Process information in dump

Question 1

Process information in dump

windbg crash-dumps sos

Rockstart · Apr 19, 2012 · Viewed 12.1k times · Source

Answer

Answer

!process 0 1 will list all the processes and show memory related info for each. I issued this command using livekd and got all the processes. And here's my chrome process (which I picked out from the output):

PROCESS fffffa8007cb4200
SessionId: 1  Cid: 1158    Peb: 7efdf000  ParentCid: 0ff8
DirBase: 1b7962000  ObjectTable: fffff8a00addb010  HandleCount: 135.
Image: chrome.exe
VadRoot fffffa80090a6f80 Vads 169 Clone 0 Private 4037. Modified 3702. Locked 0.
DeviceMap 0000000000000000
Token                             fffff8a0091f9120
ElapsedTime                       00:05:49.161
UserTime                          00:00:00.000
KernelTime                        00:00:00.000
QuotaPoolUsage[PagedPool]         0
QuotaPoolUsage[NonPagedPool]      0
Working Set Sizes (now,min,max)  (8020, 50, 345) (32080KB, 200KB, 1380KB)
PeakWorkingSetSize                10137
VirtualSize                       144 Mb
PeakVirtualSize                   151 Mb
PageFaultCount                    66631
MemoryPriority                    BACKGROUND
BasePriority                      8
CommitCharge                      5784
Job                               fffffa8009822e30

Note memory related properties such as "Working Set Sizes", "Virtual Size", etc.

ps. Works with livekd and with system memory dumps (which I believe is what livekd does).

Marc

Question 2

I learnt that .tlist command in windbg dumps all the processes running in the system at the time of creating crash dump.

I would like to see the Memory Information of each process. So that it will help me to see if the system is over loaded by any specific process.

Process information in dump

Answer

Related questions