« 2 WinDbg Scripts That Changed The World
Crash Dump Analysis Patterns (Part 157) »

Crash Dump Analysis Patterns (Part 27c)

Sometimes we need to narrow general stack trace collection to a few threads that satisfy some predicate, for example, all threads with kernel time spent greater than some value or all suspended threads or all threads that wait for a specific synchronization object type. We call this pattern variant Stack Trace Collection (predicate). This can be implemented using WinDbg scripts and / or debugger extensions.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

This entry was posted on Saturday, December 3rd, 2011 at 9:50 pm and is filed under Crash Dump Analysis, Crash Dump Patterns, Debugging, WinDbg Scripts. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Crash Dump Analysis Patterns (Part 27c)”

  1. Dmitry Vostokov Says:
    May 10th, 2016 at 1:11 pm

    An example here can be service tags in TEB.SubProcessTag to identify threads from specific service in svchost.exe.

  2. Dmitry Vostokov Says:
    December 22nd, 2016 at 12:30 pm

    To list 32-bit stack traces from the specific WOW64 process:

    !for_each_thread “.thread @#Thread; r $t0 = @#Thread; .if (@@c++(((nt!_KTHREAD *)@$t0)->Process) == ProcessAddress) {.thread /w @#Thread; .reload; kv 256; .effmach AMD64 }”

  3. Dmitry Vostokov Says:
    November 24th, 2019 at 6:27 pm

    Windows 10: !findthreads

Leave a Reply

You must be logged in to post a comment.