PART 3: Pattern Interaction
Spiking Thread, Top Module, Module Hint, and Memory Fluctuation
We noticed that after restarting Windows 7 system on one of our notebooks, it becomes very sluggish. Task Manager showed 25% CPU usage in one of the svchost.exe processes and very high usage of physical memory. So we immediately dumped it using procdump. The resulted process memory dump was almost 1.5 GB. Although the analysis case is very simple and straightforward, we decided to publish to show the value of crash and hang dump analysis in understanding abnormal software behavior in “user” context.
When we open the memory dump and run !runaway WinDbg command we immediately recognize Spiking Thread (Volume 1) pattern:
0:000> !runaway fUser Mode TimeThread ...