2014 Software Global Client Conference

Transcription

GEN TSS-03
Advanced
Troubleshooting &
Tools for Products
and Solutions
Presented by:
Pierluigi Iodice
Global Solution Support Engineer
Email:
[email protected]
Agenda
We will discuss:
Microsoft embedded OS tools and Microsoft Sysinternals Suite
in order to achieve the following set point:
•Troubleshoot an Issue,
•Identify the cause,
•Detect all the resolutions
•Evaluate the improvement to get a best performance
Agenda
Key topics covered:
1.Quick Theory with Task Manger
2.Resource Monitor
3.Process Explorer and Handle
4.Findstr: how to filter a command output.
5.PSInfo, PSFile, PSList, PSExec, PSKill, PSLoggedOn, PSLogList,
PSService, PSShutdown
6.PSPing: Analyze the Network load and bandwidth.
7.TCPView: keep the connection over TCP under control.
8.Get system monitored with Process Monitor
9.Memory leaks with RAMMap, VMMap
Task Manager
Most people do not use it pretty well, first question is:
How do you open Task Manager?
Task Manager
How do you open Task Manager?
Task Manager
But..My best way is:
CTRL+Shift+ESC
Task Manager
and.., Do you also know this?
By Holding CTRL
and New Task (Run…),
will open a Command Shell!
Session is ended – Questions?
Most people do not use it pretty well, no further topics:
Quick Theory with Task Manager
●To understand what we have behind…
Task Manager {CTRL+SHIFT+ESC}
Task Manager Quick Overview:
1.Application, not necessarily a Process (i.e folder)
2.Processes (Process ID, Users (system account),and so
on)
1. Can be not running under your own security context
3.Services
1. Status, can Stop, can Start
4.Performance
1. dbl-click on the border of processes to get the graphic
5.Networking
6.Users
Task Manager - Processes
Is needed a deep know of the Processes:
1.By Default
1.Image name
2.User Name
3.CPU
4.Memory
5.Description
Further columns on Processes:
1.Viewselect columns
1.PID (Process Identifier)
2.CPU (percentage of usage)
3.Memory (furthermore will be treated later)
– Peak Working Set
– Working Set Delta
4.Threads
5.User and GDI Objects
usage is a percentage of all CPU cores.
If your code is only running a single thread, it cannot
occupy more than one core.
1.How the CPU goes up to 100%?
Processes: CPU
●When we force it to work on single set of instructions without share itself
among the processes and threads in execution.
2.How this can be possible?
Just only a quick talk about.
Furthermore will be treated later on RAMMAP/VMMAP
chapter
1.What would be useful to know there?
Processes: Memory
●Basically on task manager we will observe a memory leak issue by
getting monitored the following columns:
– Peak Working Set:
» Which is the maximum amount of memory consumed
by a process
– Working Set Delta
» Which is the difference of Memory quantity evaluated
between the refresh
Processes: Threads
A way to execute multiple tasks.
Thread is the basic unit
to which the operating
system allocates
processor time.
Thread can execute
any part of the
process code,
including parts currently
In the executed
next videobywe will
being
see
part thread.
of C# code, and
another
we’ll use CSC.exe to
2014 Software compile
Global Client Conference
Processes: User and GDI Objects
being careful developing application.
1.User are: all those objects which can be indentified with an
handle, handle is a unique identifier. Form, Buttons, Labels, Bars…
2.GDI are: all the Graphic object which can be adoring in your
application, like Bitmap, Brush, Font, Palette, Pen, Extended Pen
Region.
3.What is really important to know about those counters?
– Both User and GDI Object have a limit which cannot be exceeded:
» 10’000 objects per process by default
– Windows has a limit on the number of GDI handles that a session (i.e.,
application) is permitted to hold. This value is determined in the system
registry, and by default, is set to 10,000 handles (at least this is the
case in XP, Vista and 7). This value can be altered by those of you comfortable
editing the registry but the maximum that can be applied is 65,536 (Windows 2000
is 16,384).
Task Manager to…
from Task Manager:
to Resource Monitor
Resource Monitor
New tools get started from Vista, Can be considered an intermediate version
towards Process Explorer:
1.Executeresource monitor (resmon.exe)
1.Overview
2.CPU
3.Memory
4.Disk
The 5.Network
Overview section
provides a self-updating line graph for each of the
four subsections: CPU, Disk, Network, and Memory.
