O'Reilly logo

Memory Dump Analysis Anthology, Volume 8b by Software Diagnostics Institute, Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

PART 2: Crash Dump Analysis Patterns

 

Reference Leak

Objects such as processes may be referenced internally in addition to using handles. If their reference counts are unbalanced, we may have this pattern. For example, we have an instance of thousands of Zombie Processes (Volume 2, page 196) but we don’t see Handle Leaks (Volume 7, page 164) from their parent processes if we analyze ParentCids:

0: kd> !process 0 0​[...]​PROCESS fffffa801009a060​SessionId: 0 Cid: 2e270 Peb: 7fffffdb000 ParentCid: 032c​DirBase: 12ba37000 ObjectTable: 00000000 HandleCount: 0.​Image: conhost.exe

PROCESS fffffa8009b7e8e0​SessionId: 1 Cid: 2e0c8 Peb: 7fffffd9000 ParentCid: 10a0​DirBase: 21653e000 ObjectTable: 00000000 HandleCount: 0.​Image: taskmgr.exe

PROCESS fffffa8009e7a450​ ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required