Skip to content

Instantly share code, notes, and snippets.

@jasoncable

jasoncable/windbg_commands.txt

Last active December 15, 2023 11:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save jasoncable/36e8ff1f898ac0bda83598b0c9f774d7 to your computer and use it in GitHub Desktop.
Save jasoncable/36e8ff1f898ac0bda83598b0c9f774d7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
windbg_commands.txt
_NT_SYMBOL_PATH
srv*d:\symbols*https://msdl.microsoft.com/download/symbols
srv*c:\temp\symbols*https://msdl.microsoft.com/download/symbols
.sympath srv*c:\temp\symbols*https://msdl.microsoft.com/download/symbols
.reload
_NT_SYMBOL_PATH=SRV*C:\temp\symbols*https://msdl.microsoft.com/download/symbols;SRV*C:\temp\symbols*https://chromium-browser-symsrv.commondatastorage.googleapis.com
"\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\adplus.exe" -iis -hang -o d:\dump -mss d:\symbols
"\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\adplus.exe" -pn dotnet.exe -hang -o d:\dump -mss d:\symbols
"C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\devenv.exe" /debugexe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --enable-logging --v=1
.dump /ma C:\Path\To\A\CrashDump\File.dmp
.dump -f -a -u C:\Path\To\A\CrashDump\File.dmp
don't break on 1st chance exceptions:
sxd av
exception break rules
sxe: break on this first chance exception
sxd: "" second chance
sxn: notify
sxi: ignore
.load C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.0.9\sos.dll
.extpath+ C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.0.9
lm
.chain
.load
.logopen d:\foo.txt
.logclose
# 1st
.loadby sos clr
-- OR --
.load sos
# make sure memory dump is good
!VerifyHeap
# show loaded assemblies
!dumpdomain
!dumpassembly 000000033f621188
!dumpmodule -mt 00007ffd97a31000
# current stack trace of each thread
~*e !clrstack
# show all threads
!threads
# if thread has managed error...
!pe 000000033f621188
# threads -> CPU time
!runaway
# object info
!dumpheap
!dumpheap -stat
!dumpheap -mt 00007ffd9815bb20
# filter by object
!dumpheap -type System.IO.MemoryStream
# filter by minimum object size
!dumpheap -min 1024
# lookup memory address
!do 000000033f621188
# go into field-level into from !do
!da 000000033f621188 # also for arrays
!da -details 1da226ec
# who is hanging on to the object?
!gcroot 000000033f621188
!gcroot -all 000000033f621188
# GCHandle leak find
!GCHandles
!GCHandleLeaks
!do poi(000000e3540c6b70)
!dumpmt -md 00007ffd98123e28
!dumpmd 00007ffd97a37fb8
!ip2md 00007ffd97edc000 # code address
!dumpclass 00007ffd97c23628
!GCHandleLeaks; !DumpObj poi(<GCHandle>)
# objects on the stack
!dso
################# .NET CORE #################
c:
cd \dump
SET _NT_SYMBOL_PATH=srv*c:\web\symbols*https://msdl.microsoft.com/download/symbols
SET PATH=C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.2.5;%PATH%
"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe"
################# UNMANAGED/NATIVE MEMORY LEAK #################
# Don't forget to use gflags on the executable to
# https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/using-umdh-to-find-a-user-mode-memory-leak
# gflags is in the windbg.exe folder. Run w/o arguments to get the GUI or use
# the following to ENABLE stack traces: gflags /i c:\windows\system32\spoolsv.exe +ust
# to disable: the following to ENABLE stack traces: gflags /i c:\windows\system32\spoolsv.exe -ust
.sympath srv*c:\temp\symbols*https://msdl.microsoft.com/download/symbols
.reload # .reload /f #to force symbol load
!analyze -v
lm
lmv
!threads
!address -summary
!address
!heap -s
!heap -l #Searching the memory for potential unreachable busy blocks.