If you see a constant high level of unexpected activity in any these graphs,
you a malfunctioning program or malware may be responsible.
To troubleshoot, explore the other sections in Resource Monitor.
Resource Monitor
1.CPU - How to determinate what the Process is handling:
File,
Directory,
Event,
Registry,
Can be
filtered
by
Resource Monitor
1.CPU - How to determinate if the Process is in hang status (became
red):
See red written
all the
processes which
are in “Not
Responding”
status
So you can terminate the
process, or tree.
But you can also analyze the
Wait Chain upfront (see next slide)
Resource Monitor
1.CPU - Analyze Wait Chain: (which is not yet in process explorer)
Fromprocess
Windows
and upin a hung or
 It is a tool that lets you identify the actual
that is8resulting
frozen application, which allows debuggers
to diagnose
application
This has
been inserted
onhangs and
deadlocks
TASK MANAGER
(go further to WCT: http://msdn.microsoft.com/en-us/library/cc308562.aspx ).
»
ALPC
»
COM
»
Critical sections
»
Mutual exclusions (mutexes)
» Thread A → Mutex 1 → Thread B
»
SendMessage (chains)
»
Wait operations on processes and threads (see next video)
» Thread A → Object 2 → Thread B → Object 1 → Thread A
Resource Monitor
1.Memory: The Memory section shows you the processes that are using
physical memory (RAM).
» Sort by Commit to see which programs are most memory-intensive.
Looks like
a light version
of RAMMap
we’ll see soon
Resource Monitor
If your hard
diskReveals all the activities are occurring on your hard disk drive.
1.Disk:
activity light remains
lighted up constantly,
this section will help
Can see the spikes differences in
you figure out the
a trend among the others activity
cause(s).
Resource Monitor will
also show which
processes are
associated with disk
activity and allow you
to terminate them.
e.g.: A way to get
History Blocks
Monitored
Resource Monitor
1.Network: displays details about network activity.
Pay special
attention
on
Select atoprocess
the first section:
'Processes with
Network Activity’
All the established
connections
and
All the listening
ports
Network bandwidth
usage by single
process
Sort by Total
% of
Workload
Easy way to analyze
the weight of a
process, or a bunch of
them, on the Network
Time to go further…
● Get the free
download from
Microsoft
This MUST BE in your system
Process Explorer
Byhandles
defaultand
thisDLLs
is theprocesses
color
● Process Explorer: shows you information about which
meaning
The top window
have opened or loaded.
always
shows a
●
Can be considered a Task Manager alternative within much more features.
list of the currently
active processes,
including the
names of their
Itowning
can show
2 options:
accounts,
If it is in handle mode
you'll see the handles that
As this is quite close
the process selected on
of Task Manager
top;
explained we will put
If it is in Explorer is in DLL
the focus on news
mode you'll see the DLLs
and memory-mapped files
that the process has
loaded.
2014 Software
Global Client Conference
Process Explorer
● Process Explorer: much more counters can be added
Nice Tool Tip on
mouse over
to show exactly the
start up command
line parameter.
Very useful on
aaEngine to
identify the
Platform ID
Process Explorer
● Process Explorer: .NET Performance Counters: Exceptions
Process Explorer
● Process Explorer: some Tips and Tricks!
…about Handle
Handle is a utility that displays information about open handles for any process
in the system. You can use it to see the programs that have a file open, or to
see the object types and names of all the handles of a program:
usage: handle [[-a] [-u] | [-c <handle> [-l] [-y]] | [-s]] [-p <processname>|<pid>> [name]
1.Handle
2.-a
Dump information about all types of handles, not just those that
refer to files. Other types include ports, Registry keys,
synchronization primitives, threads, and processes..
3.-u Show the owning user name when searching for handles..
4.-p Instead of examining all the handles in the system, this
parameter narrows Handle's scan to those processes that begin
with the name process. T
● E.g.: handle -p aah (all the historian services)
5.-name This parameter is present so that you can direct Handle to
search for references to an object with a particular name.
• For example, if you wanted to know which process (if any) has
"c:\windows\system32" open you could type: handle windows\system
Did you see it before?
Old dear command shell…
● …Just to take a breath of new fresh air…
