zoukankan      html  css  js  c++  java
  • Windbg学习使用

      WinDbg是微软发布的一款相当优秀的源码级(source-level)调试工具,可以用于Kernel模式调试和用户模式调试,还可以调试Dump文件。

    1. WinDbg介绍:
        Debugging Tools and Symbols: Getting Started
    http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx
        A word for WinDbg
    http://mtaulty.com/communityserver/blogs/mike_taultys_blog/archive/2004/08/03/4656.aspx


    2. WinDbg下载:
      Install Debugging Tools for Windows 32-bit Version
    http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
      Install Debugging Tools for Windows 64-bit Versions
    http://www.microsoft.com/whdc/devtools/debugging/install64bit.mspx


    3. 配置WinDbg:
         运行WinDbg->菜单->File->Symbol File Path->按照下面的方法设置_NT_SYMBOL_PATH变量:
    在弹出的框中输入“C:MyCodesSymbols; SRV*C:MyLocalSymbols*http://msdl.microsoft.com/download/symbols”(按照这样设置,WinDbg将先从本地文件夹C:MyCodesSymbols中查找Symbol,如果找不到,则自动从MS的Symbol Server上下载Symbols)。另一种做法是从这个Symbol下载地址中http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx,下载相应操作系统所需要的完整的Symbol安装包,并进行安装,例如我将其安装在D:WINDOWSSymbols,在该框中输入“D:WINDOWSSymbols”。(这里要注意下载的Symbols的版本一定要正确,在我的Win2003+Sp1上,我曾经以为安装Win2003+Sp2的Symbols可能会牛×点,但结果证明我错了,用WinDbg打开可执行文件时,提示“PDB symbol for mscorwks.dll not loaded;Defaulted to export symbols for ntdll.dll”的错误,我有重新装上Win2003+Sp1的Symbols, 现在一切运行正常^_^


    5. 使用WinDbg Dump文件:
         WinDbg提供了图形界面和命令行两种运行方式。这里介绍使用图形界面的WinDbg来调试应用程序:
         File->OpenExecutable->可以选择一个可执行文件进行调试;
         File->Attache to a Process->可以选择一个运行中的进程,并对其进行调试;

    程序崩溃(crash)的时候, 为了以后能够调试分析问题, 可以使用WinDBG要把当时程序内存空间数据都保存下来,生成的文件称为dump 文件。 步骤:
    1) 打开WinDBG并将之Attach 到crash的程序进程
    2) 输入产生dump 文件的命令
    WinDBG产生dump 文件的命令是 .dump ,可以选择不同的参数来生成不同类型的dump文件。
    选项(1): /m
    命令行示例:.dump /m C:dumpsmyapp.dmp
    注解: 缺省选项,生成标准的minidump, 转储文件通常较小,便于在网络上通过邮件或其他方式传输。 这种文件的信息量较少,只包含系统信息、加载的模块(DLL)信息、 进程信息和线程信息。
    选项(2): /ma
    命令行示例:.dump /ma C:dumpsmyapp.dmp
    注解: 带有尽量多选项的minidump(包括完整的内存内容、句柄、未加载的模块,等等),文件很大,但如果条件允许(本机调试,局域网环境), 推荐使用这中dump。
    选项(3):/mFhutwd
    命令行示例:.dump /mFhutwd C:dumpsmyapp.dmp
    注解:带有数据段、非共享的读/写内存页和其他有用的信息的minidump。包含了通过minidump能够得到的最多的信息。是一种折中方案。
     
    转载捉虫记(实践)

    1.打开windbg加载dump文件后第一个命令lmf,这个命令显示加载的dll以及路径,这样子可以找个dll来帮忙加载sos,(额,我记不住load那么长的路径啊)

    0:000> lmf

    start end module name

    ……

    00007ffb`a3750000 00007ffb`a375a000 version C:WindowsSystem32version.dll

    00007ffb`a37e0000 00007ffb`a444e000 System_ni C:WindowsassemblyNativeImages_v4.0.30319_64System10e3367d9097070044e05c2825a4a1e9System.ni.dll

