BUILD 2011–SELA Is Coming

July 30, 2011

Two years ago SELA had almost 20 experts attending Microsoft PDC 2009. And what a conference it was! I just know this year’s BUILD/Windows is going to be amazing (like the website says, “Windows 8 changes everything”). With the tidbits of rumors about Windows 8, HTML 5, Visual Studio vNext, Windows Phone, and everything else around the Microsoft stack – we’re going to come back home with enough stuff to learn and work on to fill 2012 to the brim. At the time of writing, this is the SELA Olympic Team to the BUILD...
tags:
no comments

Mapping the Memory Usage of .NET Applications: Part 3, CLR Profiler

July 22, 2011

Suppose you want a more detailed drill-down into your application's GC heap usage. For example, you want to see if there's fragmentation going on, or if there are lots of large objects, or if the XMLDocument objects you allocated a while ago are finally gone. This is something you can do with the CLR Profiler, another free Microsoft tool that supports memory allocation profiling as well as visualizing the managed heap at the individual object level. Unfortunately, running the application under the CLR Profiler is very expensive. What do you need to do to obtain a memory view...
no comments

Manual Stack Walking

July 20, 2011

Corrupted stacks are no fun at all – when you get a crash dump or a live exception in an application, pretty much the first thing you do is take a look at the call stack. When the stack itself is corrupted, your primary investigation tool is taken away. Still, it is sometimes possible to reconstruct the stack even in face of a corruption. I’ve been showing how in the .NET Debugging and C++ Debugging courses, but by popular demand will show one example here as well. You can follow along on your own with the dump...
tags:
no comments

CLR Stack Explorer – Preview

July 19, 2011

Synopsis: CLR Stack Explorer obtains reliable call stacks of managed processes, supports any combination of 32-bit/64-bit and CLR2/CLR4. UPDATE : If you downloaded CLR Stack Explorer from the above link and are using a recent Windows version, you need to Unblock all the .exe files (right-click, Properties, Unblock) for the tool to run correctly. I have just updated the download location with a self-extracting executable which should solve this problem. I’m happy to announce that CLR Stack Explorer, a tool I’ve been working on during the last few days, is now ready for preview. Frankly, I have...
15 comments

Mapping the Memory Usage of .NET Applications: Part 2, VMMap and MemoryDisplay

July 18, 2011

How can you map the memory usage of your .NET application? We'll start with VMMap, a free Sysinternals tool that visualizes your process' virtual address space. Below is VMMap's output for an example process: The type statistics give you a detailed overview of how memory usage is distributed – there are 240MB of DLLs, 50MB of managed heaps (of which only 10MB are committed), etc. In the bottom details view you can see each individual address range on the heap, including its type, size, committed size, and other details (such as DLL names for the...
5 comments

Managed Stack Explorer: A Tool to Complement Process Explorer

July 15, 2011

I hope y’all are using Sysinternals Process Explorer on a daily basis as your Task Manager replacement. It’s a really awesome tool with lots of functionality; among my favorites are: Seeing all the handles and DLLs opened by the process in the bottom pane Monitoring important .NET performance counters through the .NET Performance tab Viewing a list of the process’ threads and their respective call stacks This last feature, however, has a minor drawback: it doesn’t display managed call stacks properly. The reason is...
no comments

Mapping the Memory Usage of .NET Applications: Part 1, Windows Memory Recap

July 14, 2011

To evaluate whether your application can scale with larger data sets and more concurrent users, you have to understand how it uses the memory available to it. Modern .NET applications (and especially mixed managed and native applications) have thousands of memory chunks across their address space—keeping track of these chunks manually in your head is an impossible endeavor. First, a quick reminder about how virtual memory, managed heap allocations, and native heap allocations relate to each other (for more details, consider reading the Memory Manager chapter in Windows Internals): A Windows process has a...
no comments

Dropbox, Instapaper, and the Cloud: Entrusting Your Data

July 12, 2011

I don't typically rant about security or "The Cloud", but as an avid Dropbox and Instapaper user I've had some comments building up inside for the past few weeks. Dropbox is a simple private file sharing service which gives you access to your files from a variety of devices (I use it on my Windows laptop, Windows desktop, MacBook Air, iPhone, and iPad). Instapaper is a tool for saving web pages for later viewing – when I don't have time to read a long blog post or interesting article, I click a bookmark in my browser and the...
one comment

SELA’s New Classroom PCs

July 9, 2011

During the last few months, SELA’s IT group has been evaluating new PC hardware for our classrooms. If you’ve ever visited our headquarters in Ramat-Gan, you know that we have nearly 20 classrooms of various sizes equipped with 10-25 PCs. Replacing them all at once is a rather expensive endeavor. Before this replacement, our classrooms PCs enjoyed a mixed variety of hardware, including: High-end Intel Core i5 workstations with 4GB RAM Somewhat outdated Intel Core 2 Duo workstations Somewhat more outdated Intel Core workstations, and even an occasional...
no comments

Baby Steps in Windows Device Driver Development: Part 5, Monitoring Processes

July 2, 2011

The first remotely useful thing we are going to do with our newly acquired knowledge about device driver development is to register a callback for whenever a process is created, and output the information on the parent and child processes. (Frankly, this can be accomplished quite as easily using the WMI Win32_ProcessStartTrace event class, but bear with me here.) The PsSetCreateProcessNotifyRoutine function is a service provided by the process manager in the executive, which allows us to register a callback for when processes are created. This can be useful in the context of a security product, auditing software,...
no comments