!heap -stat -h 0000000001260000
!heap -flt s 104c #104c is the allocation unit size from prev. command
!heap -p -a 000000000127cf40 #number is UserPtr
dd 0000000004f1d350
da 0000000004f1d350
##############
!eeheap -gc
!dumpheap -stat
!threads
~2s
~kb 2000
~20 k
!clrstack
.ecxr
.exr 00007ffe`7647079a
~kvn 1000
~e !gle
~e !teb
kbnf
!analyze -v
!finalizequeue
#################
.load mex
.load sosex
#################
!sosex help
SOSEX - Copyright 2007-2012 by Steve Johnson - http://www.stevestechspot.com/
To report bugs or offer feedback about SOSEX, please email sjjohnson@pobox.com
Quick Ref:
--------------------------------------------------
bhi [filename] BuildHeapIndex - Builds an index file for heap objects.
bpsc (Deprecated. Use !mbp instead)
chi ClearHeapIndex - Frees all resources used by the heap index and removes it from memory.
dlk [-d] Displays deadlocks between SyncBlocks and/or ReaderWriterLocks
dumpgen <GenNum> [-free] [-stat] [-type <TYPE_NAME>] Dumps the contents of the specified generation
[-nostrings]
finq [GenNum] [-stat] Displays objects in the finalization queue
frq [-stat] Displays objects in the Freachable queue
gcgen <ObjectAddr> Displays the GC generation of the specified object
gch [HandleType]... Lists all GCHandles, optionally filtered by specified handle types
help [CommandName] Display this screen or details about the specified command
lhi [filename] LoadHeapIndex - load the heap index into memory.
mbc <SOSEX breakpoint ID | *> Clears the specified or all managed breakpoints
mbd <SOSEX breakpoint ID | *> Disables the specified or all managed breakpoints
mbe <SOSEX breakpoint ID | *> Enables the specified or all managed breakpoints
mbl [SOSEX breakpoint ID] Prints the specified or all managed breakpoints
mbm <Type/MethodFilter> [ILOffset] [Options] Sets a managed breakpoint on methods matching the specified filter
mbp <SourceFile> <nLineNum> [ColNum] [Options] Sets a managed breakpoint at the specified source code location
mdso [Options] Dumps object references on the stack and in CPU registers in the current context
mdt [TypeName | VarName | MT] [ADDR] [Options] Displays the fields of an object or type, optionally recursively
mdv [nFrameNum] Displays arguments and locals for a managed frame
mfrag [-stat] [-mt:<MT>] Reports free blocks, the type of object following the free block, and fragmentation statistics
mframe [nFrameNum] Displays or sets the current managed frame for the !mdt and !mdv commands
mgu // TODO: Document
mk [FrameCount] [-l] [-p] [-a] Prints a stack trace of managed and unmanaged frames
mln [expression] Displays the type of managed data located at the specified address or the current instruction pointer
mlocks [-d] Lists all managed lock objects and CriticalSections and their owning threads
mroot <ObjectAddr> [-all] Displays GC roots for the specified object
mt (no parameters) Steps into the managed method at the current position
mu [address] [-s] [-il] [-n] Displays a disassembly around the current instruction with interleaved source, IL and asm code
muf [MD Address | Code Address] [-s] [-il] [-n] Displays a disassembly with interleaved source, IL and asm code
mwaits [-d] Lists all waiting threads and, if known, the locks they are waiting on
mx <Filter String> Displays managed type/field/method names matching the specified filter string
refs <ObjectAddr> [-target|-source] Displays all references from and to the specified object
rwlock [ObjectAddr | -d] Displays all RWLocks or, if provided a RWLock address, details of the specified lock
sosexhelp [CommandName] Display this screen or details about the specified command
strings [ModuleAddress] [Options] Search the managed heap or a module for strings matching the specified criteria
ListGcHandles - See gch
Use !help <command> or !sosexhelp <command> for more details about each command.
