manos Course Transcript Software Debugging in Windows Windows Debugging Tools 4. Course Introduction 2. Instaling Windows Debugging Tools 2. List of Windows Debugging Tools 4. Using the Debugging Tools 5. Using Symbol Files and Servers 6. Debugging for Diflerent Processor Architectures Windows Memory Manager Issues 4. Overviow of Memory Management on Windows Pratform 2. Heap Overview 2. Corrupting the Heap 4, Tools for Monitoring Heap Issues 5, Using he Pageheap Tool Resource Issues 4. What Causes Resources Issues 2. Overview of Windows Handles 3, Tools for Tracking Down Resource Issues 4, How to Use UMDH, DebugDiag, and theap Using the UMDH Tool Web Browser Memory Issues 7. Using JSCRIPT Memory Analyzer Windows 8 Debugging Tools 1, New Windows 8 Debugging Tools 2. Windows 8 Application Lifecycle 3, Using the PLMDebug Too! Improving Code Quality 1, Software Toots o Improve Your Code 2, Using Code Analysis Tools in Visual Studio 3, Customizing the Code Analysis Dictionary Practice: Windows Software Debugging Tools 1. Exercise: Using Tools in Windows to Debug Applications hp brary skilportconvcoursewarelContriccalsd doug 204. enusioupuhimilccurse_transcrpt.im | 1158manos ‘silt Course Transcript, Course Introduction Leaming Objective After completing this topic, you should be able to + start the course 1, Introduction to the course In software development, debugging is a necessary part of the development process. It must be included in the development cycle in order to deliver a working piece of software. I'm Jason Row and in this course, I'l introduce you to the Windows debugging tools, Windows memory management, resource issues, and how to improve the quality of your code. hp brary skilportconvcoursewarelContriccalsd doug 204. enusioupuhimilccurse_transcrpt.im |manos ‘silt Course Transcript, Installing Windows Debugging Tools Leaming Objective After completing this topic, you should be able to + recognize how ta install the Windows Debugging Tools 1. Using Windows Debugging Tools In sofware dovelopment, cebugging is a necessary part ofthe development process. In this video, I expain how to install the Windows Debugging Tools. n the previous courses, you've seen how to use the debugging options avalabe in Visual Stuci. And that's great wien you'e working away and testing on your ocal machine, you get things working just right, and there are no surprises. And then you send it off to your staging environment. Or even worse i's rolled out your production environments, and you start to get repors of fssues occuring, Now the chances of getthg Visual Studio installed on your staging environment are prety slim. And it should be impossibe to install on your production environments. But you sill need to figure out what is going on with your application, an that's where you can use the Windows Debugging Tools. Now there are sot of tities that are small and they're realy quick to instal. And even if your administralors wor‘ let you instal software ona production machine, or even your staging environment, you can sti piace the tools on a thumb drive and sil be abe to use them to debug your application. The tools can also bo used to debug production code. So unike JavaScript code, which you can sill debug in your browser, when you instal your application, i's going to bein a compiled state, and your released version wor't show the source code for you 10 step through. Now these tools won't replace Visual Stucio debugging but they are more powerful than just reading error messages in the Windows Event Viewer Now one other thing to keep in mind, you may need the Debug Privilege security policy If you're debugging your own pplication, you should be fine, but if you're debugging system components, then you may need this policy. And what it does is that it allows users to attach a debugger to a process, and by default, any administrator accounts will have this property enabled. So hopefully, your admins will give you that administrator privilege or they'll have to give you the Debug Privilege security policy. So how do we get these Windows Debugging Tools installed? Well, on a Windows & computer, your first option isto install Visual Studio, and then download and install the Windows Driver Kit, And the Debugging Tools, «il be installed as part of the WDK. The second option is to install the Windows Software Development Kit, so there is a difference, and you'l find them included there as well. And your third option isto install them as a standalone tool set. And ‘what that really means is you install the Windows SDK, you clear all the checkboxes, except for the Debugging Tools for Windows, Now these options for installing the Debugging Tools will work fine for Windows 8 and Windows 7. But there is plenty of ‘ode running on older systems. So what do you do when you need to troubleshoot code that's running on Vista, or a Windows Server 2008 that's nat R2, or Windows XP, or even Windows Server 2003? Then you nead to find the Windows SOK for Windows 7 and .NET Framework 4.0. And just ike your Windows 8 platform, during the install of the SDK, you're going to choose to install the Debugging Tools only. And of course, after you install your tools, you're going to be ‘wondering where they are found. And there are two locations; they are both to be found under the Program Files folder, and then you go look under Windows Kits\8.x, and that depends on the version you have. I currently have 8.0 and 8.1 on ‘my computer. You then look in the Debuggers folder. And then you'll have an x64 or x86 folders, and that's depending on if you plan to run the 64-bit versions or the 32-bit versions. Now one thing | suggest for you to do is to add the appropriate location to your path variable, so that when you're running a command prompt, you'llbe able to call the tools without including the path Heading: Installing Windows Debugging Tools. After the installation, the tools are found at either of the following locations: (©:%Program Files?4\Windows Kits\8.x\Debuggers\x64 (©:1%Program Files?4\Windows Kits\8.x\Debuggersx86 hp brary skilportconvcoursewarelContriccalsd doug 204. enusioupuhimilccurse_transcrpt.im |manos ‘silt Course Transcript, List of Windows Debugging Tools Leaming Objective After completing this topic, you should be able to + recognize the tools available in the Windows Debugging Tools set 1. Exploring Windows Debugging Tools You've gone through the instalation process and installed the Windows Debugging tots on your system. There is quito a few of them, but before you look atthe tools, let’ tak about debuaging environments. Of the six debugging environments, the fst one I'm going to mention is Visual Studio. So once you've installed the Windows Driver Kit8, ths willbe integrated wih your instaled copy of Visual Studio. The WDK allows you to build, deploy, and run criver test, butt also allows you to debug wih Visual Studio as wel, Nex up, we have the Windows Debugger or Windog, With the Windows Debugger, you can do both: user-mode and kemel-node debugging. Now user-mode being the mode where your applications run and kernel-made is where your core operating system components are executed. Ifyou are debugging drivers, many run in kemnet-mode, but there are some that do run in user-mode. With Windows Debugger, you can viow the source code, set breakpoints, view variables, see stack traces, sounds familar to debugging in Visual Studio, and you can analyze memory usage as well. Now i you happen to be doing Kernal-mode debugging, you typically have a host computer and a target computer. The host being where the Windows Debugger wil be running and it will connect a target machine Windows Debugger does have a GU! interface. So if you type windbg at a command