TAILIEUCHUNG - Memory Dump Analysis Anthology- P7

Memory Dump Analysis Anthology- P7: This is a revised, edited, cross-referenced and thematically organized volume of selected blog posts about crash dump analysis and debugging written in 2006 - 2007 for software engineers developing and maintaining products on Windows platforms, technical support and escalation engineers dealing with complex software issues and general Windows users. | WinDbg Tips and Tricks 181 SUSPENDING THREADS Suspending threads during live kernel debugging session can be useful for debugging or reproducing race condition issues. For example when we have one thread that depends on another thread finishing its work earlier. Sometimes very rarely the latter thread finishes after the moment the first thread would expect it. In order to model this race condition we can simply patch the prologue code of the second thread worker function with ret instruction. This has the same effect as suspending the thread so it cannot produce the required data. Note n suspend and f freeze are for user mode live debugging only. Please purchase PDF Split-Merge on to remove this watermark 182 PART 2 Professional Crash Dump Analysis HEAP STACK TRACES If we have user mode stack trace DB enabled on Windows 2003 Server for some service or application and we get a crash dump and try to get saved stack traces using heap extension command we might get these errors 0 000 heap -k -h QQQaQQQQ Heap entries for SegmentOO in Heap 000a0c50 00c50 . 00040 01 - 000a0c90 00040 . 01818 07 - read heap entry extra at 000a24a0 000a24a8 01818 . 00030 07 - read heap entry extra at 000a24d0 000a24d8 00030 . 005a0 07 - 000a0000 busy 40 busy 1800 tail fill - unable to busy 18 tail fill - unable to busy 588 tail fill - unable to read heap entry extra at 000a2a70 The solution is to use old Windows 2000 extension Q QQQ . w2kfre -k -h QQQaQQQQ Stack trace 12 at 1021bfc 7c85fc22 ntdll RtlAllocateHeapSlowly QxQQQQQQ41 7c81d4df ntdll RtlAllocateHeap QxQQQQQE9F 7c83467a ntdll LdrpAllocateUnicodeString QxQQQQQQ35 7c8354f4 ntdll LdrpCopyUnicodeString QxQQQQQQ31 7c83517b ntdll LdrpResolveDllName QxQQQQQ195 7c834b2a ntdll LdrpMapDll QxQQQQQ14F 7c837474 ntdll LdrpLoadImportModule QxQQQQQ17C 7c837368 ntdll LdrpHandleOneNewFormatImportDescriptor QxQQQQQQ4D 7c837317 ntdll LdrpHandleNewFormatImportDescriptors QxQQQQQQ1D 7c837441 ntdll .

Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.