##############
!mex.help -all
Command Description Category Owner
=========================================== ======================================================================================================================================================== ============ ===========
addr Display information about an address Kernel mexfeedback
afd Afd Command Help Networking mexfeedback
aspnetcache (!aspnetcache) Display the ASP.NET Cache DotNet mexfeedback
aspxpagesext Like !aspxpages, but more powerful DotNet mexfeedback
atom Dumps user mode atom table Utility mexfeedback
backtrace (!bt) Displays the stack backtrace for the specified index into ntdll!RtlpStackTraceDatabase General mexfeedback
base64 (!b64) Displays or saves base64 data General mexfeedback
beep Beeps Utility mexfeedback
bin Displays binary information located at the given address Utility mexfeedback
bits2 (!b2) Executes a command with all possible values of a single bit flip Utility mexfeedback
bl Replaces the built in breakpoint list (bl) command with DML'd version Utility mexfeedback
bp Replaces the built in breakpoint (bp) command with a DML'd version Utility mexfeedback
cache (!c) Cache the output of a command to replay later Utility mexfeedback
chkall Shortcut for !chkimg against all modules Binaries mexfeedback
classtype (!ct) Tries to determine the C++ class type of a pointer General mexfeedback
clipboard2 Gets/Sets text on the clipboard, or enable/disable clipboard access Utility mexfeedback
clrstack2 (!ck2) Prints the stack trace of a managed thread DotNet mexfeedback
clusdisk Shows all the disk cluster is aware of for W2k3 - W28R2 General mexfeedback
codescope Prints all available code analysis checklists Decompile mexfeedback
commandline (!cl) Prints out the command line of a process General mexfeedback
comment Displays the comments for the dump Utility mexfeedback
computername (!cn) Computer Name Command Help Utility mexfeedback
conhost (!con) Displays console host (conhost.exe) info Process mexfeedback
context (!w) Prints out the current implicit process and thread context (e.g. where am I) General mexfeedback
cordll (!cordll) Displays available CLR versions DotNet mexfeedback
count Counts the number of lines returned by a command Utility mexfeedback
criticalsection (!cs) CS - Displays details for a critical section General mexfeedback
cut Filters output, removing unwanted areas Utility mexfeedback
da Displays an ANSI string Utility mexfeedback
dae (!DumpAllExceptions) Replacement for !dae DotNet mexfeedback
ddt Wrapper for dt that adds some DML Utility mexfeedback
decodeoplockstate (!dols) Decode an OpLockState to human readable values General mexfeedback
decompilemember Decompile and print psuedo-C# source code for the given [MemberName] Decompile mexfeedback
decompiletype Decompile and print psuedo-C# source code for the given [TypeName] Decompile mexfeedback
deferredready (!dfr) Shows the current deferredready threads Thread mexfeedback
delegaterefs (!drefs) Displays information about objects referenced by delegates DotNet mexfeedback
desktop (!desktops) Displays the desktops for the Windows Stations Kernel mexfeedback
deviceobject (!devo) Displays information about a device object Kernel mexfeedback
dhcp Displays information for the DHCP server process Networking mexfeedback
diffimg Compares the process' loaded module list with a scan of memory and displays any differences Binaries mexfeedback
displayobj (!do2) Display a managed object structure DotNet mexfeedback
dnsclient (!dnsc) Displays the DNS client cache, and includes many other features for the DNS Client service. Networking mexfeedback
dr Displays registers showing volatile registers highlighted with (*) General mexfeedback
driverobject (!drvo) Displays details about a driver object Kernel mexfeedback
dtpool (!dtp) Displays information about a pool allocation, if it is a known pooltag we will 1. Try to run the correct extension, or 2. Just dt the structure for you. Kernel mexfeedback