prompt, it will open a window. Up next we have the Kernel Debugger and the NT Kernel Debugger. And they are essentially the same thing, It's just that NTKD spawns a new console window while KD on its own runs within the console where you've launched it. These are ‘more applicable if you're trying to troubleshoot operating system related issues, but its lucid as to of the debugging environments. When working with KD, you generally launch KD on a host computer and debug a target computer. So you need to use two computers. The Microsoft Console Debugger is another text-based console program and you can use this to debug your currently running application or even a recently crashed one. You can use itt look at the stack trace, and even work across a network, so you can remote to another machine, And lastly we have NT Symbolic Debugger, This environment is just lke the Console Debugger, the only difference is that it spawns a new console when it launches, so I'm not sure why they didnt just add a flag to both Kemel Debugger and the Console Debugger to have spawn a new console, so we end up with separate debugging environments instead ‘And now we're onto the tools, And the first one I'm going to mention is ADPlus, So ADPlus allows you to create memory dump files as well as log files, which the debug output from your application will be residing in. Next there is DumpChk, which you can use to ensure that a dump file is not corrupted, and they can, in fact, open by a debugger. When you do run DumpChk, you'll soe a summary of what the dump fle contains. The Global Flags Editor or Gflags can be used to turn debugging or logging features that infect the entire system either on of off. And you do need to be a member of the ‘administrators group in order to use most of the Grlag options, and there is a good reason for that since changing the settings can cause your machine to slow down or even stop running all together. So that's not something that everyone should be allowed access to. The Kill tool is used to terminate a process and all of its threads. And you can use the processor identifier number or you can specity all or part of a name of a process that you want to kil ‘The Logger tool can be used to monitor and record all your API calls that your application is making, and you can then show the information in your debugger, or you can save i to a text file, or better yet, you should use a LogViewer tool to see you saved LGV files. So LogViewer is able to fiter out functions quickly, soit makes a better tool than just opening the file ina text editor. Tis, it can be used to show alist of all the running processes on your system and you can use this to find the process ID that you want to use with the kill command that we talked about earlier. Or a better use is to see, which processes are returned when you enter in a partial text stream before you use that same partial text stream with the Kill ‘command. So it wouldn't be good if you kill the wrong process, just because the pattern was a partial match to the process name. And the last two tools, I'l mention are the RTList and Debugger Server. These two work tagetner, so that RTList can be your list of processes running on a remote computer and Debugger Server must be running on your remote computer. And RTList is able to do the same thing as Tlist can do; only generally it works remotely, which Tlst cannot do. Now when your application is created, there is more than just an executable or DLL fles that is created. There are also symbol les, which are not required to run your release version of your application, but they are helpful when you are debugging. And Microsoft allows you to access the symbol fles for their operating system. So if you are debugging kernel-mode issues or interacting with the operating system, you can use the symbol files for debugging from Microsoft hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im|manos ‘silt Course Transcript, So let's list the tools that are available when using symbol files for debugging. First is the Symbol Server, and you won't need ths if you're only using the symbol fils from Microsoft products. Your debugger can use SymSrv to bring down symbol files from a centralized symbol store. For example, if your company has their own, then you can use SymSrv to bring down the symbol store from your company. Now SymSrv can also separate larger symbol stores into smaller ones, so that you don't have to download an entire large file of symbols each time. Next is the Symbol Check tool and this is used to compare an executable to the symbol files to make sure ifthe correct, symbols are available, Just in case there is a difference in the versions, you want to make sure you have the right version of the symbol file that matches with your application that's running. There is a SymStore tool and this is what your Company would use to create their own symbol store that the SymSrv tool would connect to and retrieve your symbol files. ‘And lastly there is SymProxy and there are couple of scenarios where you might need a symbol store proxy, and one Could be if you have a remote site with slow network access to the main symbol store. Yeah, the SymProxy will catch the appropriate symbol fles. Another setup would be if you have multiple symbol stores, then you can configure SymProxy, so that the users just have to remember the location of SymProxy and not all the other multiple sym stores. So how do we launch these tools, wel, they are available from the command line, You just have to make sure you add the installation directory to your path environment variable, and then apen up your command prompt and run the appropriate tool; and ‘most run within the console or as we've seen spawn a new console window, hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im|manos ‘silt Course Transcript, Using the Debugging Tools Leaming Objective After completing this topic, you should be able to + recognize how to start the common debugging tools 1. Using common debugging tools Lots take a look at some ofthe debugging tools for Windows that have been installed on our computer. First wl ook a = List. So from my command prompt, which | have opened on my screen, I can type in =1.5¢. And this brings back the list ofall the processes that are running on my computer. And t shows a process name along wth the process ID. Im interested in He1 Loto id. exe, which has a process ID of 3220 and well use that wth our next too! wel ook at. And then next toolis ADPIus, So when you're having rouble wth hangs of erashes in your application, the ADPIis Visual Basic Script can automate our console debugger to do memory dumps and log fies. So thas two modes and the fits a crash mode, which is usualy run before our process ends up crashing, So we can launch itwith adp lus ~crash ~p: and inthis caso, 's He! lovior 1d. exe, which is 3220 is our process ID. And then I also want to use the ~ switch to indicate where | want our lg fl to be placed, So inthis case, we want fo have itin c: \1 oq, So we ht Enter and that runs our ADPlus VBScript. And you can see i's attaching to process 2270 and it says our logs and dump ies wil be placed in c:\Log\ and there isa unique folder that's been created, which wil save our logs and dumps in. Cn the Windows desktop, the Adminstrator: Command Prompt window is open. The presenter runs the following command at the C:> command prompt: thst Asa result, a list ofall the process running on the computer is displayed as follows: 1584 svchost.exe 1654 WUDFHost.exe 1760 svchost.exe 2320 msdte.exe 1744 Searchindexerexe 1288 csrss.exe 2036 winlogon.exe 588 dwm.exe DW/M Notification Window 2192 taskhostex.exe Task Host Window 228 rdpclip.exe 716 NisSriexe 