http://www.dumpanalysis.org/blog/index.php/2007/06/20/crash-dump-analysis-checklist/
I've copied posts to my webpage.
all copyrights are by dumpanalysis.org :-)
General:
• Symbol servers (.symfix)
• Internal database(s) search
• Google or Microsoft search for suspected components as this could be a known issue. Sometimes a simple search immediately points to the fix on a vendor’s site
• The tool used to save a dump (to flag false positive, incomplete or inconsistent dumps)
• OS/SP version (version)
• Language
• Debug time
• System uptime
• Computer name (dS srv!srvcomputername or !envvar COMPUTERNAME)
• List of loaded and unloaded modules (lmv or !dlls)
• Hardware configuration (!sysinfo)
• .kframes 100
• Internal database(s) search
• Google or Microsoft search for suspected components as this could be a known issue. Sometimes a simple search immediately points to the fix on a vendor’s site
• The tool used to save a dump (to flag false positive, incomplete or inconsistent dumps)
• OS/SP version (version)
• Language
• Debug time
• System uptime
• Computer name (dS srv!srvcomputername or !envvar COMPUTERNAME)
• List of loaded and unloaded modules (lmv or !dlls)
• Hardware configuration (!sysinfo)
• .kframes 100
Application crash or hang:
• Default analysis (!analyze -v or !analyze -v -hang for hangs)
• Critical sections (!locks and !locks -v, !cs -s -l -o) for both crashes and hangs
• Component timestamps, duplication and paths. DLL Hell? (lmv and !dlls)
• Do any newer components exist?
• Process threads (~*kv or !uniqstack)
• Process uptime
• Your components on the full raw stack of the problem thread
• Your components on the full raw stack of the main application thread
• Process size
• Number of threads
• Gflags value (!gflag)
• Time consumed by thread (!runaway)
• Environment (!peb)
• Import table (!dh)
• Hooked functions (!chkimg)
• Exception handlers (!exchain)
• Computer name (!envvar COMPUTERNAME)
• Critical sections (!locks and !locks -v, !cs -s -l -o) for both crashes and hangs
• Component timestamps, duplication and paths. DLL Hell? (lmv and !dlls)
• Do any newer components exist?
• Process threads (~*kv or !uniqstack)
• Process uptime
• Your components on the full raw stack of the problem thread
• Your components on the full raw stack of the main application thread
• Process size
• Number of threads
• Gflags value (!gflag)
• Time consumed by thread (!runaway)
• Environment (!peb)
• Import table (!dh)
• Hooked functions (!chkimg)
• Exception handlers (!exchain)
• Computer name (!envvar COMPUTERNAME)
System hang:
• Default analysis (!analyze -v -hang)
• ERESOURCE contention (!locks)
• Processes and virtual memory including session space (!vm 4)
• Important services are present and not hanging (for example, terminal or IMA services for Citrix environments)
• Pools (!poolused)
• Waiting threads (!stacks)
• Critical system queues (!exqueue f)
• I/O (!irpfind)
• The list of all thread stack traces (!process 0 ff for W2K3/XP/Vista, ListProcessStacks script for W2K)
• LPC/ALPC chain for suspected threads (!lpc message or !alpc /m after search for “Waiting for reply to LPC” or “Waiting for reply to ALPC” in !process 0 ff output)
• Mutants (search for “Mutants - owning thread” in !process 0 ff output)
• Critical sections for suspected processes (!ntsdexts.locks, !cs -l -o -s)
• Sessions, session processes (!session, !sprocess)
• Processes (size, handle table size) (!process 0 0)
• Running threads (!running)
• Ready threads (!ready)
• DPC queues (!dpcs)
• The list of APCs (!apc)
• Internal queued spinlocks (!qlocks)
• Computer name (dS srv!srvcomputername)
• File cache, VACB (!filecache)
• ERESOURCE contention (!locks)
• Processes and virtual memory including session space (!vm 4)
• Important services are present and not hanging (for example, terminal or IMA services for Citrix environments)
• Pools (!poolused)
• Waiting threads (!stacks)
• Critical system queues (!exqueue f)
• I/O (!irpfind)
• The list of all thread stack traces (!process 0 ff for W2K3/XP/Vista, ListProcessStacks script for W2K)
• LPC/ALPC chain for suspected threads (!lpc message or !alpc /m after search for “Waiting for reply to LPC” or “Waiting for reply to ALPC” in !process 0 ff output)
• Mutants (search for “Mutants - owning thread” in !process 0 ff output)
• Critical sections for suspected processes (!ntsdexts.locks, !cs -l -o -s)
• Sessions, session processes (!session, !sprocess)
• Processes (size, handle table size) (!process 0 0)
• Running threads (!running)
• Ready threads (!ready)
• DPC queues (!dpcs)
• The list of APCs (!apc)
• Internal queued spinlocks (!qlocks)
• Computer name (dS srv!srvcomputername)
• File cache, VACB (!filecache)
BSOD:
• Default analysis (!analyze -v)• Pool address (!pool)
• Component timestamps (lmv)
• Processes and virtual memory (!vm 4)
• Current threads on other processors
• Raw stack
• Bugcheck description (including ln exception address for corrupt or truncated dumps)
• Bugcheck callback data (!bugdump for systems prior to Windows XP SP1)
• Bugcheck secondary callback data (.enumtag)
• Computer name (dS srv!srvcomputername)
• Hardware configuration (!sysinfo)
Комментариев нет:
Отправить комментарий