Findstr – quick introduction
Findstr – Searches for patterns of text in files using regular expressions.
● Syntax
● findstr [/b] [/e] [/l] [/r] [/s] [/i] [/x] [/v] [/n] [/m] [/o] [/p] [/offline] [/g:file] [/f:file] [/c:string] [/d:dirlist]
[/a:ColorAttribute] [strings] [[Drive:][Path] FileName [...]]
 We just use the following option in the next chapters
• /b
: Matches the pattern if at the beginning of a line.
• /e
: Matches the pattern if at the end of a line.
• /l
: Uses search strings literally.
• /r
: Uses search strings as regular expressions.
•
Findstr interprets all metacharacters as regular expressions unless you use /l.
• /c: string
: Uses specified text as a literal search string.
● We mostly use this on command shell to filter the results out in the next topics
Additional Information on: http://technet.microsoft.com/en-us/library/bb490907.aspx
PS-World
New tools introduced with last suite version, also named as PSTools are
Prefixed with
PSSomething,
Which covers several cross-functionalities which very often we need…
PS-World - PSInfo
New tools introduced with last suite are Prefixed with PS,
PSInfo is a command-line tool that gathers key information about the
local or remote Windows system, including the type of installation, kernel build,
registered organization and owner, number of processors and their type, amount of physical memory, the
install date of the system, and if its a trial version, the expiration date:
Usage: psinfo [[\\computer[,computer[,..] | @file [-u user [-p psswd]]] [-h] [-s] [-d] [-c [-t delimiter]] [filter]
1.PSInfo filter “uptime”
2.–h to list the all the hotifixes out
3.–s to list the installed software out
4.–d to list the drive information out
●Combine with |findstr
●
psinfo \\* |findstr /B "IE version: 8.0000„
●
psinfo -s |findstr /c:“Wonderware“
●
psinfo -s |findstr /c:“SQL Server“
PS-World - PSFile
PSFile is a command-line utility that shows a list of files on a system that
are opened remotely, and it also allows you to close opened files
either by name or by a file identifier:
Usage: psfile [\\RemoteComputer [-u Username [-p Password]]] [[Id | path] [-c]]
1.PSFile
• -c option to close
PS-World - PSList
PSList uses the Windows performance counters to obtain the information
it displays. Can be considered a sort of task manager which works
over command shell:
● Usage: pslist exp [-d][-m][-x|-t][-s [n]] [-r n][\\computer][-u user [-p psswd] [name] [-e] [pid]
1.PSList
with
2.-d
3.-m
4.-x
5.-t
6.-s [n]
–
exp would show statistics for all the processes that start
"exp", which would include Explorer.
Show thread detail.
Show memory detail.
Show processes, memory information and threads.
Show process tree.
Run in task-manager mode, for optional seconds specified.
Press Escape to abort.
7.-r n
Task-manager mode refresh rate in seconds (default is 1).
8.\\computer to show the processes information on remote system.
PS-World - PSExec
PSExec is a light-weight telnet-replacement that lets you execute
processes on other systems, complete with full interactivity for
console applications, without having client software installed:
Usage: psexec [\\computer[,computer2[,...] | @file]][-u user [-p psswd][-n s][-r servicename][-h][-l][-s|-e][-x][-i
[session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,...] cmd [arguments]
1.PsExec (some options below) cmd
2.\\computer Specifies the computer on which the process you want to
terminate is executing.
3.-c Copy the specified program to the remote system for execution. If
you omit this option the application must be in the system path on
the remote system.
4.-i Run the program so that it interacts with the desktop of the
specified session on the remote system. If no session is specified
the process runs in the console session.
5.-d Don't wait for process to terminate (non-interactive)
Run the remote process in the System account.
2014 Software Global6.-s
Client Conference
PS-World - PSKill
PSKill is a kill utility that not only does what the Resource Kit's version
does, but can also kill processes on remote systems. You don't even
have to install a client on the target computer to use PsKill to terminate a remote process:
Usage: pskill [- ] [-t] [\\computer [-u username] [-p password]] <process name | process id
1.PsKill
2.-t Kill the process and its descendants.
4.process id Specifies the process ID of the process you want to kill.
5.Name
Specifies the process name of the process or processes
