ADPLUS Crash/Hang Dump Analysis
Hi All, I need guidance from anyone having experience with ADPLUS or Process Explorer tools - Windows Debugging Tools. Issue: For one of the crash/hang issues in our production environment, we are trying to create and analyze the hang dumps. We have used ADPLUS for generating the dumps during the hang. The server is Windows Server 2003. Though we understand what the issue is (which dll is causing the problem) from the ADPLUS stack trace, we are not able to take a next step towards resolution as we cant completely comprehend the data. We also used Process Explorer for analysis. The Stack Trace (below) from ADPLUSdepicts that the process is waiting for some return from an IO operation (.NtReadFile). I cannot understand which file it is and why it would hangonany file.I would like to know if anyone has any idea on how to get that information from ADPLUS. STACK_TEXT: 0012f2c8 7c82776b 77e418b2 00000194 00000000 ntdll!KiFastSystemCallRet0012f2cc 77e418b2 00000194 00000000 00000000 ntdll!NtReadFile+0xc0012f334 77f65edb 00000194 0012f400 0000021a kernel32!ReadFile+0x16c0012f360 77f65f82 00000194 0012f400 0000021a advapi32!ScGetPipeInput+0x2a0012f3d4 77f51ed9 00000194 0012f400 0000021a advapi32!ScDispatcherLoop+0x510012f638 003fa35a 001801f0 00000000 001801f0 advapi32!StartServiceCtrlDispatcherW+0xe3WARNING: Frame IP not in any known module. Following frames may be wrong.00000000 00000000 00000000 00000000 00000000 0x3fa35a Also, please let me know if you need any details further or results of any other commands executed on ADPLUS. Thanks, in advance. Regards, Jahnavi
June 1st, 2009 6:40pm

hi jahnavi,using process explorer is pretty simple if you have the source code along with you , and from the stack trace its pretty difficult to predict the behavior, the child paramaters might corresponds to value or the the function. for eg: 773418b2 might be a function or just a paramter to function. so i would like to first check the behavior what is the problem ?, does the problem relates to windows / custom application / issue occurs while performing certain operation. secondly if yo uhave process explorer, you can attach your source so that it will point your function under the particular thread along with the cswitchdelta. adplus / drwtsn32 / are utilities to be used only when you have completed troubleshooting from GUI / architecture perspective. sainath windows driver development.
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2009 8:14pm

Hi,We have preferred ADPLUS as it is in the production/staging environment. I cannot debug the source code on this environment.Problem: Our application hangs suddenly. It does not allow any user action. We have to kill the process and start again. Sometimes the issue remains too long andsometimes it gets resolved once the process is killed. We also notice that our particular application executable consumes all of the CPU memory, though there are no users accessing it.We believe, thatthe issue not related to any particular operationbeing performed in the application as it is very arbitrary in behavior.Please suggest as to what could be our next steps for diagnosis.Thanks,Jahnavi
June 2nd, 2009 9:01am

hi there, the better way to diagonise the problem is to use process explorer when the issue occurs. as the application is custom app, you should be having the symbol files and the source files along with you.make sure you attach them to the process explorer and next time when you see a high cpu utilization, right click the exe and go to the threads and check which thread is occupying the high cpu. and also click the cswitchdelta to see which thread is responsible ( might be a reader thread / writer thread ) which might be causing the issue / your fuction is using malloc which is allocating hte space for the object but not releasing it. also if you have the adplus dump then its easier to debug using the .pdb files which gets generate when you compile your code. attach them to the windbg along with the appropriate symbols and then use the windbg commands to check for the issue. use !stacks to check for the stacks. use !locks to check if there are any locks.make sure what your application does, whether it is completely a user mode app / it interacts with kernel and also you can perform live debugging if you can attach your server with serial cable from other PC.If you want to know the root cause of the hang issue, we need to analyze the performance log and crash dump file. I would suggest that you contact Microsoft Customer Support service to troubleshoot this issue efficiently. They are the best resource for this kind of issues. You may obtain the phone numbers for specific technology request please take a look at the web site listed below: https://support.microsoft.com/common/international.aspx?iid=174859&iguid=56907522-6886-4238-a70f-a1d06a4473c7_2_2&rdpath=1 Hope the issue will be resolved soon. sainath windows driver development.
Free Windows Admin Tool Kit Click here and download it now
June 2nd, 2009 2:51pm

Hi,One question...Our executable is third party one and we dont have the .pdb files for attaching the symbols. But after seeing the ADPLUS hang dump results (in first mail) where the stack does not show any .dll from the third party executable.We did not consult them yet as it appeared to us as the environment issue. Do you suggest anything for this.Thanks,Jahnavi
June 4th, 2009 10:54am

hi jahnavi,we can take this offline as this will require more info and good understanding of your applicatoin architecture, please do email me at sainathss@live.in.sainath windows driver development.
Free Windows Admin Tool Kit Click here and download it now
June 4th, 2009 5:54pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics