1 / 13

PRODUCTION DUMP ANALYZE

PRODUCTION DUMP ANALYZE. Dinor Geler SUPPORT ESCALATION ENGINEER GBS . Blog : http://www.thegbsguy.com / twit me at @ DinorGeler linkedin http:// www.linkedin.com/pub/dinor-geler/26/322/737. WHY EVEN TAKE A DUMP ?. Machine Crashed – Main Reason. Performance Issue – Sluggish Machine.

elwyn
Download Presentation

PRODUCTION DUMP ANALYZE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PRODUCTION DUMP ANALYZE Dinor Geler SUPPORT ESCALATION ENGINEER GBS. Blog : http://www.thegbsguy.com/ twit me at @DinorGeler linkedinhttp://www.linkedin.com/pub/dinor-geler/26/322/737

  2. WHY EVEN TAKE A DUMP ? • Machine Crashed – Main Reason. • Performance Issue – Sluggish Machine. • Malware Phorensics. • See What Happened Post Mortem. • Debug A Process Crash Or Hang. • Get Deeper Into Windows Structures.

  3. First thing first before you start I recommended….. • Take A Deeper Look on Sysinternal 5th-6th Book • CodeMachineWebsite http://www.codemachine.com/ • Msdn Is Your Friend http://msdn.microsoft.com/en-US/ • Try To Work on Your Own Use Not My Fault http://download.sysinternals.com/files/NotMyFault.zip • Experience….. Experience…….

  4. SO HOW DO I TAKE A DUMP QUICK OVERVIEW… • http://support.microsoft.com/kb/969028 - How to generate a kernel or a complete memory Dump • http://support.microsoft.com/kb/927069 - kernel crash dump file by using an NMI • http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009187 -Generating a Windows core dump to troubleshoot unresponsive virtual machines on ESX/ESXi

  5. Close environments/secure • If you have secure place and you need to get the symbols you can use the symchk command line,which comes with the windbg. • symchk.exe /r /id f:\Demo\MEMORY.DMP /s http://msdl.microsoft.com/downloads/symbols /om f:\Demo\manifest.txt • Than take the manifest to another env and download the symbols • symchk.exe /r /im f:\Demo\manifest.txt /s http://msdl.microsoft.com/downloads/symbols

  6. Lets dive in …….. • What Info Can I Find From A Dump (Kernel/Full).

  7. Demo - 1 • Customer complains That IE hang on Ghosting (white screen).

  8. DEMO 2 • My Server BSOD : • CRITICAL_OBJECT_TERMINATION

  9. Hang scenario DEMO 3

  10. Debug Live Machine using KD • http://msdn.microsoft.com/en-us/library/windows/hardware/ff552017(v=vs.85).aspx • DEMO

  11. How other providers do it …… • Google uses Volatility – lets have a look • https://code.google.com/p/volatility/

  12. QA –PLEASE ASK ……

More Related