3444 VMwareTray.exe 3468 vmtoolsd.oxe 3276 taskhost.exe Task Host Window 332 WWAHDost.exe Store 3864 RuntimeBroker.exe 3128 cmd.exe Administrator: Command Prompt - tst 3428 conhostexe —_OleMainhreadWndName 3220 HelloWorld.exe — C:\Users\Admin\Documents\Visual Studio 2013\Projects\HelloWorld\HelloWorld\bin\Release\HelloWorld.exe 3248 conhostiexe OleMainThreadWndName 4052 explorer.exe Program Manager 2720 tlistexe ‘Nox the presenter runs the following command at the C:i> command prompt adplus -crash -p 3220-0 e‘iogs Asa result, the following output is displayed: ADPLus Flash V 7.01.007 08/11/2011 For ADPlus documentation see ADPIus.doc hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im|manos ‘silt Course Transcript, New command line options: pn - process monitor waits for a process to start “po - optional process won't fil if this process isn't running mss Sets Microsoft's symbol server 1 Runs -hang mutiple times ADPlusManager - an addtional too! to facilitate the use of ADPlus in distributed environments lke computer clusters. Learn about ADPlusManager in ADPlus.doc Attaching to 3220 - HelloWorld in Crash mode 09/24/2014 18:30:08 Logs and memory dumps wil be placed in c:Vogs\20140924_183007_Crash_Mode So that's now attached and that's in crash mode, Now what I'm going to do is 'm going to use ki) utility to kil 3220. So that now kils our process, so our logfiles would have been saved in that folder. And I'll aunch this in our second mode, which is hang mode. So you can use this when your processes stops responding to your system, so i's currently hanging. So we open up our command prompt and we type in adi us ~hang this timo instead of ~c.ra.sh, this time Uluse the ~pn switch and type in he 1 Lowor 1d. exe; so instead of the ~p, which is a process ID, ~pn stands for process name. Again, well use a ~ o to put our log files in c: \ log folder. And | forgot to start our HelloWorld.exe app. So I'l quickly run that once again because we had killed it frst, and | can run our acp1us command once more. And again, it says attaching to process 208 this time and i's running it in hang mode. So that's ADPlus. In the Administrator: Command Prompt window, the presenter runs the following command at the C:\> command prompt: Ki 3220 ‘As a result, the following output is displayed: process HelloWorld.exe (3220) - 'C:\Users\Admin\Documents\Visual Studio 2013\Projects\HelloWorld HelloWorldibin\Release\HelloWorld.exe' killed ‘Next he runs the following command at the C:> command prompt: adplus -hang -pn helloworld.exe -0 cogs ‘As. result, the following output is displayed: ‘ADPLus Flash V 7.01.007 8/11/2011 For ADPlus documentation see ADPIus.doe ‘New command line options: pn - process monitor waits for a process to start “po - optional process won't fall if this process isn't running -mss Sets Microsoft's symbol server “r- Runs -hang matiple times ADPlusManager - an additional too! to facilitate the use of ADPlus in distributed environments like computer clusters. Lea about ADPlusManager in ADPlus.doc The output also includes an error message as follows: ERROR - Some selected processes are not running! Missing Processes: HELLOWORLD MERROR - ADPIus failed fo run ‘On the Windows desktop, the presenter opens the Release - Shortcut folder. As a result, the File Explorer is displayed with the Release folder open in it. The folder includes number of files such as HelloWorld.exe, HelloWorld.exe.confi, hp brary skilportconvcoursewarelContriccalsd doug 204. enusioupuUhtmilecurse_transcrpt.im| 188manos ‘silt Course Transcript, HelloWorld.pab, and HelloWorld.vshost.exe. He then double-clcks the HelloWorld.exe file fo open it. AS a result, the (C:\Users\Admin\Documents\Visual Studio 2013\Projects\HelloWorldibin\Rolease\HelloWorld.exe Command Prompt window is displayed, which includes the following text: Hello World! The presenter then closes the Release folder window and also minimizes the C:\Users\Admin\Documents\Visual Studio 2013\Projects\HelloWorld\bin\Release\HelloWorld.exe Command Prompt window. Next the presenter runs the following command atthe C:\> command promt: adplus-hang -pn helloword.exe -0 cogs ‘As a result, the folowing output is cisplayed: ‘ADPLus Flash V 7.01.007 08/11/2011 For ADPlus documentation see ADPlus.doc New command line options: pin - process monitor waits for a process to start “po - optional process won’ fail if this process isn't running -mss Sets Microsoft's symbol server £ Runs -hang muttiple times ADPlusManager - an additional too! to facilitate the use of ADPIus in distributed environments lke computer clusters. Learn about ADPlusManager in ADPlus.doc Attaching to 2508 - HelloWorld in Hang mode 09/24/2014 18:31:45 Logs and memory dumps will be placed in c-ogs\20140924_183145_Hang_Mode Now you can also use ADPlus when you're debugging web applications, So if you launch ADPIus with a ~ iis command, itll automatically select all the process related to Internet Information Server. So there is inetinfo.exe and dlihost.exe, ‘which will be part of that. And next up, we'll ook at logger. Now there are two ways to use logger and the first is from the command line. So we can type in Logger and in this case, | want to type in explorer.exe; now | want to log what's ‘occurring in the explorer.exe application. So that launches logger, which then brings up a Change settings dialog box. From there, you can go to the left-hand side and there isa lst of API Categories, So that's all the API calls that have been called on our system and we can select which ones we want to see. There are also check boxes or radio buttons for Enable and Disable logging. And then as wel we have an Inclusion/Exclusion lst. So it wil ist the modules that the application uses and you can choose to Include or Exclude one or all of those modules. So once we have this all set up, ‘we can click the Go button and logger will now start logging our interactions with explorer.exe. I'l Exit out of that. In the Administrator: Command Prompt window, the presenter runs the following command at the C:'> command prompt: logger explorer.exe As a result, the Logger (debugger) 3.01 window is displayed along with the Change settings dialog box, which is currently active. The Change settings dialog box includes the API Categories list box in the left, which includes categories such as DebuggingAndErrorHandling, DeviceFunctions, Direct3D, and DirectDraw. All the options displayed in the list are selected, The Change Settings dialog box also includes the Logging option with two radio buttons, Enable and Disable. The Enable radio button is already selected, It also includes the Inclusion/Exclusion list option that includes two radio buttons, Include land Exclude, along with a text field that contains the following value: USER92.DLL GDI32DLL ADVPI32.DLL. The Include radio button is already selected. In addition, the dialog box includes two buttons, Flush the buffer and Go. ‘Next the presenter clicks the Go button. As a result, in the Logger (debugger) 3.01 window is now active, which lis the difforent processes. Tho File Explorer window is also displayed that has tho This PC folder open init. Next the presenter ‘opens the Documents folder, which includes the Visual Studio 2013 folder. The presenter then navigates fo the Logger (debugger) 3.01 window, opens the File menu, and clicks Exit. As a result, hp brary skilportconvcoursewaralContriccalsd doug 04. enusioupuhimilccurse_transcrpt.im|manos ‘silt Course Transcript, the Logger (debugger) 3.01 window is closed. ‘And we'll take a look at our second method and that's to use logger in conjunction with a tool lke Windows Debugger. So for the command line, | can type in windbg for Windows Debugger, in this caso. And then in this instanco, I want to do ~ pn explorer. exe. So this will open up Windows Debugger; the command window now appears inside. And the next thing | have to do is I have to inject our logger into our target application. And | can do that in the command window. At the bottom, there is a place for entering commands, so | can type in! Lowexts . Log and there is no space, but I want to put an, so this willbe . ” oi. So this was responsible for injecting logger into our target application. In the command window, it says that ag completed, Logexts injected and italso has the Output "C:\Users\Admin\Desktop\LogExts \". And logger wil alvays store its log fles in a LocExt's folder off of, your desktop. So is important to remember because every time you run it, ether through a command line or through a debugger, it could end up overwriting previous log files. So you want to manage that or be aware of that so you can ‘manage your fles appropriately. In the Administrator: Command Prompt window, the presenter runs the following command at the C:}> command prompt: windbg -pn explorer.exe Asa result, the Process explorer.exe - WinDbg:6 3.9600. 