du Displays a Unicode string Utility mexfeedback
dumpaspnetsession Prints information on ASP.NET InProc Sessions DotNet mexfeedback
dumpdataset Dumps a list of all DataSet objects DotNet mexfeedback
dumpdotsourcedfiles Outputs any dot sourced Powershell files optionally with their accompanying script blocks PowerShell mexfeedback
dumpdynamicassemblies2 (!dda2) Like !DumpDynamicAssemblies, but better DotNet mexfeedback
dumphttpruntime2 Dumps the HttpRuntime objects on the heap DotNet mexfeedback
dumpinfo (!di) Display dump information Utility mexfeedback
dumppsvariables Outputs the Powershell Variables of the currently running script on the current thread PowerShell mexfeedback
dumpstackpscommands Outputs the commands, cmdlets, etc. found on the current thread including those referenced by other objects on the thread. PowerShell mexfeedback
dumpstackpsobjects Outputs the PSObjects found on the current thread including those referenced by other objects on the thread. PowerShell mexfeedback
dumpstackstrings (!dss) Displays all the strings on the stack Thread mexfeedback
dumptime Time Information Utility mexfeedback
dumpwcfmessage (!wcfmsg) Dumps information about a WCF buffered message DotNet mexfeedback
dumpwindowsurfaces (!dws) Dump window surfaces to a directory Kernel mexfeedback
eresource (!eres) Displays details for a nt!_ERESOURCE Kernel mexfeedback
evt Show detail for a nt!_KEVENT Kernel mexfeedback
exec Runs a series of commands. Use this instead of using semicolons Utility mexfeedback
executive Displays details on threads waiting on the executive Thread mexfeedback
fileobject (!fo) Displays information about a given file object Kernel mexfeedback
fileserver (!fs) Displays thread running the SRV.sys or SRV2.sys drivers, excluding threads waiting on inbound work General mexfeedback
finalizable (!finalizable) Displays information about finalizable objects in the GC Heap DotNet mexfeedback
fixthis Preface a broken command with this one to open an email and send it to the Mex team (e.g. !fixthis !otherMexCommandThatDidNotWork Mex mexfeedback
foreachcpu (!fec) Executes a command on each processor Kernel mexfeedback
foreachframe (!fef) An implementation of !for_each_frame that supports filtering and sets the context before executing Thread mexfeedback
foreachitem (!fei) Iterates through a list, executing a command for each item. Utility mexfeedback
foreachline (!fel) Runs a command against every line of data Utility mexfeedback
foreachmatchingstack (!fems) Run a command against identical stacks Thread mexfeedback
foreachmodule (!fem) An implementation of !for_each_module that supports filtering Binaries mexfeedback
foreachobject (!feo) Runs a command against each CLR object DotNet mexfeedback
foreachprocess (!fep) An implementation of !for_each_process that supports filtering and sets the context before executing Kernel mexfeedback
foreachthread (!fet) An implementation of .for_each_thread that works in user and kernel mode Thread mexfeedback
gatewait Shows threads with a state of GateWait Thread mexfeedback
gchandleinfo (!gchandle) Displays information on GC Handles DotNet mexfeedback
gcheapinfo (!gchi) Get info on the managed GC Heap DotNet mexfeedback
grep Search the output of a command for a specific string or pattern Utility mexfeedback
handlefind (!hf) Find handles for a given kernel object General mexfeedback
head Displays the first X lines of a command's output Utility mexfeedback
help Help General mexfeedback
httpheaders Print the contents of an HttpHeaderCollection DotNet mexfeedback
if (!mif) Condition detection based on command output Utility mexfeedback
il Prints the IL for the specified method Decompile mexfeedback
ilspy Automatically extracts the module from the dump, and launches ILSpy DotNet mexfeedback
imports Displays the import table for a module Binaries mexfeedback
