Defrag Tools #172 - Application Hangs

Download this episode

Download Video

Download captions

Download Captions

Description

In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about Application Hangs. We collect a dump of a process and debug it with the Debugging Tools for Windows.

Resources:
Defrag Tools: #24 - WinDbg - Critical Sections
Defrag Tools: #25 - WinDbg - Events
Defrag Tools: #26 - WinDbg - Semaphores, Mutexes and Timers

Timeline:
[00:00] Happy New Year!
[01:20] Tools for Application Hang analysis
[02:36] Analyze Wait Chain in Task Manager
[04:36] Sysinternals ProcDump
[07:00] Thread List: ~
[07:34] Call Stack of each thread: ~*k
[08:28] Unique Call Stacks (filtering): !uniqstack
[11:26] Call Stacks (with N+ frames): !pde.deep [N]
[12:40] Call Stacks (with N+ frames) not on a wait: !pde.busy [N]
[15:20] Demo Apps and PDE are on the Defrag Tools OneDrive
[17:45] View Critical Section Locking: !locks
[21:48] Conclusion

Email us your questions and comments to defragtools@microsoft.com

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      siodmy

      WinDbg should evolve and be based around objects, like powershell. Filtering would be much easier, but also you could use the data to create custom visualizations and debugger-based monitoring (like deciding whether to dump the process based on the file path passed to CreateFile and whether MyModule!* is on the stack).

    • User profile image
      windev

      @siodmy:The new JavaScript support does exactly that. Stay tuned for more info.

    • User profile image
      tgrt

      @siodmy:I disagree. I like windbg just the way it is. There are other debugging tools out there, and maybe there's an audience for what you're describing. However, it shouldn't come at the expense of redefining windbg. 

    • User profile image
      windev

      The new JavaScript model balances both worlds nicely I think. It doesn't remove the old dscript approach (of which I'm a huge fan), it augments it.

      As Bill has shown, the LINQ queries, etc. that is supports makes some tasks very easy to achieve.

      If you haven't tried it already, download the MEX debugger extension. It was partly the inspiration for the JavaScript support -- as it is very good at filtering/chaining commands.

       

    • User profile image
      s3curity​Consult

      Chad's outfit matches the background, Great style in this episode Chad, when debugging crashes in the latest Windows 10 insider preview builds, symbols always are not found, the !analyze -v says WRONGSYMBOLS always, i downloaded the latest WDK and Adk but they are build 14986 and i'm now on build 15014 so the symbols dont match up? is there anything we can do to get up to date symbols?

    • User profile image
      ChadBeeder

      @s3curityConsult: Thanks. :) I was under the impression the officially released Windows Insider builds were supposed to have symbols indexed on the symbol server. If you do ".symfix" and then ".reload" does it find them?

    • User profile image
      Magic​Andre1981

      @ChadBeeder: for Build 15031 I also see no symbols on symbol server. For 15025 there is a MSI for symbols to download from here: https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewadvanced

    Add Your 2 Cents