17200 AMDE4 window is displayed with the Command — Process explorer.exe — WinDbg6.3.9600.17200 AMD64 window inside il. This window lists various processes, This Process explorer.exe - WinDbg:6.3.9600. 17200 AMDE4 window includes menu bar, which consists of the following ‘menus: File, Edit, View, Debug, Window, and Help. The presenter then runs the following command in the text field provided at the bottom of the Command - Process explorer.exe - WinDbg:6.3.9600.17200 AMD64 command prompt Hogexts.logi ‘As a result, the partaly visible output is displayed as follows: Parsing file “hook.” Parsing fe “gdi32.h" Parsing fle ‘winspool.h" Parsing file “version.” Parsing file “winsock2.h". Parsing fle “advapi32.h" Parsing fle “uuids.h" Parsing file “com.h” Parsing file “shell h" Parsing file “ole32.h".. Parsing fle “ddraw.h” Parsing fle “winmmn. Parsing fle “avifie.h” Parsing file “dplay.h" Parsing fle “d30.h" Parsing file “d3dtypes.h* Parsing fle “ddcaps.h* Parsing file “d3d8.n". Parsing fle *d3d8types.h’ Parsing fle “d3d8caps.h* Parsing fle “dsound.h” Parsing completed. Logexts injected. Output: °C: \Users\Admin\Desktop\LogExts\" ‘The next thing | want to do is now that we have it injected, | want to type in Logext.s . Loge to enable our logging. And there are a couple of other commands here we can do, There isa ! Logexts . Logo and that shows some of our output modifiers. There is also ! longext-s . loge; and that shows our API categories. So if you remember from where we're doing it for the command line before in the logger tool itset, it showed a lst ofall the APIs that can be selected. This is another way to look at them when you're using the Windows Debugger. Now | have it enabled for logging. | can't use my explorer.exe just quite yet. | have to go up to the Debug menu and click Go. So now explorer.exe should be working. | can navigate around and we see that some logs are being generated in the command window. And once I'm done debugging, | can go up and click the Debug menu, then go down to the Break option. And now what I ‘want to do is | want to disable my logging. So once again, the bottom of my command window in the debugger, | can type hp brary skilportconvcoursewarelContriccalsd doug 204. enusioupuUhimilecurse_transcrpt.imlmanos ‘silt Course Transcript, !ogexts..logd, so Loge for enable, 1ogd for disable. So that will disable our logging {At the Command - Process explorer.exe - WinDbg:6.3,9600.17200 AMD64 command prompt, the presenter runs the following command: Hogexts.loge As a result, the following output is displayed: Logging already initialized. Output *C-\Users\Admin\Desktop\Logéxts\" Logging enabied. Next he runs the following command at the Command - Process explorer.exe - WinDbg'6.3.9600.17200 AMD64 command prompt: Hlogexts. logo ‘As a result, the folowing output is displayed: Logging currently enabled ‘Output crectory: C*Users\Admin\Desktop\LogExts\ The output also includes the Output settings table that contains three rows and three columns. The Debugger is Disabled, the Text ile setting is Disabled, and the Verbose log setting is Enabled. He then runs the following command at the Process explorer.exe - WinDbg'6.3.9600.17200 AMD64 command prompt: Nogexts.loge Asa result, a table is displayed that lists the 27 API settings and their corresponding status such as Device Functions (Enabled), Direct3D (Enabled), and DirectDraw (Enabled), The presenter clicks the Debug menu, which includes the following options: Go, Go Unhandled Exception, Go Handled Exception, Restart, Stop Debugging, Detach Debuggee, Break, Step Intro, Step Over, Step Out, Run to Cursor, Source Mode, Resolve Unqualified Symbols, Event Fiters, Modules, and Kernel Connection. The presenter selects the Go option. As a result, the partaly visible output is displayed as follows: Parsing file “clipboard.h*. Parsing file hook.” Parsing fle “gdi32.h" Parsing fle “winspool.h" Parsing file “version.” Parsing fle “winsock2.h". Parsing file “advapi32.h". Parsing fe “uuids.h" Parsing fle *com.h" Parsing file “shell Parsing file “ole32.h’ Parsing fle “ddraw.h* Parsing fle “winmm.h" Parsing file “avifile.h” Parsing fe “dplay.h" Parsing file “d3d.h" Parsing fle “d3dtypes.h* Parsing file “d3dcaps.h" Parsing file “d3d8.h". Parsing fie “d3dBtypes.h" Parsing fle “d3décaps.h* Parsing fe “dsound.h” Parsing completed. Tho status of the Command prompt is busy and displays the following message hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im|manos ‘silt Course Transcript, Debuggee is running. The presenter navigates to the File Explorer window where the Release folder is open and navigates to the different folders such as Documents, Downloads, and Desktop using the navigation pane. He then navigates to the Command - Process explorer.exe - WinDbg:6.3.9600.17200 AMDE4, which now displays the following message in the output: Application "??\C:\Users\Admin\Downloads\sdksetup.exe" found in cache ‘Modl.oad: 00000000'95150000 00000000'05 164000 burn.exe The presenter then opens the Debug menu and selects the Break option. As a resul, the folowing output is displayed: ((d4.8b0): Break instruction exception - code 80000003 (first charice) htalliDbgBreakPoint (00007118'b6c5c830 ce int 3 The presenter runs the following command at the Command - Process explorer.exe - WinDbg:6.3.9600.17200 AMD64 ‘command prompt Hogexts.logd As a result, the following output is displayed: Logging disabled. ‘And then the next step | want to do is | want to stop our debugger. So | go up to the Debug menu and click Stop Debugging, So we've generated a log file using our Windows Debugger. And now | can use Log Viewer in order to see that logfile. So if go back to my command prompt, type in Toqv i ewer, itlaunches our Log Viewer. | go up and click File - Open from the menu. And in the...off of my desktop, there is a LogExts folder that | can double-click, there is an explorer.exe.igv, So even though we've used logger twice, we only have the one file; this case, its almost 10 MBs; | click Open, and so our viewer will now display a list ofall the API calls that have been made in our application. And as you can see, It shows a module that they come from as well as API function and the return values on the right-hand side. In the Command - Process explorer.exe - WinDbg:6.3.9600.17200 AMDS4 window, the presenter opens the Debug menu land selects the Stop Debugging option. As a result, the Command - Process explorer.exe - WinDbg:6.3.9600. 