« Forthcoming Hardcover version of WDPF book
New Memory Dump Type in Windows 7! »

!cs vs. !ntsdexts.locks

The latest WinDbg 6.11.0001.404 has broken !ntsdexts.locks command (simply !locks in user dumps). I noticed that some time ago and switched to !cs command which works in user and complete memory dumps. I now like it more than !locks because the following command parameters give stack traces for critical section owners:

!cs -l -o -s

The following recent cases studies use !cs command:

Blocked threads, message box and self-diagnosis

Manual dump, wait chain, blocked thread, dynamic memory corruption and historical information: pattern cooperation

Coupled processes, wait chains, message box, waiting thread time, paged out data, incorrect stack trace, hidden exception, unknown component and execution residue: pattern cooperation

Easy to remember mnemonic is cslos: critical sections locked with stacks

This command is also featured on the back cover of March Debugged! magazine issue.

- Dmitry Vostokov @ DumpAnalysis.org -

This entry was posted on Tuesday, March 31st, 2009 at 11:28 am and is filed under Crash Dump Analysis, Debugging, WinDbg Tips and Tricks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “!cs vs. !ntsdexts.locks”

  1. jcopenha Says:
    May 5th, 2009 at 10:39 pm

    I don’t think it was windbg that did it. I’ve rolled back to 6.9 and 6.10 and ntsdexts.locks still doesn’t work. I think they’ve screwed up the wntdll.pdb file. On my system it’s got a date of 4/28/2009. Or they updated wntdll.pdb and DIDN’T update ntsdexts.

Leave a Reply

You must be logged in to post a comment.