you want to kill.
PS-World - PSLoggedOn
PSloggedOn is an applet that displays both the locally logged on users
and users logged on via resources for either the local computer, or a
remote one. If you specify a user name instead of a computer, PsLoggedOn searches
the computers in the network neighborhood and tells you if the user is currently logged
on:
Usage: psloggedon [-l] [-x] [\\computername | username]
1.PsLoggedOn
2.-l Shows only local
3.-x Don't show logon
4.\\computer Specifies
terminate
logons instead of both local and network.
times.
the computer on which the process you want to
is executing.
PS-World - PSLogList
PSLogList lets you dump the contents of an Event Log on the local or a
remote computer, :
usage: psloglist [- ] [\\computer[,computer[,...] | @file [-u username [-p password]]] [-s [-t delimiter]] [-m #|-n
#|-h #|-d #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/dd/yy][-f filter] [-i ID[,ID[,...] | -e ID[,ID[,...]]] [-o event
source[,event source][,..]]] [-q event source[,event source][,..]]] [-l event log file] <eventlog>
1.PsLogList
3.-d
Only display records from previous n days.
4.-h
Findstr
will filter
onlyfrom
the previous
information
we need,
Only
display
records
n hours.
5.-f
“>” types
will put
thefilter
resultsstring
on TXT
file "-f we" to filter
Filterand
event
with
(e.g.
warnings and errors).
6.-r
SDump log from least recent to most recent.
7.<eventlog>
Can be Application, Security, Setup, System, and so on.
PS-World - PSService
PSService displays the status, configuration, and dependencies of a
service, and allows you to start, stop, pause, resume and restart
them:
Usage: psservice [\\computer [-u username] [-p password]] [query, config, setconfig, start, stop, restart, pause,
cont, depend, security, find] <options>
1.PsService
3.query
Displays the status of a service.
4.start, stop, restart
Starts, stop, restart a service.
5.find
Searches the network for the specified service
PS-World - PSShutDown
PSShutDown is to initiate a shutdown of the local or a remote
computer, logoff a user, lock a system, or to abort an imminent
shutdown:
Usage: psshutdown [[\\computer[,computer[,..] | @file [-u user [-p psswd]]] -s|-r|-h|-d|-k|-a|-l|-o [-f] [-c] [-t
nn|h:m] [-n s] [-v nn] [-e [u|p]:xx:yy] [-m "message"]
1.PsShutDown
3.-e
Shutdown reason code.
4.-s
Shutdown without power off.
5.-f
Forces all running applications to exit during the shutdown
instead of giving them a chance to gracefully save their data.
6.-r
Reboot after shutdown.
7.-l
Lock the computer.
PS-World - PSPing
PSPing implements Ping functionality, TCP ping, latency and
bandwidth measurement:
Usage: psping -? [i|t|l|b]
• PsPing
• -? I Usage for ICMP ping.
• -? T Usage for TCP ping.
• -? L Usage for latency test.
• -? B Usage for bandwidth test.
PS-World – PSPing - ICMP
This command
PSPing implements Ping functionality, TCP ping, latency
and
executes an ICMP
ping test for 10
iterations with 3
warmup iterations
ICMP ping usage: psping [[-6]|[-4]] [-h [buckets | <val1>,<val2>,...]] [-i <interval>] [-l <requestsize>[k|m] [-q]
[-t|-n <count>] [-w <count>] <destination>
• PsPing ICMP
• -h
Print histogram (default bucket count is 20).
• -i
Interval in seconds. Specify 0 for fast ping.
• -n
Number of pings or append 's' to specify seconds e.g. '10s'.
• -w
Warmup with the specified number of iterations (default is 1).
• -l
Request size. Append 'k' for kilobytes and 'm' for megabytes.
• -4
Force using IPv4.
• -6
Force using IPv6.
PS-World – PSPing – TCP
The following
command executes
connect attempts
PsPing TCP
against the target as
-h Print histogram (default bucket count is 20).
quickly as possible,
-i Interval in seconds. Specify 0 for fast ping.
only printing a
summary
-n Number of pings or append 's' to specify seconds e.g.
'10s'. when
finishediswith
-w Warmup with the specified number of iterations (default
1).the 100
iterations and 1
-l Request size. Append 'k' for kilobytes and 'm' for megabytes.
warmup iteration over
-4 Force using IPv4.
TCP HTML port
TCP ping usage: psping [[-6]|[-4]] [-h [buckets | <val1>,<val2>,...]] [-i <interval>] [-l <requestsize>[k|m] [-q]
[-t|-n <count>] [-w <count>] <destination:destport>
•
•
•
•
•
•
•
• -6
Force using IPv6.
• Destination Port e.g. 80 for HTML test
PS-World – PSPing – latency
●
TCP and UCP latency usage:
●
server: psping [[-6]|[-4]] [-f] <-s source:sourceport>
●
client: psping [[-6]|[-4]] [-f] [-u] [-h [buckets | <val1>,<val2>,...]] [-r] <-l requestsize>[k|m]] <-n
