windbg --sqlserver 实例 转

http://blog.csdn.net/obuntu/article/details/5962378

SQLSERVER DUMP 调试

 

在下面的对话框输入 ~ 会出现线程的信息

 

0:000> ~

.  0  Id: 384.608 Suspend: 1 Teb: 7ffdd000 Unfrozen

   1  Id: 384.698 Suspend: 1 Teb: 7ffda000 Unfrozen

   2  Id: 384.6a8 Suspend: 1 Teb: 7ffd9000 Unfrozen

   3  Id: 384.6a4 Suspend: 1 Teb: 7ffd8000 Unfrozen

   4  Id: 384.6b0 Suspend: 1 Teb: 7ffd7000 Unfrozen

   5  Id: 384.6ac Suspend: 1 Teb: 7ffd6000 Unfrozen

   6  Id: 384.6c8 Suspend: 1 Teb: 7ffd5000 Unfrozen

   7  Id: 384.6dc Suspend: 1 Teb: 7ffd4000 Unfrozen

   8  Id: 384.6e0 Suspend: 1 Teb: 7ffd3000 Unfrozen

   9  Id: 384.108 Suspend: 1 Teb: 7ff9f000 Unfrozen

  10  Id: 384.6e8 Suspend: 1 Teb: 7ff9e000 Unfrozen

  11  Id: 384.6e4 Suspend: 1 Teb: 7ff9d000 Unfrozen

  12  Id: 384.604 Suspend: 1 Teb: 7ff9c000 Unfrozen

  13  Id: 384.714 Suspend: 1 Teb: 7ff9b000 Unfrozen

  14  Id: 384.718 Suspend: 1 Teb: 7ff9a000 Unfrozen

  15  Id: 384.71c Suspend: 1 Teb: 7ff99000 Unfrozen

  16  Id: 384.720 Suspend: 1 Teb: 7ff98000 Unfrozen

  17  Id: 384.728 Suspend: 1 Teb: 7ffdc000 Unfrozen

  18  Id: 384.730 Suspend: 1 Teb: 7ff97000 Unfrozen

  19  Id: 384.74c Suspend: 1 Teb: 7ff96000 Unfrozen

  20  Id: 384.784 Suspend: 1 Teb: 7ff95000 Unfrozen

  21  Id: 384.788 Suspend: 1 Teb: 7ff94000 Unfrozen

  22  Id: 384.1e0 Suspend: 1 Teb: 7ff93000 Unfrozen

  23  Id: 384.284 Suspend: 1 Teb: 7ff92000 Unfrozen

  24  Id: 384.280 Suspend: 1 Teb: 7ff91000 Unfrozen

  25  Id: 384.23c Suspend: 1 Teb: 7ff8f000 Unfrozen

  26  Id: 384.3d0 Suspend: 1 Teb: 7ff8e000 Unfrozen

  27  Id: 384.3d4 Suspend: 1 Teb: 7ff8d000 Unfrozen

  28  Id: 384.3d8 Suspend: 1 Teb: 7ff8c000 Unfrozen

  29  Id: 384.204 Suspend: 1 Teb: 7ff8b000 Unfrozen

  30  Id: 384.43c Suspend: 1 Teb: 7ff8a000 Unfrozen

  31  Id: 384.450 Suspend: 1 Teb: 7ff89000 Unfrozen

  32  Id: 384.454 Suspend: 1 Teb: 7ff88000 Unfrozen

  33  Id: 384.458 Suspend: 1 Teb: 7ff87000 Unfrozen

  34  Id: 384.45c Suspend: 1 Teb: 7ff86000 Unfrozen

  35  Id: 384.464 Suspend: 1 Teb: 7ff84000 Unfrozen

  36  Id: 384.44c Suspend: 1 Teb: 7ff83000 Unfrozen

  37  Id: 384.1e8 Suspend: 1 Teb: 7ffdb000 Unfrozen

  38  Id: 384.1cc Suspend: 1 Teb: 7ff82000 Unfrozen

  39  Id: 384.1684 Suspend: 1 Teb: 7ff80000 Unfrozen

  40  Id: 384.c38 Suspend: 1 Teb: 7ff90000 Unfrozen

  41  Id: 384.1048 Suspend: 1 Teb: 7ff85000 Unfrozen

  42  Id: 384.140c Suspend: 1 Teb: 7ff7f000 Unfrozen

  43  Id: 384.a18 Suspend: 1 Teb: 7ff81000 Unfrozen

 

