Published on January 9, 2017 by Microsoft

In this episode of Defrag Tools, Andrew Richards and Chad Beeder talk about Application Hangs. We collect a dump of a process and debug it with the Debugging Tools for Windows.

Resources:
Defrag Tools: #24 – WinDbg – Critical Sections
Defrag Tools: #25 – WinDbg – Events
Defrag Tools: #26 – WinDbg – Semaphores, Mutexes and Timers

Timeline:
[00:00] Happy New Year!
[01:20] Tools for Application Hang analysis
[02:36] Analyze Wait Chain in Task Manager
[04:36] Sysinternals ProcDump
[07:00] Thread List: ~
[07:34] Call Stack of each thread: ~*k
[08:28] Unique Call Stacks (filtering): !uniqstack
[11:26] Call Stacks (with N+ frames): !pde.deep [N]
[12:40] Call Stacks (with N+ frames) not on a wait: !pde.busy [N]
[15:20] Demo Apps and PDE are on the Defrag Tools OneDrive
[17:45] View Critical Section Locking: !locks
[21:48] Conclusion

Email us your questions and comments to defragtools@microsoft.com

Leave a Reply

7 Comments on "Defrag Tools #172 – Application Hangs"

Notify of
avatar

MagicAndre1981
Guest
MagicAndre1981
1 month 13 days ago

@ChadBeeder: for Build 15031 I also see no symbols on symbol server. For 15025 there is a MSI for symbols to download from here: www.microsoft.com/en-us/software-download/windowsinsiderpreviewadvanced

ChadBeeder
Guest
ChadBeeder
1 month 20 days ago

@s3curityConsult: Thanks. 🙂 I was under the impression the officially released Windows Insider builds were supposed to have symbols indexed on the symbol server. If you do ".symfix" and then ".reload" does it find them?

s3curityConsult
Guest
s3curityConsult
1 month 27 days ago

Chad’s outfit matches the background, Great style in this episode Chad, when debugging crashes in the latest Windows 10 insider preview builds, symbols always are not found, the !analyze -v says WRONGSYMBOLS always, i downloaded the latest WDK and Adk but they are build 14986 and i’m now on build 15014 so the symbols dont match up? is there anything we can do to get up to date symbols?

windev
Guest
windev
2 months 13 days ago

The new JavaScript model balances both worlds nicely I think. It doesn’t remove the old dscript approach (of which I’m a huge fan), it augments it.As Bill has shown, the LINQ queries, etc. that is supports makes some tasks very easy to achieve.If you haven’t tried it already, download the MEX debugger extension. It was partly the inspiration for the JavaScript support — as it is very good at filtering/chaining commands. 

tgrt
Guest
tgrt
2 months 16 days ago

@siodmy:I disagree. I like windbg just the way it is. There are other debugging tools out there, and maybe there’s an audience for what you’re describing. However, it shouldn’t come at the expense of redefining windbg. 

windev
Guest
windev
2 months 16 days ago

@siodmy:The new JavaScript support does exactly that. Stay tuned for more info.

siodmy
Guest
siodmy
2 months 16 days ago

WinDbg should evolve and be based around objects, like powershell. Filtering would be much easier, but also you could use the data to create custom visualizations and debugger-based monitoring (like deciding whether to dump the process based on the file path passed to CreateFile and whether MyModule!* is on the stack).

wpDiscuz