Appendix A. Appendix

Contention Patterns

  • High Contention (executive resources) - Volume 1, page 421

  • High Contention (critical sections) - Volume 2, page 341

  • High Contention (processors) - page 82

Raw Stack Analysis Scripts

  • Raw Stack Dump of All Threads (Process) – Volume 1, page 231 and Volume 3, page 62

  • Raw Stack Dump of All Threads (Complete Dump) – Volume 1, page 236

  • Raw Stack Dump of All Threads (WOW64 Process) – Volume 4, page 31

  • Raw Stack Dump of All Threads (x64 and x86) – page 39

Crash Dump Analysis Checklist

General:

  • Symbol servers (.symfix)

  • Internal database(s) search

  • Google or Microsoft search for suspected components as this could be a known issue. Sometimes a simple search immediately points to the fix on a vendor's site

  • The tool used to save a dump (to flag false positive, incomplete or inconsistent dumps)

  • OS/SP version (version)

  • Language

  • Debug time

  • System uptime

  • Computer name (dS srv!srvcomputername or !envvar COMPUTERNAME)

  • List of loaded and unloaded modules (lmv or !dlls)

  • Hardware configuration (!sysinfo)

  • .kframes 100

Application crash or hang:

  • Default analysis (!analyze -v or !analyze -v -hang for hangs)

  • Critical sections (!cs -s -l -o) for both crashes and hangs

  • Component timestamps, duplication and paths. DLL Hell? (lmv and !dlls)

  • Do any newer components exist?

  • Process threads (~*kv or !uniqstack)

  • Process uptime

  • Your components on the full raw stack of the problem thread

  • Your components on the full raw stack of the main application thread

  • Process size

  • Number of threads

  • Gflags value (!gflag)

  • Time consumed by thread (!runaway)

  • Environment (!peb)

  • Import table (!dh)

  • Hooked functions (!chkimg)

  • Exception handlers (!exchain)

  • Computer name (!envvar COMPUTERNAME)

System hang:

  • Default analysis (!analyze -v -hang)

  • ERESOURCE contention (!locks)

  • Processes and virtual memory including session space (!vm 4)

  • Important services are present and not hanging (for example, terminal or IMA services for Citrix environments)

  • Pools (!poolused)

  • Waiting threads (!stacks)

  • Critical system queues (!exqueue f)

  • I/O (!irpfind)

  • The list of all thread stack traces (!process 0 ff for W2K3/XP/Vista/W2K8, ListProcessStacks script for W2K, Volume 1, page 222)

  • LPC/ALPC chain for suspected threads (!lpc message or !alpc/m after search for "Waiting for reply to LPC" or "Waiting for reply to ALPC" in !process 0 ff output)

  • Mutants (search for "Mutants - owning thread" in !process 0 ff output)

  • Critical sections for suspected processes (!cs -l -o -s)

  • Sessions, session processes (!session, !sprocess)

  • Processes (size, handle table size) (!process 0 0)

  • Running threads (!running)

  • Ready threads (!ready)

  • DPC queues (!dpcs)

  • The list of APCs (!apc)

  • Internal queued spinlocks (!qlocks)

  • Computer name (dS srv!srvcomputername)

  • File cache, VACB (!filecache)

BSOD:

  • Default analysis (!analyze -v)

  • Pool address (!pool)

  • Component timestamps.

  • Processes and virtual memory (!vm 4)

  • Current threads on other processors

  • Raw stack

  • Bugcheck description (including ln exception address for corrupt or truncated dumps)

  • Bugcheck callback data (!bugdump for systems prior to Windows XP SP1)

  • Bugcheck secondary callback data (.enumtag)

  • Computer name (dS srv!srvcomputername)

  • Hardware configuration (!sysinfo)

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.44.192