17200 AMD64 window is closed. He then navigates fo the Administrator: Command Prompt window, and runs the following command at the C:\> command prompt: logviewer Asa result, the Log Viewer 3.01 for x64 window Is displayed. The window includes the menu bar, which includes the following menus: Fle, Search, View and Help. It also includes @ table with the following columns: +/, #, T.., Calle, Module, Time Elapsed, Call Duration, API Function, and Retum Value. The window also includes the following message: Using manifest files from "C:\Program Files (x86)\Windows Kits\8. 1!Debuggersx64\winext\manifestimain.h* ‘Open a log fle generated by logexts. The presenter opens the File menu, which includes the following options: Open, Export to text, Statistics, Properties, and Exit. He then selects the Open option and the Open the fog file generated by logexts window is displayed. The presenter then selects the Desktop folder using the navigation pane. As a result, the following folders are displayed in the preview pane; Homegroup, Admin, This PC, Libraries, Network, LogExts, and Release - Shortcut. Next he opens LogExts folder, selects the explorer.exe.lgv file, and clicks the Open button, As a result, the table displayed in the Log Viewer 3.01 for x64 (C:\Users\Admin\Desktop\LogExtslexplorer.exe.lgv) window is now populated with multiple fog details. It also gives you elapse time and durations of the calls. And you can use the Log Viewer to filer through and get specific calls that you are interested in. So I can do this once more. If| go up to View and in View menu, click Modules display, there isa Ist ofall the modules. | can click the Hide all to unselect them. And if | want just the user, | can find it quickly hp brary skilportconvcoursewarelContriccalsd doug 204. enusioupuUhimlecurse_transcrpt.iml ssmanos ‘silt Course Transcript, USER32.all; select that check box for the modules, click OK. And it filers out all the other API calls and only these, my calls to the USER dl fle. And if want to, | can export allthis to a text file, user32_d11. text. So itwill save all that out and | can use another text editor if want to snoop through that even further. In the Log Viewer 3.01 for x64 (C:\Users\Admin\Desktop\LogExts\explorer.exe.lgv) window, the presenter opens the View ‘menu, which includes the following options: APIs display, Modules display, Expand All, Collapse All, and First level calls only. The presenter selects the Modules display option. As a result, the Hide/Show Modules dialog box is displayed. The dialog box includes the Modules list box that includes module options such as, Actioncenter dl, acteprxy.dl, and ‘advapi32.dll. Each module includes a checkbox and all the checkboxes are selected. The dialog box also includes the foltowing buttons: OK, Show all, and Hide all The presenter clicks the Hide all button and all the checkboxes in the Modules list are now cleared. He then selects the USER32.dll module checkbox from the Modules list box and clicks the OK button. As a resutt the dialog box is closed and the presenter returns to the Log Viewer 3.01 for x64 (C-\Users\Admin\Desktop\LogExts\explorer.exe.\gv) window and the data that has the Module USER82.dl is fitered and displayed. ‘Next the presenter then selects the Export to text option from the File menu. As a result, the Export log to text file dialog box is displayed. The Save in drop-down box displays the folder name "LogExts" by default. The presenter enters the text “user32_dll"in the File name text field and the Save as type is Text files (“.). It also inoludes the Save and Cancel buttons along with the following checkboxes: Export diff information, Include non-visible rows, Create a separate file for each thread, and Export range checkbox includes two text folds where Start row is set to 1 and End row is set to 177778. The presenter then presses the Enter key on the keyboard to save the file. hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im| 1286manos ‘silt Course Transcript, Using Symbol Files and Servers Leaming Objective After completing this topic, you should be able to + recognize what symbol files are and how to retrieve them 1. Setting and retrieving symbol files When you want to use Symbol fos, when you're working wth your debuggers, such as the Windows Debugger, you need to set up the Symbol le path frst And there are two ways you can do that. The fists to actualy (ype in Command Prompt. You can type in set. _NT_SYMS0=._PATII= and then you ype in sv, and then you putin the location where you wan the Symbol les to reside. Soin his case, we're going o ype inc: \mssymbo1a* and what | want to do now is, [want to enter inthe URL where i's going to revive the Symbol fles from, Andi want to use the publely avaiable Symbo fies from Microsof, the URL is nt cp: //mad.micresoft.com/down1oad/symbers. $0 this will set up our Symbol path. I's going to download any ofthe Symbol fs tha are required from the imsdl microsoft.com web ste, and its going to place them in our c\mssymbls folder. The Administrator: Command Prompt window's open on the Windows desktop. The presenter runs the following command at the C:\Windows\systom32> command prompt. sot_NT_SYMBOL_PATH=srv‘c:\mssymbols*http:/msdll microsoft.com/download/symbols So this sets up our Symbol path. So whenever our debuagers do need to use the Symbol files, it knows where to go out, land get them, and where to download them to, Now another thing you can do is within the Windows debugger, | start that Up. If you click the File menu item, and then click Symbol File Path, you can also enter in SRV*c: \mssymbols. So ‘we can do the same thing basically here within the Windows debugger. And there's *http://msdl.microsoft.com/download/ symbols, so we click OK. And so now our Windows debugger Is set up. It would use that one and it would know where to go if we're having issues with any of the Windows OS tools, tities, and applications. Of course, this wil only download the Symbol files, anytime the debugger encounters an issue. So the first time, it can be a lengthy way, because it's going to have to go oul, hit the web server at Microsoft, and download all the Symbol fies that it needs, In the Administrator: Command Prompt window, the presenter runs the following command at the C:\Windows\system32> ‘command prompt: windbg As a result, the WinDbg:6.3.9600.17200 AMD64 window is displayed. The window includes menu bar, which consists of the following options: File, Edit, View, Debug, Window, and Holp. The presontor selects the File menu and i includes options such as Open Source File, Open Executable, Attach to a Process, Open Crash Dump, and Symbol File Path. The presenter selects Symbol File Path, As a result, the Symbol Search Path dialog box is displayed. The Symbol Search Path dialog box includes a Symbol path text fold and the Reload checkbox, which is disabled. In addition, it includes the OK, Cancel, Help, and Browse buttons. The presenter enters SRV*c:\mssymbols*hitp:/imsal,microsof.com/download/symbols in the Symbol path text field. He then clicks OK. ‘And another way you could do it in order to speed that up is you can use as ymchk, and this will go out and actually download all tne Symbol files that you need. So if you wanted to download all the fils forall the components in our Windowsisystem32 folder, we can actually type symchk. exe /, which does a recursive look upon the folder that ‘we're going to indicate, so c: \windows /system32. So this will go out and grab all the utilities. We are indicating that this..we want all the utes in the system32 folder and all its subfolders to have the Symbol fies look for. And then we want to doa /'s, and then srv*c:\mssymbols\*, again, and once more, tp://nsdl.microsoft.com/down oad/ symbols. So this will go out and grab all the Symbol files forall ofthe ullities that are in the system32 folder. But