Diagnosing Native Memory Leaks with ETW and WPA

Tuesday, December 2, 2014

As a followup to my previous post on native memory leaks, here's a quick walkthrough for diagnosing memory leaks using Event Tracing for Windows. The process is fairly simple. The Windows heap manager is instrumented with ETW traces for each memory allocation and deallocation. If you capture those over a period of time (when your application is leaking memory), you can get a nice report of which blocks were allocated during the trace period and haven't been freed. If you also ask ETW to capture the call stack for allocation events, you can see where the application is allocating...
one comment

Native Memory Leak Diagnostics with Visual Studio 2015

Monday, December 1, 2014

The Current Landscape of Native Memory Diagnostics Leak diagnostics is a nasty business in native applications. There have been many attempts at solving this problem automatically. To name a few: The CRT Debug Heap (which is no longer used by default in Visual Studio 2015! - See update below.) can help identify memory leaks by associating each allocation with additional data on the allocating source file and line number. At program exit (or whenever a special CRT function is called), all blocks that haven't been freed are printed out. This has been around forever. The problem is that you need to...
8 comments

Why Lug a Laptop When an iPad Is More Than Enough

Tuesday, November 4, 2014

I don't go to conferences as an attendee as much as I used to, and that means I'm losing my organization skills at what to bring when I'm going to attend sessions all day. Theoretically, you need a laptop and a tablet and a phone and a bunch of cables and chargers and external battery packs and connectors and adapters -- how else could you survive a full day packed with sessions and do some urgent work to put out fires if necessary? Turns out, I can pretty much do everything I need on my iPad, if I'm willing...
tags: ,
no comments

TechEd Europe 2014: Mastering IntelliTrace in Development and Production

Monday, October 27, 2014

I'm flying to TechEd Europe tomorrow, and decided to run an experiment and post my slides and demos before the session. Why the weird timing? Well, after giving the schedule a cursory glance, there are so many great sessions! It's really hard to pick a session based on the short conference abstracts, and I wouldn't want anyone to come to my session if they aren't absolutely sure it's a topic they care about. My talk is titled Mastering IntelliTrace in Development and Production. I love IntelliTrace and use it a lot, but it still remains a fairly obscure Visual Studio...
2 comments

DevConnections 2014: IntelliTrace, Diagnostics Hub, and .NET Production Debugging

Saturday, September 20, 2014

I'm flying back home from DevConnections 2014, which was great! Vegas was hot and dry as usual, but I actually managed to carve out some time in my schedule to see KA, which was really nice. (Plus, the conference was at the Aria resort, which is located smack in the middle of the strip, and is overall much nicer than Mandalay Bay where we were last year. I really liked the hotel room automation control. For example, I had an alarm clock set up to open the curtains, turn on the TV to a quiet music channel, and even...
no comments

A Motivating Example of WinDbg Scripting for .NET Developers

Tuesday, August 5, 2014

WinDbg scripting gets a pretty bad name -- its somewhat contrived syntax, weird limitations, and hard to decipher expressions being the common culprits. In some cases, however, WinDbg scripts can be a very effective and reliable tool for extracting information from memory and processing it in a meaningful way. This post offers a simple example that hopefully will be useful as you begin to explore WinDbg scripts. For a more thorough explanation and more complex scripts, make sure to check my past posts on traversing std::vector and std::map. Let's set the stage with a simple console application that creates a number...
3 comments

Tracking Unusable Virtual Memory in VMMap

Tuesday, July 22, 2014

VMMap is a great Sysinternals tool that can visualize the virtual memory of a specific process and help understand what memory is being used for. It has specific reports for thread stacks, images, Win32 heaps, and GC heaps. Occasionally, VMMap will report unusable virtual memory, which is not the same as free memory. Here's an example of a VMMap report for a 32-bit process (which has a total of 2GB virtual memory): Where is this "unusable" memory coming from, and why can't it be used? The Windows virtual memory manager has a 64KB allocation granularity. When you allocate memory directly...
one comment

Announcing Tracer: A Generic Way to Track Resource Usage and Leaks

Tuesday, September 10, 2013

Tracer is a WinDbg extension I wrote last month to diagnose a resource leak that is not covered by well-known facilities like !htrace or UMDH. Tracking any resource leak starts with understanding where you are acquiring the resource and neglecting to release it – and with Tracer, you can do this for any kind of resource. Download Tracer and review its source code. The basic process of hunting for resource leaks is quite simple. For example, consider what UMDH does on your behalf. UMDH enables support in the operating system (specifically, in the Heap Manager...
no comments

Obscure WinDbg Commands, Part 4

Monday, August 26, 2013

In this final installment, we will review some miscellaneous commands that can make your life a bit easier. First, the .wtitle command. This command changes the title of the WinDbg window. It’s simple, sure, but makes it that much easier to work when you have multiple WinDbg windows open. Another command that helps with command discovery is .cmdtree. This command takes a specially-formatted text file and displays a tree-like menu that will execute these commands for you (yes, somewhat akin to the .dml_start command which we have seen previously). For example, given my command...
one comment

Obscure WinDbg Commands, Part 3

Monday, August 19, 2013

In today’s installment, we’ll take a look at two commands that make it easier to trace through program execution. The first command is wt, which traces through all the function calls performed in a certain code path and formats nice statistics illustrating what happened during that function’s execution. wt has a bunch of options that I won’t be showing here, but the general idea is that you let it trace through a lot of unfamiliar code and display statistics on what was going on in that code. For example, here I used a switch to filter out...
one comment