initialized (!init) Shows the current threads in the initialized state Thread mexfeedback
interpretrawstack (!irs) This command dumps the raw stack and interprets the values as symbols, and as unicode and ansi strings. It will also highlight start and end of frames General mexfeedback
ip Converts an address into an IP address format Networking mexfeedback
irpbyfilename (!ibfn) Dump any IRP containing the specified text in filename General mexfeedback
ldap Displays LDAP client or server details Process mexfeedback
listthreads (!lt) Displays a list of threads Thread mexfeedback
listticks (!lticks) Show tick counts for threads Kernel mexfeedback
loop Loops either forwards or backwards through a series of numbers with variable replacement Utility mexfeedback
managedthreads (!mthreads) A !threads look-alike, with !aspxpagexext-like output DotNet mexfeedback
mappeddrives (!mdrives) Displays mapped drives Process mexfeedback
messagequeue (!mq) Displays message queue Kernel mexfeedback
mheap A DML'd version of !heap. Process mexfeedback
mirp Displays IRP details (replaces !irp) Kernel mexfeedback
mirpfind Mex version of IRPFIND Kernel mexfeedback
mods Displays modules loaded in a process Binaries mexfeedback
more Runs a command in paged mode, asking for input every X lines Utility mexfeedback
mreg This is a DML'd version of !reg Kernel mexfeedback
mrmsg (!msg) Interprets a Windows message Utility mexfeedback
mup Displays info for the Multiple UNC Provider (MUP) Networking mexfeedback
ncsi Displays Network Connectivity Status Indicator (NCSI) configuration Networking mexfeedback
ndao Native Dump ALL Objects - Potentially very slow General mexfeedback
ndro Native Dump Register Objects General mexfeedback
ndso Native Dump Stack Objects Thread mexfeedback
net Net Command Help Networking mexfeedback
obj Displays details for a given kernel object (object manager) Kernel mexfeedback
objectsummary Outputs object analysis summary DotNet mexfeedback
obtrace Dumps the trace information for an object Kernel mexfeedback
oracleclientperfcounters Display System.Data.OracleClient performance counters DotNet mexfeedback
outline (!ol) Outlines the calls inside a given function Utility mexfeedback
p Displays process details Process mexfeedback
parsemem Walks a range of memory and counts unique byte sequences Kernel mexfeedback
phandles (!ph) Shows a list of currently open printer handles General mexfeedback
pingtrack Pingtrack command Networking mexfeedback
printdbcommand Prints information about a DBCommand object DotNet mexfeedback
printexception2 (!pe2) Like !PrintException, with DML DotNet mexfeedback
printmanifest Prints the assembly manifest for the specified module Decompile mexfeedback
printmembers Scans specified module and type [Module!TypeName] and prints all members Decompile mexfeedback
printtypes Scans specified [Module] and prints all types Decompile mexfeedback
psrunspace Outputs the runspaces in the process. PowerShell mexfeedback
psscriptblock Outputs the script blocks in the process. PowerShell mexfeedback
rasmans Displays the rasmans!ConnectionBlockList Networking mexfeedback
readfile Read a file from the filesystem and display the output in the debugger Utility mexfeedback
ready (!rdy) Shows the currently ready threads Thread mexfeedback
rollup (!ru) Takes an input value and rolls it up to the appropriate bucket (e.g. bytes to GB) Utility mexfeedback
runaway2 Runaway2.. Replacement for !runaway General mexfeedback
runcheck (!runchecks) runs the specified check(s) on the specified module(s) Decompile mexfeedback
runchecklist runs the specified checklist(s) on the specified module(s) Decompile mexfeedback
running (!cpu) (Kernel mode only) A brief overview of currently executing threads Thread mexfeedback
rxirps Displays the list of IRPs stored in rdbss!RxIrpsList Kernel mexfeedback
sccm SCCM SystemCenter mexfeedback
scom (!om) Utilities for SC Operations Manager. SystemCenter mexfeedback
