In the production environment , We will find some abnormal problems by running the log , here , We can't take it directly VS Remote to server debugging , At the same time, the output information of the log cannot reflect the state of the object in memory , For example, we want to see all the Socket Connection status , Service routing information, etc .

Namely : How to analyze .Net Runtime memory object ?

therefore , Today we recommend .Net Advanced necessary artifact :Windbg, be based on Windbg Analyze the state of objects in memory .

Let's take the actual scene as an example , This is more practical , At the same time, it has more reference significance .

Business scenario :
Distributed environment , In each service container process, the Socket Connection information , Easy access between runtime services . But the network shakes occasionally , In the moment of shaking , quite a lot Socket The connection is broken , The exception message received by the service caller is : Connection interrupted, etc .

How to quickly locate what Socket Connection is broken ? These interrupted Socket Which servers are connected to , port ? This information can help us analyze specific network problems , Do some procedural compensation at the same time : Connection reconstruction . A goal , Keep programs highly available !

that , Please show our leading role today :Windbg, Official introduction of Microsoft : <>

Further discussion , We need to grab the memory image of the specified process at a certain moment , Then use Windbg Analyze various objects in memory , thread , Thread pool , Deconstruction queue , heap ,CPU State of kernel time slice, etc .

therefore , Step 1 , We need to process the memory analysis , Grab one Full Dump file : Memory image file .

Task Manager -> Select process -> Create dump file

The system will Dump The file is stored in the specified directory , This directory needs to be copied , For backup .

Step 2 , Download and install from Windbg:

According to the number of digits in the operating system , choice X86 perhaps X64. Here we use 64 Bit operating system , Selected Windbg(X64)

Step 3 :Ctrl+D, Open what I just grabbed Dump file

Step 4 : For loading debugging SOS.dll: .loadby sos clr
.loadby sos clr

Step 5 : View objects of the specified type in memory  
!dumpheap -Type Socket
there Socket Is a specific type , We want to see Socket Connection status , So the type is Socket

there Header in MT=Method Table

We need to use MT:00007ffafe50d700

Step 6 , View memory all Socket Address of the object :
!dumpheap -mt 00007ffafe50d700

Output results , The first column is one Socket Object's memory address

here , We can use the following command , Randomly view one Socket Object information :
!do 000001b2d188ae00
!do Meaning of :!dumpObj 

  So here comes the question... , Hundreds Socket object , If one by one !do see , It's too much work ! Of course not ,Windbg Yes .foreach command

  search Debugging help.chm file ,.foreach Here's an example :
.foreach /f ( place "g:\myfile.txt") { dds place }
Namely , Loop through a text file , For each row of data , Perform a command action .

good , Let's go back to our previous output : each Socket Object's address list , We copy it , Only the first column is taken out with the text editing tool (Socket Address column ), Deposit on deposit 1.txt

Step 7 : Loop through each memory object
.foreach /f (adr "C:\1.txt") {!do adr}
output :

Put all output , Copy to text editor , Search query specified properties , for example m_IsConnected=0, You can find the disconnected Socket object , And then further use !gcroot
View the reference relationship of this object , Step by step, the information of each reference object can be roughly analyzed .


That's all .Net The whole process of memory object analysis , Share with you .


National Day of Zhou