again, this is a long and lengthy process that wil take quite a while to accomplish. But that's another way if you want to bring tall down. So you have the Symbol files available to you in case you need ther, Tho presenter closes the Symbol Search Path dialog box. As a result, the Administrator: Command Prompt window is displayed. In the Administrator: Command Prompt window, the presenter enters the following command at the ‘C:\Windows\system32> command prompt: symchk.exe /rc:\windows\system32 /s srv*c-lmssymbols\*http:/msd microsoft.com/downloadisymbols hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im| a8manos ‘silt Course Transcript, He then removes the command. Now another thing we can do is use a symstore utility. For example, if! have my own Symbol fies, and let's say, | have fone here in the cal c: \palb folder, just a "HelloWorld pdb" sample application. | have the Symbol file, “HelloWorld.pdb" If want to add that to my cache, | can type in syms tore .exe add, sol'm going to add this Symbol file, /F and then | put the source in c : \pai. Then I use a /S param to indicate where | want that stored, so | want c: \mssymbols ‘Well put in the same folder as the other ones. And | could do a /'t to indicate a name for the symbol store. In the Administrator: Command Prompt window, the presenter runs the following command at the C:\Windows\system32> ‘command prompt: cd crpab He then runs the dir command in the c:\pdb command prompt now enabled. As a result, the following output is displayed: Volume in drive © has no label. Volume Serial Number is 7857-E87E Directory of c:\pdb (09/21/2014 08:18 PM (09/21/2014 08:18 PM (09/21/2014 08:09 PM 11,776 HelloWorld. pdb 1 File(s) 11,776 bytes 2 Dir(s) 40,699,572,224 bytes free ‘Next he runs the following at the c:\pdb command prompt: symstore.exe add /F c:\pdb /S c:imssymbols & Skilsoft The output displayed is as follows: Finding 1D... 0000000001 SYMSTORE: Number of files stored = 1 SYMSTORE: Number of errors = 0 'SYMSTORE: Number of files ignored = 0 So that will go out. It went out. In this case, the "Number of fle stored=1", because we only had the one in that folder, no errors, and no files ignored. So | now have my Symbol file for HelloWorld pdb. It’s now included, our debugger will use it, if am debugging my HelloWorld application. And we're all set to go. And so if | bring up Explorer, and we'll look at that symbols folder, there is 1,783 items in there; there is quite a few. So itis, as | said, a lengthy process to go out and get all of these files forall of the applications, utiles in that system32 folder. So just make sure you allocate enough time for that to happen. The Administrator: Command Prompt window is displayed on the Windows desktop. The presenter opens File Explorer from the taskbar. The symbols folder is displayed in File Explorer that includes various files and folders. hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im| saemanos ‘silt Course Transcript, Debugging for Different Processor Architectures Leaming Objective After completing this topic, you should be able to + recognize how debugging differs between various platforms 1. Debugging for different platforms ‘There are both 32-bit and 64-bit tools avaiable for debugging your applications. So how do you know which version to use? Wel when you're using Visual Studio to debug, t doesn matter. The Visual Stucio debugging environment wll automatically pick te right version ofthe tools for you. So what do you doi you are using the Windows Debugging tools and not debugging within Visual Studlo? Wel, you fst need to figure out which OS version you are running on both the host and target computers, The host Being the computer where the debugger environment is running and the target is the computer withthe applicaton that will be debugged. Most times, a single computer willbe the host andthe target at the same time, but remember there are some tools, which have versions, which ean connect remotely to a target computer. Once youve figured out the OS versions, you can then pick the right version of the tools you are using. If your host is running a.82-bt OS, you use the 82-bit version ofthe debugging tools, and that's prety strait forward. I your hosts running a 64-bit OS, then you do have afew diferent scenarios to work through. If youre just analyzing a dump fl, you have the choice to use the 32-itor the 64-bit tools When you want to debug Kernel-mode cade, again you have the choice of 32-bit or 64-bit tols Now ifyou are debugging user-mode code on the same computer, so one computer is both the host and the target, then it depends on f you're debugging a 64-bt or a 32-bit application. You need to use a version that matches up withthe platform of the software, Andi you are doing live debugging of user-mode code on a remote computer wih a 32-bit OS, then you just stick tothe 32-bit tools. So really depends on the target patform and your choice of tools when doing Ive debugging, uniess you're analyzing a memory dump file where ether version of the tool wl get the job done. And as we mentioned, ifyou are on a 6i-bit host, the version of the debugging tools depends onthe application you are debugging You may need a switch between 64-bit or 32-bit tools, and you can set the debugger to Switch between the two versions by using an .fmach command, And effmach stands for effective machine, and you can set this from the command prompt by typing .ofmach and one ofthe machine-fype parameters, ‘There are five parameters that you can use and the first is just a dot. So type in .effmach and a space and a dot, and this will use the native processor mode. Entering a # sign as the parameter will force it to switch the mode of the most recent ‘executing code, So if you don't know for sure, this wil set things to the right version, If your application is a 32-bit app, use ‘the pound symbol and if thats the last running application, then it will make sure to use the right tools, Next you can use an X86 parameter and this will simply indicate that it has to use 32-bit tools, Likewise, there's an Amd64 parameter, and this will force 64-bit version of the debugging tools to be used. And finally, there is an ebc machine-type parameter and that will use the EFI byte code processor mode. hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im| comanos ‘silt Course Transcript, Overview of Memory Management on Windows Platform Leaming Objective After completing this topic, you should be able to + recognize the Windows Memory Management system 1. Describing Windows Memory Management ‘The Windows memory architecture is a key component in software development. In this video, I'l explain the Windows, Memory system. The Windows memory architecture is made up of four layers: at the bottom, you have the Virtual Memory Manager, of which all other layers will go through. Next is the Heap Manager, and it works with the Virtual Memory Manager to more efficiently use memory that's been allocated. Above the Heap Manager is a Heap layer, of which you have a number of diferent types including our Default Process Heap, C Runtime Heap as well as other third- party Heap products. And your fourth layer is your Application layer, and the Application layer makes request for resources, which then fiters down through the other layers unt it reaches the Virtual Memory Manager. The Virtual Memory Manager is the main component that manages virtual memory in all your Windows systems. All the other layers eventually go through this Manager. As request to allocate memory come through, the Virtual Memory Manager makes Use of pagas of memory, and each page is 4 KB in size. So if your application wants to allocate a 10 byte of memory for variable, for