Search This Blog

2010-05-26

Example of Microsoft Process Debugging

Reference: https://hqextsrvsft01.citrix.com/article/CTX106970

Citrix web site show how to use MS Debugging Tools

http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx

Full abstract

To detect the components responsible for memory leaks, the user should enable an additional runtime diagnostic called user mode stack trace database. If this diagnostic is enabled, an application dump should be generated manually when the IMA Service process has an unusual size.

First, you will probably need to download and install Debugging Tools for Windows from Microsoft to use the gflags.exe utility:

http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx

Use the following syntax to enable diagnostic:

gflags /i ImaSrv.exe +ust

The command should display:

Current Registry Settings for ImaSrv.exe executable are: 00001000
ust - Create user mode stack trace database


If this diagnostic is enabled, an application dump should be generated manually when the IMA Service process has an unusual size or it constantly grows in size. For the latter case several dumps are necessary, for example, when IMA Service reaches 100 MB, then 200 Mb and 300 MB.

To get IMA Service user dump you should use Microsoft userdump.exe tool:

http://support.microsoft.com/kb/241215

If you have x64 system you need to be careful about which version of userdump.exe you use:

http://www.dumpanalysis.org/blog/index.php/2006/10/25/userdumpexe-on-x64/

Once you have the dump(s), the diagnostic should be disabled to avoid performance degradation.

To disable the diagnostic, use the following command:

gflags /i ImaSrv.exe -ust

This command should have the output:

Current Registry Settings for ImaSrv.exe executable are: 00000000

Another way is to use the GUI interface by launching gflags.exe:



Note: You need to restart the IMA Service after enabling or disabling the diagnostic.

To verify that gflags.exe was used correctly, Citrix Technical Support personnel can open the dump in WinDbg.exe and run the command:

0:000> !gflag
Current NtGlobalFlag contents: 0x00001040
hpc - Enable heap parameter checking
ust - Create user mode stack trace database

Note: “hpc” flag is added automatically, even if you have not specified it.

If you do not want to install Debugging Tools for Windows, you can modify the registry directly:

Caution! This fix requires you to edit the registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ImaSrv.exe



You need to create a REG_DWORD value under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ as follows:

Name: GlobalFlag
Type: REG_DWORD
Value: 0x00001000

No comments: