In the previous Dumps for Dummies (Part 3)I tried to explain the nature of crashes. Another category of problems happens very often and we also need a dump for analysis: hangs. There issome confusion exists in understanding the difference between these two categories:crash andhang. Although sometimes a hang is a direct consequence of a crash most of the time hangs happen independently. They also manifest themselves differently. Lets look at application (process) crashes and hangs first. When a crash happensan application (process) often disappears. When hang happensan application (process)is still in memory: you can see it in Task Manager, for example,but it doesn’t respond to user commands or to any other requests like pinginga TCP/IP port. If we have a crash in OS then the most visible manifestation is blue screen and/or reboot. If we have a hang then everything freezes.
Application or system hang happens because from high levelview of the interaction betweenapplication or OS components (modules)is done via messages. One component sends a message to another and waits for a response.Some components are critical, for example, registry. The following hand-made picturedepicts very commonsystem hang situationswhen the register component stops responding. Then every running application (process) stops respondingif its execution path depends on registry access.
The very common reason for hang is so called deadlock when two running applications (their execution paths, threads) are waiting for each other. Here is the analogy witha blocked road:
In order to see what’s inside the process or OS which causeda hang we need a dump. Usually this dumpiscalled a crash dump too because in order to get it the usual method is to make some sort of a trap which causesanapplication or OS to crash and to save the dump. I personally prefer to callthese dumps just memory dumps to avoid confusion.
How can you get a memory dump if your application or service hangs?
How can you get a memory dumpif yoursystem hangs?
For most system hangs choosing Kernel memory dump option in Control PanelSystemAdvancedStartup and Recovery applet is sufficient. Kernel memory dumps are smaller and less susceptible to corruption or truncation due tosmall page file size. If you discover that you need to peer inside running user applications then you can always ask for another Complete memory dump when the problem happens again.
- DmitryVostokov -
'Crash dump 불펌스페샬' 카테고리의 다른 글
| 불펌란의 저자에 대해서 (0) | 2007.05.13 |
|---|---|
| The Elements of Crash Dump Analysis Style (1) | 2007.05.13 |
| Crash Dumps for Dummies (Part5) (3) | 2007.05.13 |
| Crash Dumps for Dummies (Part 3) (0) | 2007.05.13 |
| Crash Dumps for Dummies (Part 1) (0) | 2007.05.13 |
