Reputation: 510
windows dump file (hdmp) - information without pdb files
I received dump files (.mdmp and .hdmp) from a crash of our software due to a memory leak (which was on a nother computer). The software consists of one exe-file and many .dll files. I do have the source code (part c++, part delphi) but I do not have the .pdb files for that exact build.
I can open the mdmp/hdmp in visual studio or in WinDbg. But I do not gain a lot of information because I do not have the .pdb files. Since the hdmp file is ~4gb big, I hoped that I have a lot of information already, even without the pdb files. But I do not get an really usefull stack trace or other information, for example when I use the command
!analyze -v
Is it somehow possible to get better results? Can I somehow find out how much memory every dll uses (or rather processes which are connected to specific dlls)? Since I have the source code, can I use newly generated pdb files (for the c++ modules)? Even if they are not 100% accurate. It would already be an great help, to know which module caused the memory leak!
Upvotes: 2
Views: 2041
Answers (1)
Reputation: 5677
You can load pdb files without an exact match of the version.for that you have to use the command .symopt +40 which is load anything SYMOPT_LOAD_ANYTHING
0:000> .symopt
Symbol options are 0x30237:
0x00000001 - SYMOPT_CASE_INSENSITIVE
0x00000002 - SYMOPT_UNDNAME
0x00000004 - SYMOPT_DEFERRED_LOADS
0x00000010 - SYMOPT_LOAD_LINES
0x00000020 - SYMOPT_OMAP_FIND_NEAREST
0x00000200 - SYMOPT_FAIL_CRITICAL_ERRORS
0x00010000 - SYMOPT_AUTO_PUBLICS
0x00020000 - SYMOPT_NO_IMAGE_SEARCH
Now you have to run another command !sym noisy .This will enable noisy mode on
0:000> !sym noisy
noisy mode - symbol prompts on
Once you do this,u can run the analyze command and you will start getting all the symbol loading messages and where windbg looks for the symbol.
make sure you add the pdb files path to the symbols path which windbg looks by using .sympath
0:000> .sympath
Symbol search path is: srv*c:\symcache*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*c:\symcache*http://msdl.microsoft.com/download/symbols
Please note that sometimes even if we add the sympath,some symbol files it will look in some folders.In that case what i do is copy the pdb files to the folder where windbg is looking.
e.g.
DBGHELP: ntdll - public symbols
c:\symcache\wntdll.pdb\B5ACAC3B4A6C4515AF416D60366399652\wntdll.pdb
I will just copy the pdb file to c:\symcache\wntdll.pdb\B5ACAC3B4A6C4515AF416D60366399652.
having said that
A native c++ memory leak is difficult to analyze without a leaktrack dump.
Please try to use DebugDiag native memory leak analysis and it should tell you what heap is taking the memory.If it is some custom library heap,you can try and update this particular component.Following articles might help you
debugging-native-memory-leaks-with-debug-diag-1-1
walkthrough-troubleshooting-a-native-memory-leak
using-debugdiags-leaktrack-with-procdumps-reflected-process-dumps
Upvotes: 4
Related Questions
- Generate PDB from .NET DLL file?
- Dump file + PDB files - is it possible to create dump on one PC and then investigate it on another?
- Read symbols in WinDBG without exe
- How to read a crash dump file (I have source code and .pdb files)
- Crash dump - WinDbg - force PDB files to match doesn't work?
- How to get SLC.pdb to analyze memory dump
- Analyzing .dmp files
- PDB file crashdump user.dmp
- Are there any tools to read the contents of dump files created during BSoD in Windows?
- WinDBG Dump Analysis without symbols