Tags

,

In Linux, there are many alternatives for in vivo profiling weather debug symbols included or not. For a small survey, here is my previous post. For windows side, the best free alternative I am able to find that is useful is memory dumps used to get process snapshots.

Assume that we have a process that we want to investigate what she is dealing with. The reason may be malfunction, profiling, etc. From task manager select the process and request for a memory dump.

memory dump - create a memory dump

In order to get useful information from this dump, we would need public and hopefully private symbols that should be in program database, usually kept in a pdb file. In order to have debug information stored in program database we may use /Zi option while taking the build.

memory dump - compiling to generate symbols

Now we need a platform to investigate our memory dump using symbol information we have. Get WinDbg from Microsoft (Windows Driver Kit will do the job).

Run WinDbg, choose dump file, set path for windows and application symbols (if not already done), and request for discard wow64 stuff, if you try to investigate 32 bit dump as;

memory dump - windbg

Now we may investigate where the threads are lingering using commands like kb (call stack)

memory dump - kb

Thanks to Mr.Turgu for initial idea of memory dump. As he has chosen to join dark side, God shall let his soul rest in peace.

Advertisements