Crash Dump Analysis Checklist
Crash Dump 분석을 위해 장애 유형에 따른 분석 체크리스트입니다. 이 내용은 Crash Dump Analysis Blog
웹사이트에 포스팅 된 내용이며, 16개의 덧글에 추가된 내용도 모두 업데이트 되어 있습니다.
장애 유형에 따라 아래 체크리스트를 참고하면 좋을 것 같습니다.
General:
• Internal database(s) search
• Google or Microsoft search for suspected components as this could be a known issue.
Sometimes a simple search immediately points to the fix on a vendor’s site
• The tool used to save a dump (to flag false positive, incomplete or inconsistent dumps)
• OS/SP version
• Language
• Debug time
• System uptime
• Computer name
• .kframes 100
Application crash or hang:
• Default analysis (!analyze -v or !analyze -v -hang for hangs)
• Critical sections (!locks and !locks -v) for both crashes and hangs
• Component timestamps, duplication and paths. DLL Hell?
• Do any newer components exist?
• Process threads (~*kv or !uniqstack)
• Process uptime
• Your components on the full raw stack of the problem thread
• Your components on the full raw stack of the main application thread
• Process size
• Number of threads
• Gflags value (!gflag)
• Time consumed by thread (!runaway)
• Environment (!peb)
• Import table (!dh)
• Hooked functions (!chkimg)
• Exception handlers (!exchain)
System hang:
• Default analysis (!analyze -v -hang)
• ERESOURCE contention (!locks)
• Processes and virtual memory including session space (!vm 4)
• Pools (!poolused)
• Waiting threads (!stacks)
• Critical system queues (!exqueue f)
• I/O (!irpfind)
• The list of all thread stack traces (!process 0 ff for W2K3/XP/Vista, ListProcessStacks script for W2K)
• LPC chain for suspected threads (!lpc message)
• Critical sections for suspected processes (!ntsdexts.locks)
• Sessions, session processes (!session, !sprocess)
• Processes (size, handle table size) (!process 0 0)
• Running threads (!running)
• Ready threads (!ready)
• DPC queues (!dpcs)
• The list of APCs (!apc)
• Internal queued spinlocks (!qlocks)
BSOD:
• Default analysis (!analyze -v)
• Pool address (!pool)
• Component timestamps.
• Processes and virtual memory (!vm 4)
• Current threads on other processors
• Raw stack
• Bugcheck description (including ln exception address for corrupt or truncated dumps)
• Bugcheck callback data (!bugdump for systems prior to Windows XP SP1)
• Bugcheck secondary callback data (.enumtag)
[참고자료]
Crash Dump Analysis Checklist
http://www.dumpanalysis.org/blog/index.php/2007/06/20/crash-dump-analysis-checklist/
옮긴 이 : Lai Go / 옮긴 일자 : 2008.07.17
2007~2011/Windows Platform2008. 7. 17. 19:06