EDN Admin
Well-known member
In this episode of Defrag Tools , Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg ). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the commands used to show the memory used in a kernel mode debug session. We cover these commands: !vm !vm 1 !memusage 8 !poolused 2 !poolused 4 !poolfind <tag> !pool <addr> !pool <addr> 2 !pte Make sure you watch http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-Building-your-USB-thumbdrive Defrag Tools Episode #1 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbols and source code resolution. Resources:
http://www.microsoft.com/en-us/download/details.aspx?id=8279 Microsoft Windows SDK for Windows 7 and .NET Framework 4
http://technet.microsoft.com/en-us/sysinternals/bb897415 Sysinternals LiveKD
http://technet.microsoft.com/en-us/sysinternals/ff700229 Sysinternals RAMMap Timeline:
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=00m45s [00:45] - Sysinternals LiveKD debug of the machine
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=01m47s [01:47] - Virtual Memory summary (!vm 1)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=05m10s [05:10] - Sysinternals LiveKD live kernel dump (livekd.exe -m -o kernel.dmp)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=09m30s [09:30] - Sysinternals RAMMap
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=11m10s [11:10] - <span><span>Memory List summary (!memusage 8)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=16m15s [16:15] - Pool Usage by Non-Paged Pool (!poolused 2)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=20m16s [20:16] - Pool Tags (c:debuggerstriagepooltag.txt)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=28m06s [28:06] - Pool Usage by Paged Pool (!poolused 4)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=29m27s [29:27] - Pool issues lead to Bugchecks
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=34m00s [34:00] - Find Pool by Address (!pool <addr>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=36m05s [36:05] - Find Pool by Tag (!poolfind <tag>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=40m30s [40:30] - Page Table Entry (PTE) and Page Frame Number (PFN) (!pte <addr>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=42m45s [42:45] - Sometimes it is a physical hardware failure
<img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:9d64ee25af2049528afba118015367e3
View the full article
http://www.microsoft.com/en-us/download/details.aspx?id=8279 Microsoft Windows SDK for Windows 7 and .NET Framework 4
http://technet.microsoft.com/en-us/sysinternals/bb897415 Sysinternals LiveKD
http://technet.microsoft.com/en-us/sysinternals/ff700229 Sysinternals RAMMap Timeline:
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=00m45s [00:45] - Sysinternals LiveKD debug of the machine
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=01m47s [01:47] - Virtual Memory summary (!vm 1)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=05m10s [05:10] - Sysinternals LiveKD live kernel dump (livekd.exe -m -o kernel.dmp)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=09m30s [09:30] - Sysinternals RAMMap
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=11m10s [11:10] - <span><span>Memory List summary (!memusage 8)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=16m15s [16:15] - Pool Usage by Non-Paged Pool (!poolused 2)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=20m16s [20:16] - Pool Tags (c:debuggerstriagepooltag.txt)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=28m06s [28:06] - Pool Usage by Paged Pool (!poolused 4)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=29m27s [29:27] - Pool issues lead to Bugchecks
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=34m00s [34:00] - Find Pool by Address (!pool <addr>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=36m05s [36:05] - Find Pool by Tag (!poolfind <tag>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=40m30s [40:30] - Page Table Entry (PTE) and Page Frame Number (PFN) (!pte <addr>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-22-WinDbg-Memory-Kernel-Mode#time=42m45s [42:45] - Sometimes it is a physical hardware failure
<img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:9d64ee25af2049528afba118015367e3
View the full article