Crash Dumps for Dummies (Part 2)

Crash dump 불펌스페샬 2007. 5. 13. 23:43 posted by CecilDeSK
반응형
Crash Dumps for Dummies (Part 2)

Part 2 follows the discussion of various dump typesdepicted here:Dumps for Dummies (Part 1)

So the question arises: how to make surethecustomer got the right dump? And if the dump type is not what you asked for provide a recommendation for further actions. Troubled with such questions during my first years in Citrix technical support I decided to develop a lightweight Explorer extension and a command line version of dump checking tool called Citrix DumpCheck:

dumpcheck.JPG

Here it does basic checks for dump validity and shows the dump type: Complete memory dump

dumpcheckmsg.JPG

If it found small mini dump type (64Kb) the tool would have suggested to change settings in Control Panel.

The extension can be downloaded fromCitrix support web site (requires free registration):

Citrix DumpCheck Explorer Extension version 1.4

FAQ:

Q. Is it possible to show more information like process name in a user dump or whether full page heapwas enabled?

A. Certainly it is possible to include. However it requires access to OS symbol files during runtime and most customers don’t have them installed or downloaded from MS symbol server. So the design decision was not to include these checks in version 1.x. I consider to include this in next versions 2.x.

Q. The customer doesn’t want to modifyenvironment by installing extension. Is there any command line version of this tool?

A. Yes, there is. The followingarticle contains adownload link toa command line version of Citrix DumpCheck (requires free registration):

Citrix DumpCheck Utility (Command Line) version 1.4

Q. Does this extension work in 64-bit Windows?

A. No, but you can use command line equivalent shown in theanswer to the previous question. Also I’m planning to portthis extension to 64-bit soon and will announceas soon as I releaseit.

- Dmitry Vostokov -

반응형
반응형
Internet Based Crash Dump Analysis Service

I’m planning to launch in April - May a pilot version of free research online service IBCDAS (Internet Based Crash Dump Analysis Service) which is under development and will be integrated with Crash Dump Analysis Portal (www.dumpanalysis.org). The idea is to use Google API tosearch for crashsignaturesandstack traces on Internet and mine that information for a potential solution (a fix,a service pack, actual component vendor responsible for a bug, an article, etc.). Information from internet will be fed to a database in a structured form forfurther analysisand to help with similar or related problems.



- Dmitry Vostokov -

반응형
반응형
Using scripts to process hundreds of user dumps

Suppose you have 100 - 200 user dumps from various user processes in the system and you want to quickly check their thread stacks, locks, etc. to see something suspicious related to your product or its environment your customers complaining about.It is much easier to collect such information into text files and browse them quickly than open every dump in WinDbg. I usedshell script (VBScript) to automate loading dumps into WinDbg and used WinDbg scripts to run complex commands against loaded user dumps. For example, I used the following shell script:

'
' UDumps2Txt.vbs
'
Set fso = CreateObject("Scripting.FileSystemObject")
Set Folder = fso.GetFolder(".")
Set Files = Folder.Files
Set WshShell = CreateObject("WScript.Shell")
For Each File In Files
Set oExec = WshShell.Exec("C:Program FilesDebugging Tools for WindowsWinDbg.exe -y ""srv*c:mss*http://msdl.microsoft.com/download/symbols"" -z " +File.Name +" -c ""$$> Do While oExec.Status = 0
WScript.Sleep 1000
Loop
Next
'
' UDumps2Txt.vbs: End of File
'

and the following WinDbg script:

$$
$$ UDmp2Txt: Dump information from user dump into log
$$
.logopen /d
!analyze -v
!locks
~*kv
lmv
.logclose
$$
$$ UDmp2Txt: End of File
$$

The following command launches multiple Dmp2Txt conversions:

C:UserDumps>cscript /nologo c:scriptsUDumps2Txt.vbs

You can also use CDB from Debugging Tools for Windows (console debugger) instead of WinDbg. I just use WinDbguniformly instead ofusing separately CDB for user process dumps and KD for kernel and complete memory dumps.

Now when you have text files you can search for patternsusing regular expressions.I will write more about applying themlater. There is a very good book about them from practical point of view I read 6 years agowhen I neededto understand them beyondwildcards and question marks.Since that timethe book has undergone another two editions:

Mastering Regular Expressions, 3rd edition

Or you can processtext filesfurther and feedthem into your database - part of automated crash dump analysis system.



- Dmitry Vostokov -

반응형

'Crash dump 불펌스페샬' 카테고리의 다른 글

Crash Dumps for Dummies (Part 2)  (0) 2007.05.13
Internet Based Crash Dump Analysis Service  (0) 2007.05.13
Automated Crash Dump Analysis Part1  (0) 2007.05.13
New SystemDump tool  (2) 2007.05.13
UML and Device drivers  (3) 2007.05.13

Automated Crash Dump Analysis Part1

Crash dump 불펌스페샬 2007. 5. 13. 23:40 posted by CecilDeSK
반응형
Automated Crash Dump Analysis Part1

I’ve been doing some research in this direction and found so many patents filed, to name a few:

Method and expert system for analysis of crash dumps

System for performing dump analysis

Some companies have their own systems. For example, Microsoft has its own Online Crash Analysis system (OCA) and even promotes itsCorporate Error Reporting (CER) tool.CER architecture is described in the following document:

CER_Implementation_Plan

Inthe nextparts Iwill try to outline different implementation choices for building automated crash dump analysis system anddiscuss their advantages and disadvantages fromexpertsystemsperspective.

- Dmitry Vostokov -

반응형