O'Reilly logo

Memory Dump Analysis Anthology, Volume 5 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 7. Software Trace Analysis

Pattern Interaction

Adjoint Threads, Discontinuity and Time Delta

Here is one of the first case studies in pattern-driven software trace analysis. A user starts printing but nothing comes out. However, if the older printer driver is installed everything works as expected. We suspect that print spooler crashes if the newer printer driver is used. Based on known module name in ETW trace we find PID for a print spooler process (19984) and immediately see discontinuity (Volume 4, page 341) in the trace with the large time delta (page 282) between the last PID message and the last trace statement (almost 4 minutes):

No   Source        PID   TID   Time         Message
712  \src\print\ui 19984 16200 12:22:31.571 PropertySheet returns 1 [... ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required