example. Then that will take one page and i's going to be 4 KB in size. Above the Virtual Memory Manager is the Heap Manager, and it works together with the Virtual Memory Manager to make more efficient use of the pages of memory. The Heap Manager cals the Virtual Memory Manager and uses those pages that are allocated. But the Heap Manager has its own way of manipulating or managing those pages. And this is dane to help reduce the waste of space in those pages. It your application allocates 10 bytes of memory, the Heap Manager will take the page that's returned by the Virtual Memory Manager and it tracks that only 10 bytes are used in the page, and it marks the rest as being free space, which they again then use for other requests, instead of leaving it emply. Above the Heap Manager, you can have individual Heaps. There is the Default Process Heap, a C Runtime Heap, as well as third-party Heap products. When you launch an application, it could use one of more of these Heaps. But the one thing that's certain is that there will aways be a Default Process Heap for each process that you have running, The C Runtime Heap can also be used at the same time and it provides additional logic for managing memory on top of the efficiencies that the Heap Manager already provides. And you can also use third-party Heap products, and while these do work with the Heap Manager, one of the benefits is that it can also work directly with the Virtual Memory Manager. And our final layer of our Memory architecture is the Application layer. And it generally makes use of the C Runtime Heap, but they can also use third-party Heap products as well. And since every application has a process, there will be a Default Process Heap created that can be used, But your application can actually bypass the Heaps and the Heap Manager in order to work directly via the Virtual Memory Manager. hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im| osmanos ‘silt Course Transcript, Heap Overview Leaming Objective After completing this topic, you should be able to + recognize basic concepts of the Windows Heap 1. Understanding Windows Heap ‘The Hoap Manager resides ata layer above the Windows Virtual Memory Manager. Instead of working purely with the 4k pages that Virtual Memory Manager re-signs, the Heap Manager requests one or more chunks of vtual memory caled a Segment. Each segment is then broken up int individual heap blocks and the data from your application is assigned to those biocks. The Heap Manager is responsible fr tracking which data is assigned to each heap biock for a segment. And thsi how i manages to reduce space being unused when the Vital Memory Manger assigns pages of only dk in size. The Heap Manager maintains how the datas structured inthe heap blocks within each segment. By managing the data its, it does not have to request more allocated space from the Virual Memory Manager untl ts current segments are fl. In which cas, it requests another segment and it begins to fl that with data as well. As mentioned, the heap block's the base allocation unt within the Heap Manager, All heap blocks are found within a segment and each block contain information called allocation metadata. And it contains a size ofthe biock, size ofthe previous block, and the Heap Manager can then use ths information in order to traverse over each biock in a segment and determine which blocks have been Used and how much free space is fn each segment. And depenaing on which debugging tools you're using, you can find the information inide the allocation metadata that wil be useful wren debugging Each heap block is made up of three parts. The first is the preallocation metadata and this part has fewer solicit information such as the current size ofthe block, the previous size of the block, the segment index indicating which ‘segment the block is found in. You also have a flag section and this indicates that the block is free or busy. And the last ‘two sections include an unused section as well as the section that holds a tag index. The second part of the heap block is the actual user accessible data and the size ofthis is found in the preallocation metadata. And this isthe data that the application is actualy stored in memory. The third part of the heap black is the postallocation metadata, And here there are three fields; we have suffix bytes, we have a fl area, as well as a heap area, And the debugging tools will make use of the fil araa by adding a pattern to that area. And if your application makes changes to that fil area when it shouldn't be, this actually sends a notification off to your debugger that something has gone wrong. Now heap coalescing is used to minimize heap fragmentation, and heap fragmentation occurs when there isn't a large ‘enough continuous block of memory available, Now the Heap Manager merges adjacent free blocks into a larger block, and it makes it more likely that request to allocate larger blocks and memory will succeed. For example, if a segment has been broken up into three blocks of size 18, 32, and 16, Well, normally a request to store 64-bytes would not succeed because even though we have 16, 32, and 16 bytes in total, it's already been divided up. So heap coalescing wil join those three blocks together and the allocation of 64-bytes of data will then succeed. hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im| 188manos ‘silt Course Transcript, Corrupting the Heap Leaming Objective After completing this topic, you should be able to + recognize how the heap can be corrupted 1. Understanding heap corruption What is heap corruption? A heap corruption occurs when the contents of memory located in the heap has been modified and no longer contains the data that was expected. Heap blocks consist of metadata with information about te size ofthe tiser data. When that metadata does not match wit the user accessible part of the bloc, this fs when you begin having heap corruptions. Essential, the integrty of your memory has been violated. Some examples of heap corruption incide stray pointers where the pointer points toa location that's not oumed by your process and is vying to overwrite memory in that otner location. Overruns, where your application tres to write past the end of a heap allocation. You also have underrins, where you're wring past the beginning of your heap allocation, And lal, over-deetions, where blocks and memory are freed more than onee. And how do you know when you are having heap problems? Well, the one symptom that most are familar wth is an application crash, We have al sen those happen belore, You can also have your application hang where its freezing and it never recovers, that isi i's caught in an infinite loop. ‘And thirdly, your application may start to behave wrong. Normal functions of your app simply don't do what they're supposed to do, button clicks take you to the wrong part of your application, or data starts showing up incorrectly. Now ‘when trying to debug a corrupted heap or if you're not sure and you only think the heap is corrupted, there are few things ‘you should keep in mind. Even if your code is not at this top of a call stack when there is an application crash, that doesn’t mean i's not your code that's causing a heap corruption. Your code might have caused a corruption of memory used by another library through the use of a stray pointer. Similar to the first tem, if your code doesn't appear in the stack trace at all it stil could be the cause of the corruption. Again, your application may have corrupted memory used by that other app. Hardware can appear to cause heap corruptions, but this doesn't happen very often, and its something to keep in ‘mind, but really, this should be at the bottom of your