用Windbg Attach到目标进程,
通过!runaway命令来列出各线程所耗费的时间。占用时间最多的就是那些假死的线程了。
0:000> !runaway
User Mode Time
Thread Time
0:139c 0 days 0:15:16.443
4:708 0 days 0:00:07.878
5:1990 0 days 0:00:00.124
6:784 0 days 0:00:00.031
3:14d8 0 days 0:00:00.031
15:9e0 0 days 0:00:00.015
16:1b64 0 days 0:00:00.000
14:ac4 0 days 0:00:00.000
13:1318 0 days 0:00:00.000
12:1c94 0 days 0:00:00.000
11:194c 0 days 0:00:00.000
10:9c8 0 days 0:00:00.000
9:1618 0 days 0:00:00.000
8:a54 0 days 0:00:00.000
7:1b4c 0 days 0:00:00.000
2:1e50 0 days 0:00:00.000
1:a10 0 days 0:00:00.000
然后~*kb列出各线程的调用栈,分析一下耗费时间长的线程的调用栈基本可以找出问题所在的原因。
0:000> ~*kb
. 0 Id: de4.139c Suspend: 0 Teb: 7ffdf000 Unfrozen
ChildEBP RetAddr Args to Child
0012cc30 67711fe0 0d90fc38 0d90fc3c 0086cd64 msvcrt!memmove+0x5a
0012cc50 6771ee7c 06ee9600 06ecec00 00004d12 mshtml!CImplPtrAry::DeleteByValue+0x5c
0012cc68 6772d0b2 0033f1b0 0000001c 0033ed7c mshtml!CDoc::ReleaseUrlImgCtx+0x3e
0012cc8c 6772cfe7 00000004 00000000 06ee9600 mshtml!CElement::ReleaseImageCtxts+0x102
0012ccb4 676cae90 093d16e0 00000000 0012ccd8 mshtml!CElement::Passivate+0x218
0012ccc4 676cacfb 06ee9600 093d16e0 01719c78 mshtml!CBase::PrivateRelease+0x33
0012ccd8 71a3656a 06ee9600 0012cd0c 71a361d8 mshtml!CElement::PrivateRelease+0x40
0012cce4 71a361d8 00000000 0000003f 00919b78 jscript9!HostVariant::Dispose+0x52
0012ccf8 71a360f6 0091abb7 00919698 00919698 jscript9!HeapBucket::DisposeObjects+0x60
0012cd0c 71a360d0 00919b78 71a37091 fcc9732c jscript9!HeapInfo::DisposeObjects+0x1a
0012cd14 71a37091 fcc9732c 00919698 0165f150 jscript9!Recycler::FinishCollection+0x30
0012cd4c 71a34cb3 00000000 00000000 00000000 jscript9!Recycler::FinishConcurrentCollect+0x220
0012cd74 71a36b10 00919698 71a36f71 00000000 jscript9!ThreadContext::ExecuteRecyclerCollectionFunction+0x2a
0012cd94 7197819d 00000000 00918fe8 072d9dc0 jscript9!Recycler::FinishConcurrent+0x68
0012cdb4 719784e4 0165f150 00918fe8 0012cddc jscript9!ThreadContext::EnterScriptStart+0x9b
0012ce18 7197845a 00918fe8 00000001 025537e0 jscript9!Js::JavascriptFunction::CallRootFunction+0x6a
0012ce54 719783e6 00000000 0012ce84 00000001 jscript9!ScriptSite::CallRootFunction+0x4f
0012ce7c 719b12a1 072d9dc0 0012cea0 00000000 jscript9!ScriptSite::Execute+0x63
0012ceb0 71977fe8 072d4a40 00000000 00000000 jscript9!JavascriptDispatch::InvokeOnSelf+0x105
0012cf1c 71978140 072d4a44 00000000 00000000 jscript9!JavascriptDispatch::InvokeEx+0x268