O'Reilly logo

Memory Dump Analysis Anthology, Volume 9a by Dmitry Vostokov, Software Diagnostics Institute

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

PART 3: Pattern Interaction

 

Spiking Thread, Top Module, Module Hint, and Memory Fluctuation

We noticed that after restarting Windows 7 system on one of our notebooks, it becomes very sluggish. Task Manager showed 25% CPU usage in one of the svchost.exe processes and very high usage of physical memory. So we immediately dumped it using procdump. The resulted process memory dump was almost 1.5 GB. Although the analysis case is very simple and straightforward, we decided to publish to show the value of crash and hang dump analysis in understanding abnormal software behavior in “user” context.

When we open the memory dump and run !runaway WinDbg command we immediately recognize Spiking Thread (Volume 1) pattern:

0:000> !runaway f​User Mode Time​Thread ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required