count> [- w <count>] <destination:destport>
• PsPing TCP & UDP for latency test
Started
on
GCSEUTAS
the PSPing
in server
example
measures
thebucket
round
trip latency
• -hThis
Print
histogram
(default
count
is 20).of
Server
Side
is
being
waiting
for
TCP
an
8KB packet
toconnection…
the target server, printing a
•sending
-fMode,
Open
source
firewall
managedport during the run.
withis100
buckets when completed
• -u histogram
UDP (default
TCP).
• -l
Request size. Append 'k' for kilobytes and 'm' for megabytes.
• -s
Server listening address and port.
PS-World – PSPing – bandwidth
PSPing implements Ping functionality, TCP ping, latency and bandwidth
measurement:
●
●
●
TCP and UCP bandwidth usage:
server: psping [[-6]|[-4]] [-f] <-s source:sourceport>
client: psping [[-6]|[-4]] [-f] [-u] [-h [buckets | <val1>,<val2>,...]] [-r] <-l requestsize>[k|m]] <-n
count> [- i <outstanding>] [-w <count>] <destination:destport>
• PsPing TCP & UDP for bandwidth test
• -b Bandwidth test.
• -I Number of outstanding I/Os (default is min of 16 and 2x CPU
cores).
command
tests bandwidth to a
• -r Receive from the serverThis
instead
of sending.
• -h Print histogram (default
bucket
countlistening
is 20). at the target IP
PsPing
server
KB/s:
• -f Open source firewall
port76,97*1024*1024
during the run. /(8*10^6)
address
10 seconds
and produces
Mbps: 10,088for
(with
large packet)
• -u UDP (default is TCP).
a histogram
with'm'
10 for
buckets.
• -l Request size. Append 'k' for
kilobytes and
megabytes.
*1024*1024/(8*10^6)
• -s Server listening addressKB/s:107,25
and port.
Mbps:14,057 (with small packet)
TCPView
TCPView is a Windows program that will show you detailed listings of all
TCP and UDP endpoints on your system, including the local and remote
In Yellow all rows with State has changed
addresses and state of TCP connections.
In Green all the new ones
In Red all the closed connections
Is time to go deeper…
●Process Monitor
Process Monitor
Process Monitor is an advanced monitoring tool for Windows that shows realtime file system, registry and process/thread activity and so on:
• It is comprehensive of event properties such session IDs and user names, reliable process
information, full thread stacks with integrated symbol support for each operation, simultaneous
logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in
your system troubleshooting and malware hunting tools.
●
Quick Overview of major Process Monitor Capabilities
• More data captured for operation input and output parameters
• Non-destructive filters allow you to set filters without losing data
• Capture of thread stacks for each operation make it possible in many cases to identify the root
cause of an operation
• Reliable capture of process details, including image path, command line, user and so on.
• Filters can be set for any data field, including fields not configured as columns
• Process tree tool shows relationship of all processes referenced in a trace
• Detail tooltip allows convenient access to formatted data that doesn't fit in the column
• Boot time logging of all operations
Process Monitor
On tools menu you’ll
have all the most
important features,
● Process Monitor: start to monitor five classes of operations:
such as the Summary:
Here
Here
youyou
cancan
Here you can
filterhighlight
strategically
a flow
start to capture
data
the system actionstheoflog
on the 5 CoO
1.
File System 2.
3.
Registry
4.
5.
Network
6.
Processes and
1.
2.
3.
4.
5. Profile Event
Process Activity
File
Registry
Stack
Network
Cross Reference
Threads
…and Best One is
Count Occurrence which
can help up to identify
where the issue is!
Process Monitor
● Process Monitor: quick overview on filtering and so on:
All the filter
you
willTab
On apply
Process
notcan
takesee
theall the
you
rows out,
libraries
involved in
they
will be
this call,
so this
onlyfor
hided
one
sureinis stuff
order
to reuse as
of Historian,
the
same
log
there
is involved
collected part
aaHOledb.dll,
of Historian
deliverables dlls.
Just selecting only the Network activities
You can also select the a single Class
You can select the single
row and ask for additional
detail:
Properties, Stack
Or you can apply quick
filter or highlight
Process Monitor
● Process Monitor: quick overview on Tools menu and so on:
Process Monitor
● Process Monitor: how troubleshoot an Historian issue:
from Process to RAM
Random Access Memory
