QuickStart
Set up symbol path
File -> Symbol File Path
give the value
srv*C:\MicrosoftSourceCode\RefSrc\Symbols*http://msdl.microsoft.com/download/symbols
where C:\MicrosoftSourceCode\RefSrc\Symbols is the location where the debug symbols would be saved
Attach to the process from File >Attach to a process
To break into a process
Press Key Ctrl+Break
To make the process run
press key g
Switch back and forth between these to debug and run.
To create a User Dump Complete
.dump /ma pathtodumpfile
eg: .dump /ma C:\Software\Findings\App21July2010.dmp
To load SOS based on Microsoft framework
.loadby sos mscorwks
To load the extension on SOS (Son Of Strike) manual
eg: .load C:\Software\SOSExtentions\sosex_32\sosex.dll
To get a list of app domains created
!dumpdomain stat
To get a list of all modules (dlls) loaded
!dumpdomain
get the module address from here and do a
!dumpmodule address
to get what is in the contents do
get the meta data of the assembly
dc <MetaDataStart> <MetaDataEnd>
eg: dc 114d09e4 114d09e4+0n4184
Get the no of GC or Loader heaps in the process
Sos2 Dlls (sos2 is an extension to sos.dll
.load C:\Software\WinDebugger\sos2\sos2.dll
Get a list of module loaded and their sizes
!list -t ntdll!_LIST_ENTRY.Flink -x "dt ntdll!_LDR_DATA_TABLE_ENTRY @$extret\" 005d40b8
Heap Statistics
!dumpheap -stat
No comments:
Post a Comment