« Memory Dump Analysis Best Practices (Part 2)
Trace Analysis Patterns (Part 71) »

Memory Dump Analysis Best Practices (Part 3)

Another best practice that is directly related to productivity is a parallel processing of the same memory dump especially in the case of complete memory dumps. Here an analysis might start with running time consuming scripts that dump all process and threads in the variety of formats such as x64 and x86 thread stack traces. However, if the nature of the problem is such that it is possible to start with some pattern and continue unfolding its analysis then we can do that in parallel. One of examples may be a discovered Incomplete Session with an ALPC Wait Chain. Here we can follow such a wait chain while another WinDbg instance dumps all threads for further pattern search later.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org

This entry was posted on Wednesday, May 8th, 2013 at 11:15 pm and is filed under Best Practices, Crash Dump Analysis, Crash Dump Patterns, Debugging, Debugging Methodology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.