Memory Analysis Patterns
Multiple Exceptions (user mode)
Multiple Exceptions (kernel mode)- Dynamic Memory Corruption (process heap)
- Dynamic Memory Corruption (kernel pool)
- False Positive Dump
- Lateral Damage
- Optimized Code
- Invalid Pointer (general)
- NULL Pointer (code)
- NULL Pointer (data)
- Inconsistent Dump
- Hidden Exception
- Deadlock (critical sections)
- Deadlock (executive resources)
- Deadlock (mixed objects, user space)
- Deadlock (LPC)
- Deadlock (mixed objects, kernel space)
- Changed Environment
- Incorrect Stack Trace
- OMAP Code Optimization
- No Component Symbols
- Insufficient Memory (committed memory)
- Insufficient Memory (handle leak)
- Insufficient Memory (kernel pool)
- Insufficient Memory (PTE)
- Insufficient Memory (virtual memory)
- Insufficient Memory (physical memory)
- Insufficient Memory (control blocks)
- Spiking Thread
- Module Variety
- Stack Overflow (kernel mode)
- Stack Overflow (user mode)
- Managed Code Exception
- Truncated Dump
- Waiting Thread Time (kernel dumps)
- Waiting Thread Time (user dumps)
- Memory Leak (process heap)
- Memory Leak (.NET heap)
- Missing Thread
- Unknown Component
- Double Free (process heap)
- Double Free (kernel pool)
- Coincidental Symbolic Information
- Stack Trace
- Virtualized Process (WOW64)
- Stack Trace Collection
- Coupled Processes
- High Contention (executive resources)
- High Contention (critical sections)
- Accidental Lock
- Passive Thread (user space)
- Passive System Thread (kernel space)
- Main Thread
- Busy System
- Historical Information
- IRP Distribution Anomaly
- Local Buffer Overflow
- Early Crash Dump
- Hooked Functions
- Custom Exception Handler
- Special Stack Trace
- Manual Dump (kernel)
- Manual Dump (process)
- Wait Chain (general)
- Wait Chain (critical sections)
- Wait Chain (executive resources)
- Wait Chain (thread objects)
- Wait Chain (LPC/ALPC)
- Wait Chain (process objects)
- Corrupt Dump
- Dispatch Level Spin
- No Process Dumps
- No System Dumps
- Suspended Thread
- Special Process
- Frame Pointer Omission
- False Function Parameters
- Message Box
- Self-Dump
- Blocked Thread
- Zombie Processes
- Wild Pointer
- Wild Code
- Hardware Error
- Handle Limit (GDI)
- Missing Component (general)
- Missing Component (static linking, user mode)
- Execution Residue
- Optimized VM Layout
- Invalid Handle
- Overaged System
- Thread Starvation
- Duplicated Module
- Not My Version (software)
- Not My Version (hardware)
- Data Contents Locality
- Nested Exceptions (unmanaged code)
- Nested Exceptions (managed code)
- Affine Thread
- Self-Diagnosis
- Inline Function Optimization
- Critical Section Corruption
- Lost Opportunity
- Young System
- Last Error Collection
- Hidden Module
- Data Alignment (page boundary)
- C++ Exception
- Divide by Zero (user mode)
- Swarm of Shared Locks
- Process Factory
- Paged Out Data
- Semantic Split
- Pass Through Function
- JIT Code (.NET)
- Ubiquitous Component
- Nested Offender
- Virtualized System
- Effect Component
- Well-Tested Function
- Mixed Exception
- Random Object
- Missing Process
- Platform-Specific Debugger
- Value Deviation (stack trace)
- CLR Thread
- Coincidental Frames
News
Heap Fragmentation
Hello All.
We have a bad heap fragmentation situation.
Switching to LFH didn't improve the issue.
0:000> !heap -s
LFH Key : 0x16658011
Heap Flags Reserv Commit Virt Free List UCR Virt Lock Fast
(k) (k) (k) (k) length blocks cont. heap
We have a bad heap fragmentation situation.
Switching to LFH didn't improve the issue.
0:000> !heap -s
LFH Key : 0x16658011
Heap Flags Reserv Commit Virt Free List UCR Virt Lock Fast
(k) (k) (k) (k) length blocks cont. heap
Categories: WinDbg
Wonders of Binary Compatibility
Just launched my game Blackjack, Jackpot and Slot applets written in pure Java 1.0 in 1997 and they still work in IE (I do launch them occasionally every few years):
http://vostokov.opentask.com/Applets.htm
Cannot believe it!