    00007ffb`a4450000 00007ffb`a457f000 clrjit C:WindowsMicrosoft.NETFramework64v4.0.30319clrjit.dll

    00007ffb`a4580000 00007ffb`a5b0d000 mscorlib_ni C:WindowsassemblyNativeImages_v4.0.30319_64mscorliba20cafac04a2e9b3bcb5ec4d674775e5mscorlib.ni.dll

    ……

    2.还是loadby比load好用吧(嘿嘿)

    0:000> .loadby sos clrjit

    我们要看看cpu情况咋样

    0:000> !tp

    CPU utilization: 100%

    Worker Thread: Total: 8 Running: 7 Idle: 1 MaxLimit: 32767 MinLimit: 4

    Work Request in Queue: 0

    --------------------------------------

    Number of Timers: 0

    --------------------------------------

    Completion Port Thread:Total: 1 Free: 1 MaxFree: 8 CurrentLimit: 1 MaxLimit: 1000 MinLimit: 4

    嗯,情况足够残。。

    3.我们看看那个线程占用的高吧

    0:000> !runaway

    User Mode Time

    Thread Time

    21:32e4 0 days 0:00:43.671

    20:2d1c 0 days 0:00:43.187

    22:1110 0 days 0:00:42.828

    25:257c 0 days 0:00:42.625

    19:337c 0 days 0:00:36.984

    26:32c8 0 days 0:00:35.906

    30:2f78 0 days 0:00:35.796

    7:30c0 0 days 0:00:00.140

    11:2758 0 days 0:00:00.062

    13:2644 0 days 0:00:00.031

    12:2770 0 days 0:00:00.031

    。。。

    4.线程太少,好像不是GC啥的关系,都是用户态用的。

    0:000> !threads

    ThreadCount: 18

    UnstartedThread: 0

    BackgroundThread: 17

    PendingThread: 0

    DeadThread: 1

    Hosted Runtime: no Lock

    ID OSID ThreadOBJ State GC Mode GC Alloc Context Domain Count Apt Exception

    7 1 30c0 000000df603e3170 28220 Preemptive 0000000000000000:0000000000000000 000000df603d9ff0 0 Ukn

    14 2 26c4 000000df6040e790 2b220 Preemptive 000000E060F2C908:000000E060F2DC90 000000df603d9ff0 0 MTA (Finalizer)

    16 3 2cac 000000df5fc17e40 102a220 Preemptive 0000000000000000:0000000000000000 000000df603d9ff0 0 MTA (Threadpool Worker)

    17 4 33c0 000000df6047c7d0 21220 Preemptive 0000000000000000:0000000000000000 000000df603d9ff0 0 Ukn

    18 6 3174 000000df6051b420 1020220 Preemptive 0000000000000000:0000000000000000 000000df603d9ff0 0 Ukn (Threadpool Worker)

    19 7 337c 000000df60549fa0 1029220 Cooperative 000000E260B93590:000000E260B947D0 000000df6047b7d0 1 MTA (Threadpool Worker)

    20 8 2d1c 000000df6054b370 1029220 Cooperative 000000E060FA2DD8:000000E060FA3C90 000000df6047b7d0 0 MTA (Threadpool Worker)

    21 9 32e4 000000df60560a10 1029220 Cooperative 000000E260B5F130:000000E260B607D0 000000df6047b7d0 0 MTA (Threadpool Worker)

    22 10 1110 000000df60561690 1029220 Cooperative 000000DF60B5AB48:000000DF60B5B178 000000df6047b7d0 0 MTA (Threadpool Worker)

    25 11 257c 000000df5fc28520 1029220 Cooperative 000000E160AE4988:000000E160AE6190 000000df6047b7d0 0 MTA (Threadpool Worker)

    26 12 32c8 000000df5fc29c90 1029220 Cooperative 000000E1610D4570:000000E1610D4A60 000000df6047b7d0 0 MTA (Threadpool Worker)

