Software Diagnostics Library

I was recently asked to provide explanation on how to analyze (A)LPC wait chains and the output of !lpc and !alpc commands in kernel and complete memory dumps and so I compiled these patterns:

• LPC Deadlock
• LPC Wait Chain
• Paged Out Data
• Process Object Wait Chain (+ ALPC)
• Blocked Queue (ALPC)
• Semantic Structures (ALPC)
• RPC Wait Chain (+ how to distinguish between LPC and RPC)
• Screwbolt Wait Chain

LPC case studies:

http://www.dumpanalysis.org/blog/index.php/2008/12/19/blocked-gui-thread-wait-chain-and-virtualized-process-pattern-cooperation/

http://www.dumpanalysis.org/blog/index.php/2008/12/24/insufficient-memory-handle-leak-wait-chain-deadlock-inconsistent-dump-and-overaged-system-pattern-cooperation/

http://www.dumpanalysis.org/blog/index.php/2009/03/11/coupled-processes-wait-chains-message-box-waiting-thread-time-paged-out-data-incorrect-stack-trace-hidden-exception-unknown-component-and-execution-residue-pattern-cooperation/

http://www.dumpanalysis.org/blog/index.php/2009/06/09/inconsistent-dump-blocked-threads-wait-chains-incorrect-stack-trace-and-process-factory-pattern-cooperation/

http://www.dumpanalysis.org/blog/index.php/2009/08/11/stack-trace-collection-suspended-threads-not-my-version-special-process-main-thread-and-blocked-lpc-chain-threads-pattern-cooperation/

http://www.dumpanalysis.org/blog/index.php/2009/11/20/stack-trace-collection-missing-threads-waiting-time-critical-section-and-lpc-wait-chains-pattern-cooperation/

http://www.dumpanalysis.org/blog/index.php/2010/02/27/inconsistent-dump-stack-trace-collection-lpc-thread-process-executive-resource-wait-chains-missing-threads-and-waiting-thread-time-pattern-cooperation/

http://www.dumpanalysis.org/blog/index.php/2010/07/18/stack-trace-collection-special-process-lpc-and-critical-section-wait-chains-blocked-thread-coupled-machines-thread-waiting-time-and-irp-distribution-anomaly-pattern-cooperation/

ALPC case studies:

http://www.dumpanalysis.org/blog/index.php/2009/09/18/alpc-wait-chain-missing-threads-message-box-zombie-and-special-processes-pattern-cooperation/

RPC target:

http://www.dumpanalysis.org/blog/index.php/2008/07/11/in-search-of-lost-pid/

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

This entry was posted on Monday, November 14th, 2011 at 7:36 pm and is filed under Crash Dump Analysis, Crash Dump Patterns, Debugging, Object Patterns. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.