Crash Dump Analysis Patterns (Part 162)

Sometimes Problem Module pattern can help in troubleshooting. Problem modules (including process names) are components that due to their value adding behaviour might break normal software behaviour and therefore require some troubleshooting workarounds from minor configuration changes to complete removal. Typical examples include memory optimization services for terminal services environments or hooksware. Typically you can see main process modules in the output of !vm or !process 0 0 commands. lm command will list module names such as DLLs from a process memory dump, lmk command can give you the list of kernel space modules (for example, drivers) from kernel and complete memory dumps, and the following command lists all user space modules for each process in a complete memory dump:

!for_each_process ".process /r /p @#Process; lmu"

Of course you can also try various lm command variants if you are interested in timestamps and module information.

- Dmitry Vostokov @ + -

One Response to “Crash Dump Analysis Patterns (Part 162)”

  1. Dmitry Vostokov Says:

    We can also search for the problem module name in Stack Trace Collection, for example, !stacks 2 ModuleName for complete memory dumps or in debugger log.

Leave a Reply

You must be logged in to post a comment.