scsm (!sm) Utilities for SC Service Manager SystemCenter mexfeedback
searchthreadstacks (!sts) Searches thread stacks for a value Thread mexfeedback
services (!service) Displays details about services. Requires access to the usermode address space of services.exe (userdump of services.exe or complete memory dump) General mexfeedback
settings Mex Settings Mex mexfeedback
sort Sort command Utility mexfeedback
spdisposecheck Executes the SharePoint Dispose and Do Not Dispose Checklist items Decompile mexfeedback
sqlclientperfcounters Display System.Data.SqlClient performance counters DotNet mexfeedback
sqlcmd Provides information about ADO.NET Commands to SQL Server DotNet mexfeedback
sqlcn Provides an overview of ADO.NET connections to SQL Server DotNet mexfeedback
sqlports (!sqlports) Gets the local and remote TCP ports from a SqlConnection object DotNet mexfeedback
srvnet Displays info on SRVNET Networking mexfeedback
standby (!sby) Shows the current standby threads Thread mexfeedback
staticfields Display static fields of a managed type DotNet mexfeedback
strings Prints out readable strings in an address range Utility mexfeedback
sum (!sum) Sums the output returned by a command Utility mexfeedback
suspended Displays details on suspended threads Thread mexfeedback
svcreg Dumps the passed in service/driver registry key General mexfeedback
svcthreads (!svcthreads) Find threads executing WCF services DotNet mexfeedback
t A new implementation of !thread for user & kernel mode Thread mexfeedback
tac Writes input to console, last line first. Utility mexfeedback
tag Searches kernel modules for a given pooltag Kernel mexfeedback
tail Displays the final X lines of a command's output Utility mexfeedback
tasklist (!tl) Displays information about running tasks (processes) Kernel mexfeedback
tasktriage (!tasks) Analyzes the System.Threading.Tasks.Task objects still on the heap. DotNet mexfeedback
tcpip (!tcp) TCP/IP - Gets TCP and UDP ports from Kernel Memory Networking mexfeedback
threadpool (!tp) Displays information regarding NTDLL thread pools Thread mexfeedback
threadreport (!trep) Displays a thread report. Thread mexfeedback
time Time how long a command takes to execute Utility mexfeedback
tr (!replace) Search and Replace. Translate a char/string into another char/string. Utility mexfeedback
transition (!trans) Shows the current threads in the transition state Thread mexfeedback
udescan (!manalyze) Scans dump for known issues and displays them in human-readable format. Utility mexfeedback
uniqlines (!ul) Prints each line of output and a count of how many times they appeared Utility mexfeedback
uniquestacks (!us) Like the built-in !uniqstacks except it associates thread IDs with the stack traces Thread mexfeedback
userrequest Displays details on threads with a wait reason of UserRequest Thread mexfeedback
vadmodules (!vadm) Lists the vads of a process. Kernel mexfeedback
ver Displays OS version info Utility mexfeedback
vss Vss Command Help Kernel mexfeedback
wcfperfcounters Dumps performance counters for WCF services DotNet mexfeedback
wcftcpconnectionpools (!wtcp) Display WCF Net.TCP connection pools DotNet mexfeedback
whocalls Scans all loaded managed modules and finds methods that call [MethodName] Decompile mexfeedback
whoimplements Scans all loaded managed modules and finds types that implement [InterfaceName] Decompile mexfeedback
whoinherits Scans all loaded managed modules and finds types that inherit [TypeName] Decompile mexfeedback
whonews Scans all loaded managed modules and finds methods that construct [TypeName] Decompile mexfeedback
whopins Scans managed modules and all finds methods that pin objects of a given [TypeName] or all types Decompile mexfeedback
window (!wnd) Displays windows for each desktop. You must be in the context of a given session to see that session's windows Kernel mexfeedback