● RAM: we describe how Windows and Applications use a particular
resource, the limits of that resource, how to measure the resource’s
usage, and how to diagnose leaks.
• First distinction:
• Physical Memory:
is the physical memory: Windows' memory manager is responsible with
populating memory with the code and data of active processes, device
drivers, and the operating system itself.
• Virtual Memory
Virtual memory separates a program’s view of memory from the system’s
physical memory, so an operating system decides when and if to store the
program’s code and data in physical memory and when to store it in a file.
The major advantage of virtual memory is that it allows more processes to
execute concurrently than might otherwise fit in physical memory.
RAM and Disk
● RAM: The WorkingSet
is the set of pages in the virtual memory that
are currently resident in physical memory.
● The working set contains only pageable memory allocations;
●
nonpageable memory allocations such as Address Windowing Extensions (AWE) or large
page allocations are not included in the working set.
● Page State:
• Free: The page is neither committed nor reserved. The page is not accessible to
the process. It is available to be reserved, committed, or simultaneously reserved and
committed. Attempting to read from or write to a free page results in an access
violation exception. {C++ VirtualFree or VirtualFreeEx}
•Reserved: The page has been reserved for future use. The range of
addresses cannot be used by other allocation functions. The page is not
accessible and has no physical storage associated with it. It is available to
be committed. {C++ VirtualAlloc or VirtualAllocEx to reserve}
• Committed: Memory charges have been allocated from the overall size of RAM to
paging files on disk. The page is accessible and access is controlled by one of the
memory protection constants. The system initializes and loads each committed page
into physical memory only during the first attempt to read or write to that page. When
the process terminates, the system releases the storage for committed pages.
{C++VirtualAlloc
or VirtualAllocEx to commit, GlobalAlloc and LocalAlloc to
allocate committed pages with r/w access}
RAM
● RAM Limitation:
The answer is: RAMMap
Did you wonder exactly how
Windows is assigning
physical memory, how much
file data is cached in RAM, or
how much RAM is used by
the kernel and device drivers?
Seeing by RAM standpoint…
RAMMAP
•Active:
Pages
of physical ram
in active use
(WorkingSet)
● RAMMap:
is an
advanced
physical
memory
usage analysis utility. It
•Standby: Pages of physical ram not actively being used. These are still left in physical ram
presents
information
in different
ways on
itsphysical
several
tabs:
but usage
will be repurposed
first by the
memory if something
needs
ramdifferent
for active pages.
•Modified: Similar to Standby, but these are pages of physical RAM that have been changed
• Use Counts:
summary
byreusing
typethem.
and paging list
and mustusage
be flushed
to disk before
•Modified no write: Similar to modified pages but have been marked not to write out to disk.
• Processes:
process
set sizes
•Transition:
Pagesworking
that are in transition
between any of the other categories.
•
•
•
•
•Zeroed: Pages that have been zeroed out and are ready to be used – they can be quickly
Priorityallocated
Summary:
standby
list sizes
for newprioritized
physical memory
allocations.
•Free: Free pages are free to be used but have some type of “dirty” data in them so they
must
be zeroed
for security reasons
given to a user
process. These are usually
Physical
Pages:
per-page
use forbefore
all physical
memory
pages that have been freed by an exiting process. Contrary to the general notation of free
memory
being good,
when you
are looking
at the Free list here, keep in mind that these
Physical
Ranges:
physical
memory
addresses
pages will be put on the Zeroed list so they are one step closer to being used. This zeroing
is periodically
done
at a low
priority by
the
memory manager’s zero thread, or it can be done
File Summary:
file
data
in
RAM
by
file
on demand when larger numbers of pages are needed and the zero list becomes exhausted.
•Bad:
are physical pages that have been marked as bad. (can be HW damaged)
2014 Software Global
ClientThese
Conference
• File Details: individual physical pages by file
RAMMAP
•Process Private: Memory allocated for use only by a single process.
•Mapped File: Also known as section objects, mapped “views” of files are when
