S.A.D. or S(imple) A(fter) D(ump)

When I’m investigating issues for customers, I usually use WinDBG to dig into some dump files. In the case of .NET applications, I’m taking advantage of the commands exported by the sos/sosex/psscor extensions to get a view of the application state.

It is common that I need to execute commands based on others command output. For example, when I need to get the detailed state of threads, I’m calling !sos.threadstate to decipher the values returned by !sos.threads. In addition to the debugging session window, I’m also showing the Command Browser window (CTRL+N) to calling other commands such as !threadstate while seeing a previous command like !threads result

This is great because the Command Browser keeps track of the commands I’ve sent but unfortunately, only here; not in the debugging session window. So I often have
to scroll into the debugging session to find the previous command result I’m interested in. I’ve not found a way to define a kind of favorites or shortcuts to parts of the big chunk of text where all the command results end up.

Even though the commands are stacked and can be accessed with up and down arrows, there is no auto-completion available; neither in the debugging session nor in the Command Browser. It would be great if the extensions commands would be easily accessible via auto-completion: I’m using Visual Studio so much that it becomes difficult when auto-completion goes away   :^)

After I’ve found how to control debugger sessions as shown in the two previous posts, building a WinDBG for dummies seemed a good exercise. And… here comes S(imple) A(fter) D(ump)!

The list of features is small and the main goal is to make it simple to dig into dump files:

  • Load x86/x64 dump files
    see https://codenasarre.wordpress.com/2011/06/14/how-to-control-a-debugger-engine/ for more details

  • Load sos extension by default
    see https://codenasarre.wordpress.com/2011/06/22/sending-an-sos/ for more details

  • Keep track of all executed commands with their corresponding result and being able to delete some

    The executed commands appears in a list above the command box. Use the DEL key on a selected command to remove it from the history.

  • Have auto-completion for commands (just from sos for the moment) to send to the debugger
    The command box at the bottom left of the main window allows you to send commands to the debugger and the known or already executed appears in a popup list which content is based on what has been typed.

    Characters entered are used as filters

  • Being able to add comments in any command result
    The textbox on the right handside displays the result of the currently selected command in the history listbox on the left handside.

    This text box let you add comments everywhere that are kept even when you enter new commands or pick another existing one.

  • Easily access previous commands results
    Type SPACE in the command box to popup the list of executed commands.
    Type the number that prefixes the command seen in the listbox above the command
    box to directly access the corresponding command or directly click on it.

  • Being able to watch several commands results at the same time
    Same as WinDBG but with more than one single Command Browser: just double-click
    on a command in the history listbox

The only prerequisite is to install DebugDiag x86 | x64 on top of .NET Framework 4.0. However, the symbol and binary folders are retrieved from the _NT_EXECUTABLE_IMAGE_PATH and _NT_SYMBOL_PATH environment variables. If these are not set… well… Sad won’t be happy.

Download Sad: x86 | x64

In order to make dump analysis even simpler, I get other ideas to enhance Sad such as:

  • allowing explicit loading of extensions (sosex, psscor and more)
  • provide general purpose investigation modules such as memory, threads or exception
  • generating .xps documents based on selected commands results + annotations

Feel free to list your own!

This entry was posted in .NET, Development, Tools. Bookmark the permalink.

3 Responses to S.A.D. or S(imple) A(fter) D(ump)

  1. Pingback: SAD and debugger extensions | Code & Debug

  2. Nicolas Dietrich (ex-nicd) says:

    Greetings, looks we had similar ideas with the soshelp extension I started to write some years ago (http://blogs.msdn.com/b/nicd/archive/2008/12/18/windbg-extension-to-easily-recurse-filter-and-pipe-commands.aspx) but yours looks much more achieved! Thanks for posting.

  3. Thanks Nicolas.
    I’m “just” writing a host to more easily execute extensions : this is much less interesting than your extension!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s