330 likes | 486 Views
SQL Server Crash Dump Analysis. A brief tour with WinDbg and other ugly tools . Pablo Á lvarez Doval Debugging & Optimization Team Lead pablod@plainconcepts.com. Who am I?. Session Objectives. What is this session about ? What isn’t this session about ?. Who are you?. Agenda.
E N D
SQL Server CrashDumpAnalysis A brief tour withWinDbg and otheruglytools Pablo Álvarez Doval Debugging & OptimizationTeam Lead pablod@plainconcepts.com
SessionObjectives • Whatisthissessionabout? • Whatisn’tthissessionabout?
Agenda • Tools of theTrade • Brief Windows ArchitectureRefresher • SQL Server Post-mortem Debugging • Handling SQL Server dumps • Analyzing SQL Server dumps • Debugging .NET Applicationswith SOS
Debugging Tools for Windows • Free download: • http://www.microsoft.com/whdc/devtools/debugging • Updated several times a year • Debuggers, extensions, tools and a great help file: • windbg.exe, kd.exe, cdb.exe • gflags.exe, tlist.exe, etc • debugger.chm • Can be installed via xcopy
Thesaurus • Just to keep with the forensics analogy: • Corpse Dump file • Forensic Lab WinDbg • Forensic Scientist You! • Gray’s Anathomy Windows Internals 5th Ed. • We are not going to get into details, but we will do a little refresher of some key concepts
Usermode vs. Kernelmode Windows on Windows wowexec.exe UNIX LSA Shell Lsass.exe Client/Server csrss.exe Notepad notepad.exe Virtual DOS Machine ntvdm.exe Win32 Interix User Mode Kernel Mode ExecutiveServices I/O IPC Memory Processes Security PNP WM FS Object Manager GraphicsController Device Drivers Microkernel Hardware AbstractionLayer (HAL)
Application, Processes and Threads • An application is formed by one or more processes • A process is an in-memory executable, which is made up of one or more threads and its resources • A thread is the basic unit of execution and schedulingin the OS.
Win32 Virtual MemoryAddressing (I) Process n sqlsrv.exe Process 1 Process 2 Thread 1 Thread 1 Thread 1 Thread 1 Thread2 Thread2 Thread2 Thread2 … : : : : 2 Gb Thread n Thread n Thread n Thread n 4Gb Kernel 2 Gb
ntdll!KiFastSystemCallRet • USER32!NtUserGetMessage+0xc • notepad!WinMain+0xe5 • notepad!WinMainCRTStartup+0x174 • kernel32!BaseProcessStart+0x23 Thread Call Stacks • Shows part of the history of the function calls of the thread • Each thread has its own Call Stack • i.e:
CallStacks (I) Eachthread of theprocess has itsowncallstack:
CallStacks (II) Frame Parameters ReturnAddress Frame Pointer ExceptionHandler Local Variables Registros Eachframe has thefollowingstructure:
Symbols • Symbols make the call stack useful: • Without Symbols: • With Symbols: • kernel32!+136aa • kernel32!CreateFileW+0x35f
Symbol formats • Current format: .PDB • Old Format: .DBG • Retail vs. Debug (Free vs. Checked) builds • Private symbols vs. public symbols
Symbol Servers • Uses the File System as a Symbol’s database: • Organized by name and a unique identifier • Folder structure: \\SymSrv\file_name.pdb\unique_number\____ • i.e: \\Symbols\ntdll.pdb\3B5EDCA52\ntdll.pdb \\Symbols\ntdll.pdb\380FCC4F2\ntdll.pdb
Scenario • … • 2007-02-12 11:17:14.10 server Error: 17883, Severity: 1, State: 0 • 2007-02-12 11:17:14.10 server Process 59:0 (834) UMS Context 0x125ABD80 appears to be non-yielding on Scheduler 1. • … A customer’s SQL Server 2000 ishanging, showing 17883 errors in SQL Server’sErrorLog Whenthese errores ocurr, SQL Server automaticallytriggersthecreation of a dump
ManagedDebuggingwith .NET • WinDbgis a nativedebugger • In ordertodebug .NET codeweneedto use debuggerextensions: • SOS.dll (untilframework .NET 3.5) • CLR.dll (framework 4.0) • Whyallthis? Isitworthit?
Somecooltips… • Didwereallygettothisslide in time?! • Well.. enjoysome free tips! • Using SOS from VS.NET • Memorydumpanalysisfrominside VS2010
Resources • pablod@plainconcepts.com • @Plain Concepts • http://www.geeks.ms/blogs/palvarez • http://www.geeks.ms/blogs/rcorral • http://www.geeks.ms/blogs/luisguerrero • @MSDN: • http://blogs.msdn.com/tess/ • Books: • Microsoft Windows Internals, 5th Ed. [Mark E. Russinovich and David A. Solomon]Microsoft Press. • Debugging Applications for Microsoft .NET and Microsoft Windows[John Robbins]Microsoft Press.
AnyQuestions? Thanks!