Advanced Windows Debugging – III

By gunnalagWindows Technologies

Using ADPlus to force memory dump of Windows process

When you have to investigate a process that behaves bizarre abruptly for a limited moments and is not reproducible at will, then you can use the adplus tools from Microsoft debugging tools which helps you create a complete process memory dump to analyze the process behavior.

Using AdPlus:

  • Download and install "Debugging Tools for Windows" from http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx on the repro machine
  • Install it to c:debuggers or an easy to find location
  • Determine the ProcessID for the process you want to debug using tlist.exe (in the debuggers folder) or from Task Manager, Process tab (enable PID column by going to View menu, Select Columns, select PID (Process Identifier))
  • When the process starts exhibiting the weird behavior, from a Command Prompt in c:debuggers, run the following:                                                                                         adplus -hang -p <ProcessID> -r 5 5                                                                                    This will generate 5 dumps – one every 5 seconds
  • The <ProcessID> should be replace with the number you get from the last step
  • You can use the Windows debugger to analyze the memory dump and stacks

By gunnalag

You might also like:

Windows 10 – USB Plug and Play Keyboard and Mouse devices does not work– error reads “USB Device was not migrated due to partial or ambiguous match.”

Windows Fails to connect to Bluetooth Speaker with error – That didn’t work. Try again, and make sure your mouse is still discoverable and Couldn’t Connect

Customize default behavior of New Session launch in WinSCP

Leave a Reply

Your email address will not be published. Required fields are marked *