在我的这个例子中,我的spid在循环运行一个select命令,从sysprocesses中,可以看到spid对应的kpid是488

 

spid kpid

51 0

52 488

 

488转化为16进制刚好为1e8 ,对应的序号是37。

 

那我们如果想看线程37的内容,可以先使用 ~37s命令切换到线程37的上下文中

 

0:000> ~37s

eax=00000000 ebx=3f20f344 ecx=1f8dcf08 edx=00000001 esi=000009b5 edi=00000000

eip=7c92e514 esp=3f20f238 ebp=3f20f29c iopl=0         nv up ei ng nz ac pe cy

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000297

ntdll!KiFastSystemCallRet:

7c92e514 c3              ret

 

看起来是CPU的寄存器信息,可惜这些还看不太懂,不然可以更深入了。

 

接着用k命令,查看具体的函数调用信息

 

0:037> k

ChildEBP RetAddr  

3f20f234 7c92df5a ntdll!KiFastSystemCallRet

3f20f238 7c8025db ntdll!ZwWaitForSingleObject+0xc

3f20f29c 7c802542 kernel32!WaitForSingleObjectEx+0xa8

3f20f2b0 011e7ced kernel32!WaitForSingleObject+0x12

3f20f324 011e7ddb sqlservr!Np::StatusWriteNoComplPort+0x9f

3f20f354 011e7ea2 sqlservr!SNIStatusWriteNoComplPort+0x82

3f20f374 012a8ae0 sqlservr!TDSSNIClient::WriteStatus+0x6a

3f20f4a0 0153d30c sqlservr!write_data+0x1a6

3f20f4d0 0117492e sqlservr!flush_buffer+0xdf

3f20f6a0 015490b6 sqlservr!CKatmaiTds::SendRowImpl+0x2faf

3f20f6ac 01532f0d sqlservr!CValOdsRow::SetDataX+0x29

3f20f6bc 01532d8b sqlservr!SetMultData+0x1e

3f20f734 0154962f sqlservr!CEs::GeneralEval4+0xd0

3f20f740 01547825 sqlservr!CEs::Eval+0x13

3f20f7f8 015499af sqlservr!CXStmtQuery::ErsqExecuteQuery+0x409

3f20f85c 015401c3 sqlservr!CXStmtSelect::XretExecute+0x268

3f20f8f8 01540cc0 sqlservr!CMsqlExecContext::ExecuteStmts<1,1>+0x28d

3f20f9e0 01540686 sqlservr!CMsqlExecContext::FExecute+0x70e

3f20fa84 0153cf8c sqlservr!CSQLSource::Execute+0x598

3f20fc08 01539f79 sqlservr!process_request+0x2f0

 

从下面的内容,可以看出几点(个人观点:) )

 

3f20f354 011e7ea2 sqlservr!SNIStatusWriteNoComplPort+0x82

3f20f374 012a8ae0 sqlservr!TDSSNIClient::WriteStatus+0x6a

3f20f4a0 0153d30c sqlservr!write_data+0x1a6

3f20f4d0 0117492e sqlservr!flush_buffer+0xdf

 

3f20f7f8 015499af sqlservr!CXStmtQuery::ErsqExecuteQuery+0x409

3f20f85c 015401c3 sqlservr!CXStmtSelect::XretExecute+0x268

3f20f8f8 01540cc0 sqlservr!CMsqlExecContext::ExecuteStmts<1,1>+0x28d

3f20f9e0 01540686 sqlservr!CMsqlExecContext::FExecute+0x70e

 

从底往上看,可以看到这是一个select动作,进行select时,先对内存的一些缓存进行清除(flush_buffer),接着便是写入数据(write_data),然后再发送写状态(TDSSNIClient::WriteStatus),由于一直循环所以会有写未完成的提示(SNIStatusWriteNoComplPort)。这也基本符合一个select的动作。

 

如果遇到错误时,在函数调用中一般会抛出raiseerror等内容,类似如下:

 

00000000`220ce2d0 00000000`013a3d41 sqlservr!ex_raise2+0xcdd8bf

 

00000000`220ce630 00000000`02deb8ce sqlservr!ex_raise+0x51 

 

这时,基本可以判断出现问题的原因了。

posted @ 2017-06-06 11:17  zengkefu  阅读(258)  评论(0)    收藏  举报