Dump File analysis

Question

Recently I start facing issue on few servers where CPU start consuming more resources than usual trend. I am trying to find out the root cause for this and took the dump of w3wp process from Task Manager(right click on process and took the dump).

Now the dmp file size is 14GB and I am trying to analyze it through WinDBG but the tool is not working and getting message:

I also took few minidumps but some of them opening fine while few are not so it's not related to confusion between 32bit or 64bit.(The collected dump is 64bit). I am trying to know what causing this issue. Is it file size or I am not taking the dump properly.
I checked link but it's not helpful.

*"Is it file size"* - Probably not. All supported versions of Windows allow reading files larger than 4 GB. *"I am not taking the dump properly"* - We don't know, how you are producing the dump file, so we cannot know. — IInspectable, Feb 20 '17 at 13:46
Was this a 32-bit application, if so you need to use the 32-bit task manager to make the dump see: https://blogs.msdn.microsoft.com/amb/2011/05/12/do-not-collect-32bit-process-dumps-with-64bit-task-manager/ — EdChum, Feb 20 '17 at 13:48
It's 64-bit application. And the dump took from task manager. And just for testing I followed the same process on my test environment and took the dump of 800 MB which is opening fine. — Mr. K, Feb 20 '17 at 14:12
have you tried WPR/WPA to analyze the CPU usage? Were you able to detect what causes the cpu usage? — magicandre1981, Feb 27 '17 at 15:27
again, you still waste your time with dumps. if you have issues reading the ETL, zip the ETL + the NGENPDB folder and share the zip (onedrive share link), so that I can take a look at it. — magicandre1981, Feb 28 '17 at 15:09
Thanks @magicandre1981. I've found few helpful things by taking dumps. It was related to memory leak in my application. — Mr. K, Mar 01 '17 at 06:33
@ThomasWeller, It's not the duplicate question. Because taking the dump of same process on same machine in same way but few dumps are opening and few not. — Mr. K, Mar 01 '17 at 06:38
ok. Btw, you can also use WPRUI/WPA to capture and analyze memory usage: https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-154-Memory-Footprint-and-Leaks#time=16m57s — magicandre1981, Mar 01 '17 at 16:03

magicandre1981 · Answer 1 · 2017-02-22T16:37:23.953

11

Windbg is not the right tool for this job. Dumps are only snapshots so you have no idea what happened before. Use ETW and here the CPU Sampling, which sums all calls and shows you in detail the CPU usage.

Install the Windows Performance Toolkit which is part of the Windows 10 SDK (V1607 works on Win8/8.1(Server2012/R2) and Win10 or the V1511 SDK if you use Windows 7/Server2008R2)), run WPRUi.exe and select CPU Usage

and press on Start. Capture 1-2 minutes of the high CPU usage and next click on Save. Open the generated ETL with WPA.exe (Perf analyzer), drag and drop the CPU Usage (Sampled) graph to the analysys pane

and load the Debug Symbols. Now select your process in the graph, zoom in and expand the stack, here you see the weight of the CPU usage of all calls

In this sample most CPU usage from Internet Explorer comes from HTML stuff.

For .NET applications WPA shows you .net related groupings like GC or JIT:

Expand the stack of the w3wp process to see what it is doing. From the names you should have a clue what happens.

edited Feb 22 '17 at 16:37

answered Feb 20 '17 at 16:00

magicandre1981

27,895
5
86
127

Good response. I just wanted to add that sometimes you can get by with running `!runaway` if you have an infinite loop. However, I don't disagree with anything you've stated here. – Steve Johnson Feb 20 '17 at 22:38
Thanks @SteveJohnson but here I'm trying to open a dmp file rather than figuring out another method to take server snapshot. – Mr. K Feb 21 '17 at 04:50
3

again you run into the XY problem (http://meta.stackexchange.com/a/66378). Use my technique to troubleshoot the issue and not the wrong tool windbg – magicandre1981 Feb 21 '17 at 16:03

Dump File analysis

1 Answers1

Linked