the contents of that file are mapped to virtual addresses in memory. This can be a
process mapping views of files into its memory (for reading or writing) or for the system file
cache.
• Shared Memory: Pages that have been marked as shared can be used by
multiple processes. (such as .dll,ocx, and so on)
•Page Table: Page tables contain PTEs (Page Table Entries), which describe
virtual address usage.
•Paged Pool: Kernel pooled memory that can be paged to disk.
•Nonpaged Pool: Kernel pooled memory that cannot be paged to disk.
•System PTEs: Page Table Entries allow the mapping of virtual memory
addresses to physical memory addresses. System PTEs can theoretically describe up
to 2GB on x86 system and 128GB on x64 systems.
•Session Private: Memory that is private to a particular logged in session. This
will be higher on RDS Session Host servers.
•Metafile: Metafile is part of the system cache and consists of NTFS metadata.
•AWE: Address Windowing Extensions allows an application to map different
views of physical memory into its address space. You will typically see this used by
SQL or other database applications.
•Driver Locked: These are pages that have been locked in physical RAM by a
driver.
•Kernel Stack: The amount of space used by kernel thread stacks. The more
threads on the system, the larger this value will be.
RAMMAP
● RAMMap: what is useful to know about it, to have a first Memory
Troubleshoot:
● Processes Tab:
●Is the part where you can combine the RAM usage and the Processes up
See
next
Video!
running, especially from RAM standpoint, what
does
it mean?
●The only way to see “THE
GOST”!
RAMMAP
● RAMMap: what is useful to know about it, to have a Memory
Troubleshoot: If we’ll get in time I’ll show a live example at end of ppt with:
Right now is time to go on next topic…
VMMap
We could see the fragmentation
Select existing
process,
staus
VMMap : is a process virtual and physical memory analysis
or Start utility:
with new one
1.It shows a breakdown of a process's committed virtual memory types as
well as the amount of physical memory (WorkingSet) assigned by the
Selecting here you can see the
operating system to thosesize
types.
and the current position
2.Mostly isgraphical representations of memory usage, but VMMap also
shows summary information and a detailed process memory map.
.NET
Current
3.VMMap supports the export of data in multiple forms, including
a native
Threads
Managed
format that preserves all the information so that you can Here!!!
loadFragmentation,
back
in. It
Heap,
e.g.
LOW
means
also includes command-line options that enable scripting scenarios.
the
large
Garbage
Chunk,
that
is good!
Collector
4.VMMap is the ideal tool for everyone which wants to understand
and
optimize their application's memory resource usage.
VMMap
VMMap : First Tips:
1.Selecting the Free and sorting by Size descendent you will have the
maximum chunck can be allocated without fragmentation:
In case you have only small
size here, your system is
getting to be heavily
slowed down
VMMap
You
can see
the
different amounts here: e.g. Mapped File
Selecting
the
Higher,
VMMap : other Tip:
hasyou’ll
grown
by 3’276
figure
the K and as well the Stack has lost 8K
2. By hitting F5 it will be taking a new Snapshot, then using Timeline
differences out
feature you can compare and understand the difference, e.g. to verify
if a Memory Leak is there and to see which part is being involved.
In Green the new ones In Red the removed
VMMap
VMMap : Next video will demonstrate how to use VMMap to chase a
Memory Leak root cause:
●
©2014 Schneider Electric. All Rights Reserved.
All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies or their respective owners.
71
Mobile App: Please take a moment…
Check into Session by:
● Select Detailed Schedule
● Select the specific session
● Click on “Check in”
Take Session Survey by:
● Select Detailed Schedule
● Select the specific session
● Scroll Down to “Survey” and Provide Feedback

2014 Software Global Client Conference

Transcription

Similar documents

Joel Selanikio, MD

0615 Newsletter Cueter - Cueter Chrysler Jeep Dodge

commercial vehicle equipment

Dejavoo Systems 1129 Northern Blvd Suite 303

Sample PDF

Robison Anton Thread Colo on Anton Thread Colors - Tommys T

Suite 2214/4 Daydream Street, WARRIEWOOD, NSW, 2102

FOR LEASE 4023 State Street

ARTISTIC STITCHES, INC. Robison Anton Thread Colors

CLASS “A” OFFICE FOR LEASE