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Memory Dump ItTraces of reading, writing, and thinking for 2010-03-09
- Weekly algorithmics class: reading books Flex & Bison, Algorithms in a Nutshell and The Algorithm Design Manual #
- Listening to German and French expressions; reading Semiotics: The Basics and The Variety of Life while commuting home to work on CDASA, WDN #
- Trace analysis while listening to Haydn: Grosse Orgelmesse 4, Salve Regina 2-4b, Missa brevis 1 & reading Information and Its Role in Nature #
- Listening to German and French expressions; reading Literary Theory: The Basics and Europe: A History while commuting to the office #
Re: Windbg Handle Leak (c# AutoResetEvent)
Only two AutoResetEvents? I'm assuming that an AutoResetEvent class just has
one handle to a native event. If that's the case, I don't think two qualify
as a leak.
You could try `!handle 0 f Event` and see how many are auto reset event
handles are displayed to see if they are really leaking.
good luck.
one handle to a native event. If that's the case, I don't think two qualify
as a leak.
You could try `!handle 0 f Event` and see how many are auto reset event
handles are displayed to see if they are really leaking.
good luck.
Categories: WinDbg
Re: umdh version that displays line numbers
On Mar 8, 7:05 pm, "pat styles [microosft]" <pat.sty...@microsoft.com>
wrote:
Pat,
Thanks for the reply. I was able to get line numbers with umdh
version 6.1.7015.0. Nonetheless, I distinctly recall having problems
several years ago after upgrading where I had to revert to an older
version to get line numbers.
wrote:
Pat,
Thanks for the reply. I was able to get line numbers with umdh
version 6.1.7015.0. Nonetheless, I distinctly recall having problems
several years ago after upgrading where I had to revert to an older
version to get line numbers.
Categories: WinDbg
Need Help: can't debug CSRSS with NTSD-over-KD technique
Hi,
I need to debug CSRSS with the following guidance.
[link]
The environment is:
Vista SP1(target vmware VM)
XP SP2(host machine)
Windbg v6.11.1.404 is installed on both machines.
I take the following steps:
1. In Vista VM, enable CSRSS debugging by "Gflags /r +20000", setup kernel
I need to debug CSRSS with the following guidance.
[link]
The environment is:
Vista SP1(target vmware VM)
XP SP2(host machine)
Windbg v6.11.1.404 is installed on both machines.
I take the following steps:
1. In Vista VM, enable CSRSS debugging by "Gflags /r +20000", setup kernel
Categories: WinDbg
Icons for Memory Dump Analysis Patterns (Part 2)
Today we introduce an icon for Multiple Exceptions (kernel mode) pattern:
B/W
Color
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Memory Dump ItMDAA Advances in Metaphysics
Just noticed that Memory Dump Analysis Anthology, Volume 3 is on a metaphysics bestseller list on Amazon DE today (the volume indeed has a few articles related to Memoidealism and memory dumps + memory traces worldview):
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Memory Dump ItDebugging IIS Worker Process Communication Error
Hi there,
I hope this is a suitable group to ask this question in. Apologies if it
isn't.
We have an ASP.NET Web application which is periodically logging
problems with the worker process experiencing fatal communication errors
(A process serving application pool 'blah' suffered a fatal
communication error with the World Wide Web Publishing Service. The
I hope this is a suitable group to ask this question in. Apologies if it
isn't.
We have an ASP.NET Web application which is periodically logging
problems with the worker process experiencing fatal communication errors
(A process serving application pool 'blah' suffered a fatal
communication error with the World Wide Web Publishing Service. The
Categories: WinDbg
Re: dbghelp 6.12.2.633 not backwards compatible
No worries, Jochen.
.pat styles [microsoft]
Hallo pat!
Then I will say sorry, for my comment.
As you know from some of my previous posts, I cannot understand many of
the desicions at MS.
I appreciate it very much that you and Ivan are responding very good in
this newgroup. A big thanks from the community for this!
.pat styles [microsoft]
Hallo pat!
Then I will say sorry, for my comment.
As you know from some of my previous posts, I cannot understand many of
the desicions at MS.
I appreciate it very much that you and Ivan are responding very good in
this newgroup. A big thanks from the community for this!
Categories: WinDbg
Re: dbghelp 6.12.2.633 not backwards compatible
Hallo pat!
Then I will say sorry, for my comment.
As you know from some of my previous posts, I cannot understand many of
the desicions at MS.
I appreciate it very much that you and Ivan are responding very good in
this newgroup. A big thanks from the community for this!
Then I will say sorry, for my comment.
As you know from some of my previous posts, I cannot understand many of
the desicions at MS.
I appreciate it very much that you and Ivan are responding very good in
this newgroup. A big thanks from the community for this!