windowstation (!winsta) Display details for windows station(s) Kernel mexfeedback
winnsi winnsi Command Help Networking mexfeedback
wq Displays executive work queue threads Kernel mexfeedback
wrcpuratecontrol Displays details on threads with a wait reason of WrCpuRateControl Thread mexfeedback
wrexecutive Displays details on threads waiting on the executive Thread mexfeedback
wrfastmutex Displays details on threads waiting for a Fast Mutex Thread mexfeedback
wrfreepage Displays details on threads with a wait reason of WrFreePage Thread mexfeedback
writefile Runs a command and writes the data to a file Utility mexfeedback
writemodule Writes a module to your temp directory Binaries mexfeedback
wrlpcreceive (!lpcs) Displays details on LPC/ALPC server threads Thread mexfeedback
wrresource Displays details on threads with a wait reason of WrResource Thread mexfeedback
x Wrapper for x that adds some DML General mexfeedback
xx (!x2) Replacement for !x
####################
!mex help DotNet
Command Description Category Score
=========================================== =================================================================== ======== =====
objectsummary Outputs object analysis summary DotNet 199
aspnetcache (!aspnetcache) Display the ASP.NET Cache DotNet 180
aspxpagesext Like !aspxpages, but more powerful DotNet 180
clrstack2 (!ck2) Prints the stack trace of a managed thread DotNet 180
cordll (!cordll) Displays available CLR versions DotNet 180
dae (!DumpAllExceptions) Replacement for !dae DotNet 180
delegaterefs (!drefs) Displays information about objects referenced by delegates DotNet 180
displayobj (!do2) Display a managed object structure DotNet 180
dumpaspnetsession Prints information on ASP.NET InProc Sessions DotNet 180
dumpdataset Dumps a list of all DataSet objects DotNet 180
dumpdynamicassemblies2 (!dda2) Like !DumpDynamicAssemblies, but better DotNet 180
dumphttpruntime2 Dumps the HttpRuntime objects on the heap DotNet 180
dumpwcfmessage (!wcfmsg) Dumps information about a WCF buffered message DotNet 180
finalizable (!finalizable) Displays information about finalizable objects in the GC Heap DotNet 180
foreachobject (!feo) Runs a command against each CLR object DotNet 180
gchandleinfo (!gchandle) Displays information on GC Handles DotNet 180
gcheapinfo (!gchi) Get info on the managed GC Heap DotNet 180
httpheaders Print the contents of an HttpHeaderCollection DotNet 180
ilspy Automatically extracts the module from the dump, and launches ILSpy DotNet 180
managedthreads (!mthreads) A !threads look-alike, with !aspxpagexext-like output DotNet 180
oracleclientperfcounters Display System.Data.OracleClient performance counters DotNet 180
printdbcommand Prints information about a DBCommand object DotNet 180
printexception2 (!pe2) Like !PrintException, with DML DotNet 180
sqlclientperfcounters Display System.Data.SqlClient performance counters DotNet 180
sqlcmd Provides information about ADO.NET Commands to SQL Server DotNet 180
sqlcn Provides an overview of ADO.NET connections to SQL Server DotNet 180
sqlports (!sqlports) Gets the local and remote TCP ports from a SqlConnection object DotNet 180
staticfields Display static fields of a managed type DotNet 180
svcthreads (!svcthreads) Find threads executing WCF services DotNet 180
tasktriage (!tasks) Analyzes the System.Threading.Tasks.Task objects still on the heap. DotNet 180
wcfperfcounters Dumps performance counters for WCF services DotNet 180
wcftcpconnectionpools (!wtcp) Display WCF Net.TCP connection pools DotNet 180
#################
0:039> !psscor4.help
-------------------------------------------------------------------------------
SOS is a debugger extension DLL designed to aid in the debugging of managed
programs. Functions are listed by category, then roughly in order of
importance. Shortcut names for popular functions are listed in parenthesis.
Type "!help <functionname>" for detailed info on that function.