    XXXX 13 0 000000df5fc2a460 8039820 Preemptive 0000000000000000:0000000000000000 000000df603d9ff0 0 Ukn (Threadpool Completion Port)

    28 15 1a64 000000df5fc2b400 202b220 Preemptive 0000000000000000:0000000000000000 000000df6047b7d0 1 MTA

    29 16 2fbc 000000df5fc2bbd0 8029220 Preemptive 000000DF60F077D0:000000DF60F09178 000000df603d9ff0 0 MTA (Threadpool Completion Port)

    30 17 2f78 000000df5fc28cf0 1029220 Cooperative 000000DF6167E630:000000DF6167F8B0 000000df6047b7d0 0 MTA (Threadpool Worker)

    31 5 312c 000000df5fc294c0 1029220 Preemptive 000000E1610E0D88:000000E1610E2A60 000000df603d9ff0 0 MTA (Threadpool Worker)

    2 14 2fb8 000000df5fc2ac30 20220 Preemptive 000000E061ADF4B8:000000E061AE1358 000000df603d9ff0 0 Ukn

    3 18 2c88 000000df604c6f60 20220 Preemptive 000000DF6167FA30:000000DF616818B0 000000df603d9ff0 0 Ukn

    0:000> .time

    Debug session time: Wed Sep 24 15:11:53.000 2014 (UTC + 8:00)

    System Uptime: 0 days 5:43:30.998

    Process Uptime: 0 days 0:01:16.000

    Kernel time: 0 days 0:00:00.000

    User time: 0 days 0:04:42.000

    5.随便找几个线程看看吧

    0:000> ~21s

    mscorlib_ni+0x5535e0:

    00007ffb`a4ad35e0 488b4b10 mov rcx,qword ptr [rbx+10h] ds:000000e0`607f0e28=000000e060fa2d78

    0:021> !clrstack

    OS Thread Id: 0x32e4 (21)

    Child SP IP Call Site

    000000e3ab54da90 00007ffba4ad35e0 System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib],[System.__Canon, mscorlib]].Insert(System.__Canon, System.__Canon, Boolean)

    000000e3ab54db20 00007ffb46ec5de9 *** ERROR: Module load completed but symbols could not be loaded for System.Web.Optimization.dll

    System.Web.Optimization.BundleCollection.Add(System.Web.Optimization.Bundle)

    /*********这里是客户代码*************/

    000000e3ab54e400 00007ffb46a55aca Rabbit.Web.Environment.Impl.WebHost.ActivateShell(Rabbit.Kernel.Environment.ShellBuilders.ShellContext)

    000000e3ab54e490 00007ffb46a44fd3 Rabbit.Web.Environment.Impl.WebHost.<CreateAndActivateShells>b__f(Rabbit.Kernel.Environment.Configuration.ShellSettings)

    000000e3ab54e520 00007ffba530df6d System.Threading.Tasks.Parallel+<>c__DisplayClassf`1[[System.__Canon, mscorlib]].<ForWorker>b__c()

    000000e3ab54e630 00007ffba52f0452 System.Threading.Tasks.Task.InnerInvokeWithArg(System.Threading.Tasks.Task)

    000000e3ab54e660 00007ffba54a8911 System.Threading.Tasks.Task+<>c__DisplayClass11.<ExecuteSelfReplicating>b__10(System.Object)

    000000e3ab54e700 00007ffba4ab30ee System.Threading.Tasks.Task.Execute()

    000000e3ab54e770 00007ffba4a18355 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

    000000e3ab54e8d0 00007ffba4a180c9 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

    000000e3ab54e900 00007ffba4ab33c5 System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef)

    000000e3ab54e9e0 00007ffba4ab2a65 System.Threading.Tasks.Task.ExecuteEntry(Boolean)

    000000e3ab54ea20 00007ffba4a9a22a System.Threading.ThreadPoolWorkQueue.Dispatch()

    000000e3ab54ef78 00007ffba5c40453 [DebuggerU2MCatchHandlerFrame: 000000e3ab54ef78]

