tis general support troubleshooting
TRANSCRIPT
-
8/14/2019 TiS General Support Troubleshooting
1/13
Support Troubleshooting
-
8/14/2019 TiS General Support Troubleshooting
2/13
Troubleshooting
Applications or the system sometimesexhibit mysterious bad performance
Most applications do a poor job of reporting
unexpected errors Locked, missing or corrupt files
Missing or corrupt registry data
Permissions problems
You might be plagued by the occasionalhard hang or bluescreen
-
8/14/2019 TiS General Support Troubleshooting
3/13
Tools We Use
Sysinternals: www.microsoft.com/technet/sysinternals
Process Explorer process/thread viewer
Process Monitor file/registry/process/threadtracing
Debugging Tools for Windows:www.microsoft.com/whdc/devtools/debugging/Windbg
Windbg - application and kernel debugger
eFlow Logger
-
8/14/2019 TiS General Support Troubleshooting
4/13
Process Explorer
Process Explorer is a Task Managerreplacement
You can literally replace Task Manager withOptions->Replace Task Manager
Hide-when-minimize to always have it handy Hover the mouse to see a tooltip showing the
process consuming the most CPU Open System Information graph to see CPU usage history
Graphs are time stamped with hover showing biggestconsumer at point in time
Also includes other activity such as I/O, kernelmemory limits
-
8/14/2019 TiS General Support Troubleshooting
5/13
Process Monitor
Process Monitor is a real-time file, registry, process andthread monitor
It requires Windows 2000 SP4 w/Update Rollup 1, XP SP2 orhigher, Server 2003 SP1 or higher, Vista, or Server 2008(including 64-bit versions of Windows)
Enhancements over Filemon/Regmon include: More advanced filtering
Operation call stacks
Boot-time logging
Data mining views
Process tree to see short-lived processes When in doubt, run Process Monitor!
It will often show you the cause for error messages
It many times tells you what is causing sluggish performance
-
8/14/2019 TiS General Support Troubleshooting
6/13
Processes and Threads
A process represents an instance of arunning program
Address space
Resources (e.g., open handles)
Security profile (token)
A thread is an execution context within aprocess
Unit of scheduling (threads run, processesdont run)
All threads in a process share the same per-process address space
-
8/14/2019 TiS General Support Troubleshooting
7/13
Viewing Threads
Task Manager doesntshow thread details withina process
Process Explorer does on
Threads tab Displays thread details
such as ID, CPU usage,start time, state, priority
Click Module to get detailson module containingthread start address
-
8/14/2019 TiS General Support Troubleshooting
8/13
Call Stacks
Sometimes a threadstart address doesnttell you what a thread isdoing
The stack might providea hint: The stack is a per-thread
region of memory thatrecords a history of
function nesting The bottom from
(Function 3) is where thethread will continueexecuting
Function 2
Function 1
Function 3
-
8/14/2019 TiS General Support Troubleshooting
9/13
Viewing Call Stacks
Click Stack on the Threadstab to view a threads callstack Lists functions in reverse
chronological order Note that start address on
Threads tab is differentthan first function shown instack This is because all threads
created by Windows programsstart in a library function inKernel32.dll which calls theprogrammed start address
-
8/14/2019 TiS General Support Troubleshooting
10/13
Associating Windows withProcesses
Task Manager can associate a window in its list with aprocess
But sometimes windows appear that are not in itsApplications list
Process Explorer has a window finder tool On tool bar, drag window finder icon over window and release
Process that owns thread that owns window is highlighted
Visual Studio Spy++ tool shows which thread owns awindow
-
8/14/2019 TiS General Support Troubleshooting
11/13
Viewing Open Handles
Each process has a list of open objects Files, Registry keys, synchronization objects, TCP/UDP
ports
May be useful to query this list
Microsoft tools: XP/2003 have new Openfiles /query command
Only shows handles to open files not other non-file objects
Process Explorer and Sysinternals Handle canshow open handles without this flag Uses a device driver
-
8/14/2019 TiS General Support Troubleshooting
12/13
Uses Of Handle View
Understand resources used by an application Files
Registry keys
Note: by default, shows named objects Click on Options->Show Unnamed Objects
Solve file locked errors Use the search feature to determine what process is
holding a file or directory open
Can even close an open files (be careful!)
View the state of synchronization objects(mutexes, semaphores, events)
Detect handle leaks using refresh differencehighlighting
-
8/14/2019 TiS General Support Troubleshooting
13/13
!Combine it all with eFlow Logger
SysInternals tools with the eFlow Logger are a perfecttandem in order to troubleshoot and get to the root ofproblems.
It is always advised to have the eFlow Logger opened alongwith Process Explorer and Process Monitor with the severitylevel set to Info in order to get precise details of activities.