Archive for July 28th, 2008

Bug Entanglement (Bugtanglement)

Monday, July 28th, 2008

Have you ever noticed how software bugs twist together or entwine into a confusing mass of an intricate trap that complicates and confuses debugging? Welcome to Bug Entanglement or just Bugtanglement[1], the new word inspired by quantum mechanics, see Quantum entanglement for analogy. We don’t see a software bug until an observer makes a measurement… And how uncertain these measurements (memory dumps, for example) are! If an observer interferes, it is not the same system, like we see it from observation, anymore. And once we made our measurement, the software system continues to evolve according to its internal design function which we never know fully and only approximate with our requirements specifications.

Welcome to Quantum Theory of Software Bugs :-)

After writing the last paragraph I did Google search and found that I just rediscovered what was already discovered more than 10 years ago by Bernard Robertson-Dunn:

A Quantum Theory of Software

[1] Seems I coined yet another word…, Google is silent.

- Dmitry Vostokov @ DumpAnalysis.org

Posted in Fun with Crash Dumps, New Words, Science of Memory Dump Analysis | 1 Comment »

Dr. Debugalov at Web Debugging Workshop

Monday, July 28th, 2008

New cartoon from Narasimha Vedala, Spiderman series:

Dr. Debugalov Boots the Spidey

DBG_SpideyKickedOut from Narasimha Vedala (click to enlarge)

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Cartoons, Debugging | No Comments »

WinDbg shortcuts: .dumpcab

Monday, July 28th, 2008

Suppose you are debugging a process and you want to send its memory dump to another engineer perhaps in a different company. You also use some symbol files that are not available on public symbol servers or your dump is minidump that requires certain images to be loaded too. Then you can use .dumpcab command to save a dump in a CAB file together with necessary symbols and images. You can only do it when your debugging target is a dump file. If you are debugging a live process you need to save a dump file first:

0:000> .dump /ma c:\UserDumps\notepad.dmp
Creating c:\UserDumps\notepad.dmp - mini user dump
Dump successfully written

Then you open the dump file and create a CAB file from it:

Loading Dump File [C:\UserDumps\notepad.dmp]
User Mini Dump File with Full Memory: Only application data is available

[...]

0:001> .dumpcab -a c:\UserDumps\notepad.cab
Creating a cab file can take a VERY VERY long time
.Ctrl-C can only interrupt the command after a file has been added to the cab.
  Adding C:\UserDumps\notepad.dmp - added
  Adding c:\mss\ntdll.pdb\B958B2F91A5A46B889DAFAB4D140CF252\ntdll.pdb - added
Wrote c:\UserDumps\notepad.cab

Additional information can be found in WinDbg help

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Crash Dump Analysis, Debugging, WinDbg Tips and Tricks | 1 Comment »

WinDbg shortcuts: .f+, .f-

Monday, July 28th, 2008

These are handy shortcuts to .frame command. .f+ shifts the current frame index down the stack trace and .f- shifts it up towards the top. More information can be found in WinDbg help.

Here is an example from notepad process stack trace:

0:000> kn
 # ChildEBP RetAddr
00 001bfcfc 761ef837 ntdll!KiFastSystemCallRet
01 001bfd00 761ef86a USER32!NtUserGetMessage+0xc
02 001bfd1c 00c31418 USER32!GetMessageW+0x33
03 001bfd5c 00c3195d notepad!WinMain+0xec
04 001bfdec 76364911 notepad!_initterm_e+0x1a1
05 001bfdf8 76fde4b6 kernel32!BaseThreadInitThunk+0xe
06 001bfe38 76fde489 ntdll!__RtlUserThreadStart+0x23
07 001bfe50 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> .f+
01 001bfd00 761ef86a USER32!NtUserGetMessage+0xc
0:000> .f+
02 001bfd1c 00c31418 USER32!GetMessageW+0x33
0:000> .f+
03 001bfd5c 00c3195d notepad!WinMain+0xec
0:000> .f+
04 001bfdec 76364911 notepad!_initterm_e+0x1a1
0:000> .f-
03 001bfd5c 00c3195d notepad!WinMain+0xec
0:000> .f-
02 001bfd1c 00c31418 USER32!GetMessageW+0x33
0:000> .f-
01 001bfd00 761ef86a USER32!NtUserGetMessage+0xc
0:000> .f-
00 001bfcfc 761ef837 ntdll!KiFastSystemCallRet
0:000> .f-
         ^ Current frame index underflow '.f-'

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Crash Dump Analysis, Debugging, WinDbg Tips and Tricks | No Comments »