    000000e3ab54f118 00007ffba5c40453 [ContextTransitionFrame: 000000e3ab54f118]

    000000e3ab54f338 00007ffba5c40453 [DebuggerU2MCatchHandlerFrame: 000000e3ab54f338]

    0:021> ~20s

    mscorlib_ni+0x5535f4:

    00007ffb`a4ad35f4 488d1476 lea rdx,[rsi+rsi*2]

    0:020> !clrstack

    OS Thread Id: 0x2d1c (20)

    Child SP IP Call Site

    000000e3ab40dbe0 00007ffba4ad35f4 System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib],[System.__Canon, mscorlib]].Insert(System.__Canon, System.__Canon, Boolean)

    000000e3ab40dc70 00007ffb46ec5de9 System.Web.Optimization.BundleCollection.Add(System.Web.Optimization.Bundle)

    /*********这里是客户代码*************/

    000000e3ab40e5e0 00007ffb46a44fd3 Rabbit.Web.Environment.Impl.WebHost.<CreateAndActivateShells>b__f(Rabbit.Kernel.Environment.Configuration.ShellSettings)

    000000e3ab40e670 00007ffba530df6d System.Threading.Tasks.Parallel+<>c__DisplayClassf`1[[System.__Canon, mscorlib]].<ForWorker>b__c()

    000000e3ab40e780 00007ffba52f0452 System.Threading.Tasks.Task.InnerInvokeWithArg(System.Threading.Tasks.Task)

    000000e3ab40e7b0 00007ffba54a8911 System.Threading.Tasks.Task+<>c__DisplayClass11.<ExecuteSelfReplicating>b__10(System.Object)

    000000e3ab40e850 00007ffba4ab30ee System.Threading.Tasks.Task.Execute()

    000000e3ab40e8c0 00007ffba4a18355 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

    000000e3ab40ea20 00007ffba4a180c9 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

    000000e3ab40ea50 00007ffba4ab33c5 System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef)

    000000e3ab40eb30 00007ffba4ab2a65 System.Threading.Tasks.Task.ExecuteEntry(Boolean)

    000000e3ab40eb70 00007ffba4a9a22a System.Threading.ThreadPoolWorkQueue.Dispatch()

    000000e3ab40f0c8 00007ffba5c40453 [DebuggerU2MCatchHandlerFrame: 000000e3ab40f0c8]

    000000e3ab40f268 00007ffba5c40453 [ContextTransitionFrame: 000000e3ab40f268]

    000000e3ab40f488 00007ffba5c40453 [DebuggerU2MCatchHandlerFrame: 000000e3ab40f488]

    后面随便在搞几个占用时间比较长的看看,都是这样子。

    实际上我看到第一个,心里就咯噔一下,原因就在下面

    http://blogs.msdn.com/b/tess/archive/2009/12/21/high-cpu-in-net-app-using-a-static-generic-dictionary.aspx

    实际上这个问题恰巧吴贞操同学也遇到过 http://www.cnblogs.com/wlflovenet/p/debugCpu100.html

    整理一下思路:查看高CPU的问题

    1. 首先看一下线程池和线程运行时间,(我们一般抓两个dump来对比看)
    2. 确定不是GC啥的因为的高CPU就直接看栈(其实因为GC分配内存啥的也能看得到,详见上上篇捉虫记(二)GC导致的hang
    3. 看看有没有死循环,有没有大量计算Hash,如果是asp.net,看看有没有静态容器(Dict or List)的线程安全问题。
  • 相关阅读:
    bzoj 1367
    codeforces 757F
    bzoj 3600
    比赛环境设置
    线段树合并
    BZOJ2105: 增强型LCP
    BZOJ3156: 防御准备
    BZOJ3252: 攻略
    BZOJ2464: 中山市选[2009]小明的游戏
    Beta Round #9 (酱油杯noi考后欢乐赛)乌鸦喝水
  • 原文地址:https://www.cnblogs.com/AmilyWilly/p/6149387.html
Copyright © 2011-2022 走看看