Categories: WinDbg
Re: dbghelp 6.12.2.633 not backwards compatible
Jochen, I respectfully submit to you that you haven't the slightest concept
of what I am talking about. Nothing in your posting even brushes close to
the behavior subtleties that I am describing when I say "defining the
intended behavior". Furthermore, I am not going to air those subtleties in
of what I am talking about. Nothing in your posting even brushes close to
the behavior subtleties that I am describing when I say "defining the
intended behavior". Furthermore, I am not going to air those subtleties in
Categories: WinDbg
Re: dbghelp 6.12.2.633 not backwards compatible
Hi pat!
Thanks for confirming it...
You cannot be serious!
The behavior should be clear: A redistributable DLL should always be up-
and downward compatible... this is the behavior with all windows DLLs,
why should dbghelp.dll have an other strategy?
Thanks for confirming it...
You cannot be serious!
The behavior should be clear: A redistributable DLL should always be up-
and downward compatible... this is the behavior with all windows DLLs,
why should dbghelp.dll have an other strategy?
Categories: WinDbg
Re: dbghelp 6.12.2.633 not backwards compatible
Thanks Roger.
Sorry for my delayed response and thank you for the explicit example. The
windbg team is now aware of the problem and is working on fixing it as well
as better defining the intended behavior.
.pat styles [microsoft]
Here is a simple test program:
int main()
{
HANDLE hProcess = ::GetCurrentProcess();
Sorry for my delayed response and thank you for the explicit example. The
windbg team is now aware of the problem and is working on fixing it as well
as better defining the intended behavior.
.pat styles [microsoft]
Here is a simple test program:
int main()
{
HANDLE hProcess = ::GetCurrentProcess();
Categories: WinDbg
Re: umdh version that displays line numbers
Hello Dog Daze.
I looked over the page mentioned in your posting and I saw nothing about
"optimize" or "umdh" on it. So I am not clear exactly what change you are
talking about. That said, maybe we can narrow this down. Do you have a
version of umdh this lists line numbers on the same target bits that the
I looked over the page mentioned in your posting and I saw nothing about
"optimize" or "umdh" on it. So I am not clear exactly what change you are
talking about. That said, maybe we can narrow this down. Do you have a
version of umdh this lists line numbers on the same target bits that the
Categories: WinDbg
Traces of reading, writing, and thinking for 2010-03-08
- Processed last month twitter notifications #
- Normalizing email correspondence #
- Listening to German expressions; reading Literary Theory: The Basics and Writing Systems while commuting home to work on MDAAV4 and WDN #
- Postmortem software trace analysis while listening to Mozart: Piano Concertos 1, 21 and 25 #
- Pattern-driven software trace analysis while listening to Bach: Cantatas BWV 116, 13 and 144 #
- Got Encyclopedia of Evolution (2 Volumes) in the post. It is interseting to compare it with Evolution: The First Four Billion Years #
- Memorianic lunch: RHoP Vol 1, A History of Christianity, Main Currents of Marxism, Software Studies, Trotsky (Thatcher), The Writer magazine #
- Comparative analysis of software traces while listening to Beethoven: Piano Sonatas 1,2,3 and reading Modeling: Gateway to the Unknown #
- Listening to German expressions; reading Judaism: The Basics and The Third Reich: A New History while commuting to the office #
umdh version that displays line numbers
The documentation at [link]
does not give a history of when umdh was "optimized". I had used the
older version that did have the optimization for stack traces, but now
work at a new employer, and do not remember which version of the DTW
that does not have this optimization.
does not give a history of when umdh was "optimized". I had used the
older version that did have the optimization for stack traces, but now
work at a new employer, and do not remember which version of the DTW
that does not have this optimization.
Categories: WinDbg
Re: WHEA_UNCORRECTABLE_ERROR (124)
I don't think anything more than section 15.9.2.5 of 253668.pdf
can be said.
can be said.
Categories: WinDbg
Icons for Memory Dump Analysis Patterns (Part 1)
I borrowed a pattern icon idea from the book I’m reading now: Algorithms in a Nutshell
From now on, every memory dump analysis pattern (and later trace analysis patterns) will have platform-independent pictorial representation. Today we introduce an icon for Multiple Exceptions (user mode) pattern:
B/W
Color
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Memory Dump ItTrace Analysis Patterns (Part 18)
Sometimes we have a sequence of Activity Regions with increasing values of Statement Current, like depicted here:
The boundaries of regions may be blurry and arbitrarily drawn. Nevertheless, the current is visibly increasing or decreasing, hence the name of this pattern: Trace Acceleration, by analogy with physical acceleration, second-order derivative. We can also metaphorically use here the notion of a partial derivative for trace statement current and acceleration for Threads of Activity and Adjoint Threads of Activity but whether it is useful remains to be seen.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Memory Dump It