Object Inspection Examining code and stacks
----------------------------- -----------------------------
DumpObj (do) Threads
DumpArray (da) ThreadState
DumpStackObjects (dso) IP2MD
DumpHeap U
DumpVC DumpStack
GCRoot EEStack
ObjSize CLRStack
FinalizeQueue GCInfo
PrintException (pe) EHInfo
TraverseHeap BPMD
DumpField (df) COMState
DumpDynamicAssemblies (dda)
GCRef
DumpColumnNames (dcn)
DumpRequestQueues
DumpUMService
Examining CLR data structures Diagnostic Utilities
----------------------------- -----------------------------
DumpDomain VerifyHeap
EEHeap VerifyObj
Name2EE FindRoots
SyncBlk HeapStat
DumpMT GCWhere
DumpClass ListNearObj (lno)
DumpMD GCHandles
Token2EE GCHandleLeaks
EEVersion FinalizeQueue (fq)
DumpModule FindAppDomain
ThreadPool SaveModule
DumpAssembly ProcInfo
DumpSigElem StopOnException (soe)
DumpRuntimeTypes DumpLog
DumpSig VMMap
RCWCleanupList VMStat
DumpIL MinidumpMode
PrintIPAddress AnalyzeOOM (ao)
DumpHttpRuntime FindDebugTrue
DumpIL FindDebugModules
PrintDateTime Analysis
DumpDataTables CLRUsage
DumpAssembly CheckCurrentException (cce)
RCWCleanupList CurrentExceptionName (cen)
DumpHttpContext
ASPXPages
DumpASPNETCache (dac)
ConvertVTDateToDate (cvtdd)
ConvertTicksToDate (ctd)
DumpRequestTable
DumpHistoryTable
DumpBuckets
GetWorkItems
DumpXmlDocument (dxd)
DumpCollection (dc)
Examining the GC history Other
----------------------------- -----------------------------
HistInit FAQ
HistRoot
HistObj
HistObjFind
HistClear
########################
.loadby sos clr
.load psscor4
.load mex
.load sosex
!bhi
!dumpdynamicassemblies2
!sos.threadpool
!mex.us
!mex.aspxpagesext
!mex.mthreads / !sos.threads
!mex.dae
!sos.finalizequeue
!mex.clrstack2
!mex.runaway2
!mex.sqlcn
!bhi
!dlk
!heap -l
lmv
#### DON'T USE #### !objectsummary
!address -summary
!heap -s
!address /f:PAGE_READWRITE
!eeheap
!heap -f -stat -h 0000004063fe0000
!heap -stat -h 0
!heap -flt s [size]
!heap -p -a [UsrPtr]
###
https://publib.boulder.ibm.com/httpserv/cookbook/Troubleshooting-Troubleshooting_Operating_Systems-Troubleshooting_Windows.html
###
################## CHROME #################
chrome://about
chrome://flags
chrome://memory-internals/
chrome://tracing
window.open(window.URL.createObjectURL(new Blob([document.documentElement.outerHTML], {type: 'text/plain'})));
--enable-logging --v=1
https://www.chromium.org/developers/how-tos/debugging-on-windows/windbg-help
################# .NET CORE #################
c:
cd \dump
SET _NT_SYMBOL_PATH=srv*c:\web\symbols*https://msdl.microsoft.com/download/symbols
SET PATH=C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.2.5;%PATH%
"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe"
################# UNMANAGED/NATIVE MEMORY LEAK #################
# Don't forget to use gflags on the executable to
# https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/using-umdh-to-find-a-user-mode-memory-leak
# gflags is in the windbg.exe folder. Run w/o arguments to get the GUI or use
# the following to ENABLE stack traces: gflags /i c:\windows\system32\spoolsv.exe +ust
# to disable: the following to ENABLE stack traces: gflags /i c:\windows\system32\spoolsv.exe -ust
.sympath srv*c:\temp\symbols*https://msdl.microsoft.com/download/symbols
.reload # .reload /f #to force symbol load
!analyze -v
lm
lmv
!threads
!address -summary
!address
!heap -s
!heap -l #Searching the memory for potential unreachable busy blocks.
!heap -stat -h 0000000001260000
!heap -flt s 104c #104c is the allocation unit size from prev. command
!heap -p -a 000000000127cf40 #number is UserPtr
dd 0000000004f1d350
da 0000000004f1d350
SEE ALSO: https://gist.github.com/jennings/265fc3ddd33350f0f6ed0c837c7a1619
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment