Wednesday, May 24, 2006

RPC Debugging

To use the dbgidl interface introduced in XP, the sytem hosting RPC services must be configured to maintain RPC troubleshooting state information.
The 'RPC Troubleshooting State Information' GPO must be enabled, typically in the LGPO using gpedit.msc.
"Computer Configuration->Administrative Templates->System->Remote Procedure Call."
Then you can use rpcexts!* in windbg or dbgrpc.exe

Tuesday, May 23, 2006

Memory leak detection tools

"gflags -i foobar.exe +ust" to enable stack tracing.
"set _NT_SYMBOL_PATH= SRV*c:\symbols* http://msdl.microsoft.com/download/symbols" to set the symbol path.
Download umdh tools from Microsoft.
"umdh -p:124 -ffoobar.log" to take multiple snapshots.
""dhcmp foobar1.log foobar2.log" to compare the snapshots ie. leaks.

And, then there is ftp://ftp.microsoft.com/ PSS/Tools/Developer%20Support%20Tools/LeakDiag/leakdiag125.msi - this can also be used to take debug dumps of any process.

Monday, May 08, 2006

Kernel debugger essentials

.cache forcedecodeuser or .thread /p to translate PTEs to physical addresses.
.process # | .thread to switch context to a specific process
!process 0 0 to get list of processes.
and of course, !analyze -v to get a quick summary of a crash dump.