O'Reilly logo

Memory Dump Analysis Anthology, Volume 7 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Two WinDbg Scripts That Changed the World

One of the readers if this Anthology asked whether there is !runaway WinDbg command equivalent for kernel and complete memory dumps to diagnose Spiking Thread pattern (Volume 1, page 305) faster. So, after some thinking we gave it a try especially in the context of WinDbg scripting exercises designed for Advanced Windows Memory Dump Analysis training2. As a result we wrote two scripts initially. Their output here is taken from a complete memory dump we used for Fundamentals of Complete Crash and Hang Memory Dump Analysis presentation3.

The first one dumps the most CPU consuming threads for user and kernel mode:

 $$ $$ krunawaymost.wds $$ Copyright (c) 2011 Software Diagnostics Services $$ GNU GENERAL ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required