How to use WinDBG to debug

How to use WinDBG to debug

 

Collecting Memory Dump

 

The easiest way to collect memory dump is to use adplus.vbs script.

This script can be used to collect hanging/crashing memory dump, but most of the time you will be looking at the hang.

 

While the process is running, run the following command:

 

c:/debuggers>adplus -hang -pn <ProcessName> -o <OutputDir>

 

For example, to collect memory dump for PubSub would be

 

c:/debuggers>adplus -hang -pn PubSubJob.exe -o e:/

 

For IIS, you can do one of the two following ways:

 

c:/debuggers>adplus -hang -iis -o e:/

c:/debuggers>adplus -hang -pn w3wp.exe -o e:/

 

Both of them would take a memory dump of IIS, but the first one would also include a few other related processes.

 

In the case of managed code, most of the necessary information is already embedded in the meta data, so you don't need to worry about symbols much.

 

Windbg and SOS

 

windbg is originally written for debugging native code. In order to support managed code, you will need to include SOS (Son of Strike). There is a private version of SOS is available on toolbox called Psscor ( http://toolbox/22153). You will need to load 32bit or 64bit version depending on where the memory dump is taken.

 

To start analyzing the memory dump, open windbg, and go File -> Open Crash Dump and specify the .dmp file.

 

Once the memory dump is loaded, wait until the initial processing is done.

 

When everything is loaded, you can now load the SOS by typing

 

> .load <path>

 

For example,

 

> .load //transfer/transfer/jackliu/psscor2x86.dll

 

After the SOS is loaded, you are ready to perform analysis.