, .dll) Target application, Windows dll, and all dependents.
  • 59. Page 59 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
  • 60. Page 60 2013 By K.S.Shanmuga sundaram Dump File Creation Using Tools Tool Remarks Process Explorer Right Click  Create Dump ProcDump procdump.exe -ma Target.exe WinDbg WinDbg -pv -pn Target.exe -c ".dump /ma DumpFileName.dmp;q" Task Manager Right Click  Create Dump Dr.Watson Drwatson.exe (Enable Create Dump File)
  • 61. Page 61 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
  • 62. Page 62 2013 By K.S.Shanmuga sundaram Dump File Creation Using Win32 API Refer Sample MFC_1
  • 63. Page 63 2013 By K.S.Shanmuga sundaram Agenda – Session2 Postmortem Debugger Settings1 WinDbg Setup2 Dump File creation using Tools3 Dump File creation using Win32 API4 Dump File Analyzing case study5
  • 64. Page 64 2013 By K.S.Shanmuga sundaram Case Study - 1 Exception type Access violation exception Sample code 1 – Refer Sample MFC_1 int* i = NULL; *i = 100; Sample code 2 Printf(“%s%s%s%s%s%s%s%s%s%s”);
  • 65. Page 65 2013 By K.S.Shanmuga sundaram Case Study - 2 Exception type Stack Overflow Sample code 1 – Refer Sample MFC_1 Void TestMethod() { unsigned char Temp[1024*1024*1024]; } Sample code 2 Void TestMethod() { TestMethod(); }
  • 66. Page 66 2013 By K.S.Shanmuga sundaram Case Study - 3 Exception type Divide by Zero Sample code 1 - Refer Sample MFC_1 Void TestMethod() { int nTemp = 100; nTemp = nTemp / (nTemp - nTemp ) }
  • 67. Page 67 2013 By K.S.Shanmuga sundaram Case Study - 4 Exception type High CPU usage Sample code 1 – Refer Sample MFC_2 UINT ThreadProc1(LPVOID pParam_in) { while(1); eturn 1; } UINT ThreadProc2(LPVOID pParam_in) { for(long i=0;i<200000;i++); return 1; } UINT ThreadProc3(LPVOID pParam_in) { for(long i=0;i<900000;i++); return 1; }
  • 68. Page 68 2013 By K.S.Shanmuga sundaram Case Study - 5 Exception type Deadlock Sample code 1 – Refer Sample MFC_3 UINT ThreadProc1(LPVOID pParam_in) { CommonMethod(); return 1; } UINT ThreadProc2(LPVOID pParam_in) { CommonMethod(); return 1; } void CommonMethod() { EnterCriticalSection(&CriticalSection); //LeaveCriticalSection(&CriticalSection); }
  • 69. Page 69 2013 By K.S.Shanmuga sundaram References "Microsoft Windows Internals” by Mark Russinovich and David Solomon 5th Edition "Advanced Windows Debugging" by Mario Hewardt and Daniel Pravat “Memory Dump Analysis Anthology“ by Dmitry Vostokov
  • 70. Page 70 2013 By K.S.Shanmuga sundaram Any Questions? Session - 2
  • 71. Page 71 2013 By K.S.Shanmuga sundaram Questions? For more details, please contact http://www.linkedin.com/in/shanmugasundaramks sundarammails@gmail.com K.S.Shanmuga sundaram Software Architect, Bangalore, India