Defrag Tools: #26 - WinDbg - Semaphores, Mutexes and Timers

Download

Right click “Save as…”

In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer.

This installment goes over the commands used to diagnose Semaphores, Mutexes and (Waitable) Timers in a user mode application. For timers, we delve deep in to the kernel to gather more information about them. We use these commands:

  • !handle
  • !handle <handle> <mask>
  • !object <name>
  • !object <addr>
  • !timer
  • !timer <addr>
  • ub @rip
  • dt nt!_KTHREAD <addr>

Make sure you watch Defrag Tools Episode #1 and Defrag Tools Episode #23 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbol and source code resolution.

Resources:
Synchronization Functions
Semaphore Objects
Mutex Objects
Waitable Timer Objects
Sysinternals LiveKD
Sysinternals WinObj
Windows 7 and Windows Server 2008 R2 Kernel Changes (Timer Coalescing)

Timeline:
[02:47] - Demo Apps [SkyDrive]
[03:08] - Semaphores
[09:32] - Mutexes
[15:32] - Waitable Timers
[15:58] - Clock Resolution
[17:05] - Timer Coalescing
[19:45] - Timer demo application
[25:05] - LiveKD makes a kernel dump
[26:37] - Object Manager - !object
[29:40] - DPC Timers - !timer
[35:22] - !timer <addr>
[35:52] - Waiting Threads - !thread <addr> 17
[37:08] - Wait Start TickCount
[38:55] - Kernel Wait Routines
[41:12] - Dump Type of Kernel Thread - dt nt!_KTHREAD <addr>
[42:00] - Running, Ready and Waiting states
[44:54] - Wakable Timers
[47:22] - powercfg.exe /waketimers
[49:18] - 'Century' DPC Timer Routine
[50:43] - Post in the forums and email us at defragtools@microsoft.com!

Tags:

Follow the Discussion

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.