As described in Sysinternals documentation http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx

ProcDump is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike. ProcDump also includes hung window monitoring (using the same definition of a window hang that Windows and Task Manager use) and unhandled exception monitoring. It also can serve as a general process dump utility that you can embed in other scripts.

You don’t need to write your own utility to create a memory dump by monitoring performance counter. Don’t forget to use the switch “-ma” to dump full memory(especially for .net app) because by default it only dumps thread and handle.

This is really helpful to get a memory dump based on CPU usage and we could probably get the memory dump without using ADPlus in most of the cases.

syntax to dump full memory given process id is

procdump <process id> -ma

syntax to dump full memory given process id and cpu usage 80%(threshold)

procdump <process id> -ma -c 80

Twitter This

Username: Password:

Description

There is an Application Server which apparently dies with OutOfMemory Exception. It has been determined that App Server is not scalable at all because it needs one thread per user so that means 1000 user sessions will consume 1000 threads, holding on to 1GB of virtual memory with 30% cpu spent in Interrupt so yeah you hear the story right.

I came across this issue and the adopted solution which I think is worth mentioning.

The next thing I heard App Server has been split into 2 Application Server and the 2nd process contains user’s session consuming all the threading resources. One of the idea behind this architecture was to give each process 2GB of virtual address space. And on top of that, both the app servers need to be up and running in order to serve a request. And on top of that, no client is consuming services from the 2nd app server. Another point to note is, application server in question is a very simple application server with no algorithmic complexities, but rather act as a middle man processing the request with some caching and data manipulation.

Really ?? We all know that process isolation provides stability and reliability with fault tolerant architecture but at the same time they don’t depend on each other.

With the above architecture they didn’t only introduce latency because of inter process communication but the real issue which is one thread per user with user mode default stack size consuming 1 MB of virtual memory never got resolved.

If you are implementing process isolation because of the above reason, just don’t do it. This is the time to rethink and redesign your application server to make sure that your application server is scalable to support 1000 users without consuming 1000+ threads

Twitter This

Username: Password:

Description

I created a simple win32 console application using visual studio 2008, below is the code

class Person
{
private:
char* m_szFirstName;
char* m_szMiddleInitial;
public:
Person(char* szFirstName, char* szMiddleInitial)

{

m_szFirstName = szFirstName;m_szMiddleInitial = szMiddleInitial

}
char* FirstName(){return m_szFirstName;}
char* MiddleInitial(){return m_szMiddleInitial;}
};

int _tmain(int argc, _TCHAR* argv[])
{
Person* pPerson = new Person(”David”,NULL);
char msg[100];
try
{
sprintf_s(msg,”First Name = %s, Middle Initial = %s\n”, pPerson->FirstName(), pPerson->MiddleInitial());
}
catch(…)
{
sprintf_s(msg,”Exception Occured\n”);
}
printf(msg);
delete pPerson;
printf(”press key to exit”);
char* key;
scanf_s(”%c”, key);
return 0;
}

When I run this app, it crashes with Unhandled Exception - Access Violation, although I do have a catch all exception block - catch(…)

Analysis

I disassembled main function and below is what I noticed

Section .text (0×00401000)
;= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
; SYM:wmain <Int>
0×401000: 83EC6C                 SUB         ESP,0×6C           ; <==0×00401207(*+0×207)
0×401003: A100304000         MOV         EAX,DWORD PTR [__security_cookie <UInt>]; (0×403000); .data:0×4E 0xE6 0×40 0xBB
0×401008: 33C4                     XOR         EAX,ESP
0×40100A: 89442468             MOV         DWORD PTR [ESP+0x68],EAX
0×40100E: 56                          PUSH        ESI
0×40100F: 57                          PUSH        EDI
0×401010: 6A08                      PUSH        0×8
0×401012: E88F000000           CALL        __imp_??2@YAPAXI@Z ; (0×4010A6) ; operator new

In case you don’t know the internals of Win32 Structured Exception handling(SEH), please read A Crash Course on the Depths of Win32™ Structured Exception Handling by Matt Pietrek. You will notice the missing instruction to move DWORD pointer from FS:[0x0] register. FS:[0x00] -  4 bytes points to the current Structured Exception Handling (SEH) frame for each thread. Win32 SEH works on a per thread basis with each thread having its own exception handler callback function. On Intel machine, FS register points to the current TEB(Thread Environment Block). That’s why in SEH code, you will have a instruction to move DWORD ptr from FS:[0] register because that’s where you have a pointer to an EXCEPTION_REGISTRATION structure.

Why is it MISSING???

It turns out, visual studio 2008 default settings compiles with “Enable C++ Exception /EHsc” switch which will catch only c++ exceptions also called synchronous exceptions. More information on Exception handling model here http://msdn.microsoft.com/en-us/library/1deeycx5(VS.80).aspx Once you change the compiler switch to /EHa, everything is good as shown below

0×401000: 55                       PUSH        EBP                ; <==0×00401267(*+0×267)
0×401001: 8BEC                   MOV         EBP,ESP
0×401003: 6AFF                   PUSH        0xFF
0×401005: 681B194000       PUSH        __CxxFrameHandler3 + 0×001D; (0×40191B); .text:0×8B 0×54 0×24 0×08
0×40100A: 64A100000000  MOV         EAX,DWORD PTR FS:[0x0]

Twitter This

Username: Password:

Windows Forms application has been throwing OutOfMemoryException although there is enough virtual memory in the process.  When you have OutOfMemoryException usually callstack is not helpful unless of course you have blocked finalizer thread or some deadlock preventing objects from being gced but in this scenario whenever OutOfMemoryException is thrown it will always point to the same call stack.

at System.Drawing.Image.FromFile(String filename, Boolean useEmbeddedColorManagement)
at System.Drawing.Image.FromFile(String filename)

Let’s look at System.Drawing.Image implementation using Reflector.  Just read the documentation below

Creates an Image from the specified file using embedded color management information in that file.

My first reaction to this is why? Why would you throw OutOfMemoryException if the file is corrupted or GDIPlus doesn’t support the pixel format.

I really don’t know why does System.Drawing library choose to throw OutOfMemoryException exception? This is only going to add to your worries.

Twitter This

Username: Password:

Check out this book from David Agans on Debugging Rules (http://www.debuggingrules.com)

Below is the must have poster for all the Debuggers

Twitter This

Username: Password: