I"m trying to find all object of type module!SomeClass in the heap. I thought a command like this would've worked: > s -v 0 L?0xfffffff module!SomeClass but alas, it does not. If I knew how to find the vtable address for that class, I could then search memory for references to that vtable, but I haven't had much luck finding that ei...
When I analyzed a crush dump file, I often got such errors: 0:025> kP Child-SP RetAddr Call Site 0000000005a4fc78 0000000077548638 ntdll!DbgBreakPoint(void) [d:\w7rtm\minkernel\ntos\rtl\amd64\debugstb.asm @ 51] 0000000005a4fc80 00000000774b39cb ntdll!DbgUiRemoteBreakin( void * Context = 0x0000000000000000)+0x38 [d:...
I am trying to track down why a string is stored so long in my application, and eating up an excessive amount of memory. I have a Windows Service which runs regularly. It reads data from a database (in the form of a DataSet) and then does some processing - all managed .NET. The Windows Service is triggered once every 5 or so minutes,...
Hello, Sometimes my application consumes 100 cpu. When I investigate crush dumps in windbg I always see huge "request queue" in the log and I am very suspicious of this huge amount of requests. Definitely I want to know where they come from, but at the first place I don't quite understand what it means. Does it mean that there are lots ...
I have an C++ MFC project I'd like to debug with wndbg, and I need to generate the symbols for it when compiling the project. Does anybody know how to do that? I thought that de .pdb files where enough, but wndbg complains it cannot find symbol files at the path where these .pdb file reside for my project. ...
I am trying to find out for how long the process was running before it crashed. Is it possible to find this information from the dump. ...
I'm getting an access violation in a program. Windbg shows that the program is trying to read at 0x09015000. It shows question marks (??) next to the address. My question is, what do these question marks indicate. Do they mean the memory location was never allocated, i.e. it's not backed by any physical memory (or page file)? Or is it so...
I've read a lot of similar questions, but I can't seem to find an answer to exactly what my problem is. I've got a set of minidumps from a 32-bit application that was running on 64-bit Windows 2008. The 32-bit Visual Studio on my 32-Bit Vista Business wouldn't touch them at all, so I've been trying to open them in WinDbg. I don't have...
I'm debugging some random crash bugs, but actually very difficult to go deep into. Because when i open crash dump, only find one error: 0:000> .exr -1 ExceptionAddress: 00000000 ExceptionCode: 80000003 (Break instruction exception) ExceptionFlags: 00000000 NumberParameters: 0 Actually i haven't set any hard-code breakpoint in co...
Hi, We have a large asp.net application that is leaking memory. Perfmon shows that this leak is in managed memory as W3WP private bytes grows at the same rate as bytes in all heaps. I can also see that Gen 2 garbage collections are running but the Gen 2 heap size continues to grow. I took a memory dump and analysed in WinDbg and can ...
In our ASP.NET web app we're experiencing a quite extensive memory leak which I am investigating right now. Using WinDbg I got down to the largest memory eaters in our app which are (ran !dumpheap -stat in the WinDbg console to get these): MethodTable Addr Count Overall size Type ... 000007fee8306e10 212928 25551360 System.Web....
Hi, I have a process which, when I click on a button on its UI, launches another process. This process it spawns shuts down without warning or any clues in the logs. How should I use windbg to understand this problem? Furthermore, what do I put for the symbol files path? To download the symbols from the MS symbolserver. I am not sure i...
I want to set a breakpoint for the System.IO.FileStream.Read() of mscorlib to trace when file reading occurs. I don't have the source code for the executable. I want to launch the trace from the entry point of MSIL code. ...
I'd like to set a breakpoint at a certain function, and each time it breaks, I'd like to search a memory range for a certain string. If that string exists, I'd like to not continue. If it does, then continue. Any suggestions? I'm thinking it'd look something like this: .foreach /s line (s -a 0 L?0xfffffff "UNIQUE_STRING") { .if (lin...
My job involves system-level performance testing with third party tools that I do not have sources for. I'm also testing Windows, and can use debugging symbols but not Windows source code. I'd like a quantitative way to describe the areas of the host OS my tests cover. There are two big steps to this: identifying what DLLs and functio...
I am debugging the live process (not dump) of PresentationHost.exe. It used to works fine, but suddenly few days ago I get the above error message. !Threads, !pe, virtually all SOS command doesn't work. All I remember is that I installed Visual Studio 2010 and .NET framework 4.0 before I'm getting that error. Is it related? UPDATE: I ...
Is it possible to use windbg commands like !locks and .loadby sos mscorwks from the Visual Studio command window (in a debug session)? I've noticed I can use eg k to print a stack trace, so I was wondering if there is some way to get access to the other commands. ...
Hi All, I will start by saying this is the first time I have done anything with WinDbg so excuse my silly mistakes if that is the issue. My website has been using a lot of memory and after reading blogs and watching videos by Tess Fernandez I am trying to use WinDBG to analyze my dump file. The setup: My web server is a Windows 2008 6...
Is it possible to attach once in native, then open second VStudio window and attach in managed mode? ...
When I issued clrstack command, I got the following output. It is the callstack of a blocking thread which owns a deadlock and results in a deadlock. Is that its exact purpose? Does it have any other purposes (without any parameters). Where can I get more information? !clrstack OS Thread Id: 0x1b2c (6956) ESP EIP 0012f370 7c9...