When I’m investigating issues for customers, I usually use WinDBG to dig into some dump files. In the case of .NET applications, I’m taking advantage of the commands exported by the sos/sosex/psscor extensions to get a view of the application state.
It is common that I need to execute commands based on others command output. For example, when I need to get the detailed state of threads, I’m calling !sos.threadstate to decipher the values returned by !sos.threads. In addition to the debugging session window, I’m also showing the Command Browser window (CTRL+N) to calling other commands such as
!threadstate while seeing a previous command like
This is great because the Command Browser keeps track of the commands I’ve sent but unfortunately, only here; not in the debugging session window. So I often have
to scroll into the debugging session to find the previous command result I’m interested in. I’ve not found a way to define a kind of favorites or shortcuts to parts of the big chunk of text where all the command results end up.
Even though the commands are stacked and can be accessed with up and down arrows, there is no auto-completion available; neither in the debugging session nor in the Command Browser. It would be great if the extensions commands would be easily accessible via auto-completion: I’m using Visual Studio so much that it becomes difficult when auto-completion goes away :^)
After I’ve found how to control debugger sessions as shown in the two previous posts, building a WinDBG for dummies seemed a good exercise. And… here comes S(imple) A(fter) D(ump)!
The list of features is small and the main goal is to make it simple to dig into dump files:
- Load x86/x64 dump files
see https://codenasarre.wordpress.com/2011/06/14/how-to-control-a-debugger-engine/ for more details
- Load sos extension by default
see https://codenasarre.wordpress.com/2011/06/22/sending-an-sos/ for more details
- Keep track of all executed commands with their corresponding result and being able to delete some
The executed commands appears in a list above the command box. Use the DEL key on a selected command to remove it from the history.
- Have auto-completion for commands (just from sos for the moment) to send to the debugger
The command box at the bottom left of the main window allows you to send commands to the debugger and the known or already executed appears in a popup list which content is based on what has been typed.
Characters entered are used as filters
- Being able to add comments in any command result
The textbox on the right handside displays the result of the currently selected command in the history listbox on the left handside.
This text box let you add comments everywhere that are kept even when you enter new commands or pick another existing one.
- Easily access previous commands results
Type SPACE in the command box to popup the list of executed commands.
Type the number that prefixes the command seen in the listbox above the command
box to directly access the corresponding command or directly click on it.
- Being able to watch several commands results at the same time
Same as WinDBG but with more than one single Command Browser: just double-click
on a command in the history listbox
The only prerequisite is to install DebugDiag x86 | x64 on top of .NET Framework 4.0. However, the symbol and binary folders are retrieved from the _NT_EXECUTABLE_IMAGE_PATH and _NT_SYMBOL_PATH environment variables. If these are not set… well… Sad won’t be happy.
In order to make dump analysis even simpler, I get other ideas to enhance Sad such as:
- allowing explicit loading of extensions (sosex, psscor and more)
- provide general purpose investigation modules such as memory, threads or exception
- generating .xps documents based on selected commands results + annotations
Feel free to list your own!