Episode
Defrag Tools: #26 - WinDbg - Semaphores, Mutexes and Timers
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer.
This installment goes over the commands used to diagnose Semaphores, Mutexes and (Waitable) Timers in a user mode application. For timers, we delve deep in to the kernel to gather more information about them. We use these commands:
- !handle
- !handle
- !object
- !object
- !timer
- !timer
- ub @rip
- dt nt!_KTHREAD
Make sure you watch Defrag Tools Episode #1 and Defrag Tools Episode #23 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbol and source code resolution.
Resources:
Synchronization Functions
Semaphore Objects
Mutex Objects
Waitable Timer Objects
Sysinternals LiveKD
Sysinternals WinObj
Windows 7 and Windows Server 2008 R2 Kernel Changes (Timer Coalescing)
Timeline:
[02:47] - Demo Apps [SkyDrive]
[03:08] - Semaphores
[09:32] - Mutexes
[15:32] - Waitable Timers
[15:58] - Clock Resolution
[17:05] - Timer Coalescing
[19:45] - Timer demo application
[25:05] - LiveKD makes a kernel dump
[26:37] - Object Manager - !object
[29:40] - DPC Timers - !timer
[35:22] - !timer
[35:52] - Waiting Threads - !thread 17
[37:08] - Wait Start TickCount
[38:55] - Kernel Wait Routines
[41:12] - Dump Type of Kernel Thread - dt nt!_KTHREAD
[42:00] - Running, Ready and Waiting states
[44:54] - Wakable Timers
[47:22] - powercfg.exe /waketimers
[49:18] - 'Century' DPC Timer Routine
[50:43] - Post in the forums and email us at defragtools@microsoft.com!
In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer.
This installment goes over the commands used to diagnose Semaphores, Mutexes and (Waitable) Timers in a user mode application. For timers, we delve deep in to the kernel to gather more information about them. We use these commands:
- !handle
- !handle
- !object
- !object
- !timer
- !timer
- ub @rip
- dt nt!_KTHREAD
Make sure you watch Defrag Tools Episode #1 and Defrag Tools Episode #23 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbol and source code resolution.
Resources:
Synchronization Functions
Semaphore Objects
Mutex Objects
Waitable Timer Objects
Sysinternals LiveKD
Sysinternals WinObj
Windows 7 and Windows Server 2008 R2 Kernel Changes (Timer Coalescing)
Timeline:
[02:47] - Demo Apps [SkyDrive]
[03:08] - Semaphores
[09:32] - Mutexes
[15:32] - Waitable Timers
[15:58] - Clock Resolution
[17:05] - Timer Coalescing
[19:45] - Timer demo application
[25:05] - LiveKD makes a kernel dump
[26:37] - Object Manager - !object
[29:40] - DPC Timers - !timer
[35:22] - !timer
[35:52] - Waiting Threads - !thread 17
[37:08] - Wait Start TickCount
[38:55] - Kernel Wait Routines
[41:12] - Dump Type of Kernel Thread - dt nt!_KTHREAD
[42:00] - Running, Ready and Waiting states
[44:54] - Wakable Timers
[47:22] - powercfg.exe /waketimers
[49:18] - 'Century' DPC Timer Routine
[50:43] - Post in the forums and email us at defragtools@microsoft.com!
Have feedback? Submit an issue here.