ist of possible causes. And also, if you're using your own heap, it can stil affect other heaps, Heaps all reside within the same memory address, There is no way to guarantee that one heap remains separate from others. So again, you could have a straight pointer overwriting data in another heap. hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im| comanos ‘silt Course Transcript, Tools for Monitoring Heap Issues Leaming Objective After completing this topic, you should be able to + recognize the tool available for monitoring heap 1. Using tools to monitor heap issues When you betve you are having heap corruptions, i could be hard to figure out exactly when and where the issues are occurring, The corruption can occur atone point in time, buts not noticed until the application tres to access that memory adress, which may nat be right away. It would be better the application is stopped when the corruption occured instead of wating fora crash to happen. One ofthe tools that you can use to monitor heap corruption is called Pageheap. What Pageheap does isl leaves marks on the individual heap blocks, which then viggers a fault when a write to tne heap block occurs. There are two ways that you can use the Pageheap tool. You can run i using a ight page heap, or for more intensive method, you can use a ful-page heap. And e's lok at each one individually. you're not sure wre a heap corruption is occurring nen you're probably best to start wth a ight page heap. Light page heap uses fil pattems and these are placed in the postalocation metadata of your heap blocks. And these fill pattems are then checked ‘whan the block is marked as being free. One ofthe benefits offght page heap over a ful-pageis tha light page heap is not as memory-intensive and you can configure ito be enabled for al processes running on a system. Well, ight page heap doesnt tell you exacly where the problem is since is only Been nated of issues when memory i freed, can be a 00d fst step to fake to figure out where the coruptions are occurring, With the data found with ght page heap, you can then look into a full-page heap to troubleshoot further. Hoading: Tools for Monitoring Heap Issues. Pagehoap is used to annotate heap blocks. A full-page heap can really only be enabled for individual processes and it cannot run system-wide ike a ight page heap. ‘A full-page heap uses fill patterns, but it also uses guard pages. The guard page is a non-accessible page of memory that's placed at the end of each memory allocation, And with this guard page in place, an access violation will occur ‘exactly at the point of failure. And this makes it much easior to debug. Now the use of guard pagas at the end of each allocation means that this is going to be a very memory-intensive procedure. And if your application already has a large memory footprint, you wil quickly find you are going to be running out of resources. And its because of this that you don’t run a full-page heap against the entire system. Your OS would simply be unbootable to the memory demands. hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im| sasmanos ‘silt Course Transcript, Using the Pageheap Tool Leaming Objective After completing this topic, you should be able to + recognize how to use the Pagehoap too! 1. Working with the Pageheap tool ‘The Pageheap tool has been incorporated into the global fags utity. So in order to get help for our page tool, you can enter the following at our command prompt. | have a command prompt here, 30 you type in, q aq —p 2, and that will 4jve me the help for our Pageheap too. So I scroll backup inthe window and you see that atthe top itsays Page neap Scility, v3.04, showing that page heap is buit into global lags and this are all the options that we have avaiable. Now | wanted to enable page heap forthe entire system, | could ype n= 1aqs ~r thpa, s0 that will enable system- wide normal page heap to be enabled. | can disable that by putting in a -hpa and I wont do either one ofthese commands, because i would require me to resar the entre computer inorder for this fo take effect, Now to enable page heap checking for single applications, such as Notepad, for example, you can actually type inthe folowing: vf lags —p enable, £0 thal wil tum ON, Then you had to putin the name ofthe executable or DLL file, So in this case, well {ype in novepad.-exce, so we hit Enter. And its now saying that, The Administrator: Command Promo! window is open inthe Windows 8 desktop. The presenter enters the folowing command at the C:\Windows\systom32 command prompt. gflags -p ? As a result, the following output is displayed: pageheap — Page heap ulilly, v3.04 copyright Microsoft Corporation. All rights reserved. pageheap [OPTION [OPTION ..]] Zenable PROGRAM Enable page heap with default settings. {disable PROGRAM Disable page heap. ‘Aull Page heap for all allocations. ‘size START END Page heap allocations for size range. /address START END Page heap allocations for address range. Zdlls DLL... Page heap allocations for target ails. ‘random PROBABILITY Page heap allocations with PROBABILITY. “debug {cmdline} Launch under the specified debugger. use ‘nstd -g-G-x'itnot specified ‘/kdebug Launch under debugger 'nstd-g -G -d-x:, ‘Joackwards Catch backwards overruns. Aunaiigned No alignment for allocations. ‘“docommit Decommit quard pages . ‘/notraces Do not collect stack traces. ‘Mault RATE TIMEOUT Probabiliy <1..10000> for heap calls failures and time during process initialization when faults are not allowed. leaks Check for heap leaks when process shuts down. ‘protect Protect hoap internal structures. Can be used to detect random corruptions but execution is slower. ‘no_sync Check for unsynchronized access. Do not use this flag for an MPheap process. ‘%Ino_lock checks Disable critical sections verifier, PROGRAM Name of the binary with extension <.exe or something else> DLL Name of the binary with extension . PROBABILITY Decimal integer in range [0..100] representing probabilly. To make the page heap allocation vs. a normal heap allocation. START. END For /size option these are decimal integers. For /address option these are hexadecimal integers. {if no option specified the program wil print ail page heap enabled applications and their specific options. The ‘feaks' option is effective only when normal pager heap is enabled therefore all flags that will force full page heap will be disabled if leaks is specified. hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im|manos ‘silt Course Transcript, Noto. Enabling heap does not affect currently running processes. If you need to use page heap for processes that aro already running and cannot be restarted , a reboot is needed alter the page heap has been ‘enabled for that process. Next he enters the following command at the C:\Windows\system32 command prompt: gflags +r +hpa He then modifies the command in ©:\Windows\system32 the command prompt as follows: flags -r-hpa He then deletes the command. Next he enters the following command at the C:\Windows\system32 command prompt flags -p /onable notepad.exe The presenter hits the Enter key. As a result the folowing output is displayed: path: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options notepad.exe: page heap enabled notepad.exe: page heap enabled. If! want to see which applications have page heap enabled, I can type in gf lags ~p, and it's only listed Notepad, in this case, but if| had a number of diferent applications enabled for page heap, they would all show up here. The other thing that we need to do is to enable full page heap and that could be done with g flags -p /enable notepad. exe, and | want to add these /fu11 parameter on to this. So again, it says, page heap enabec for notepad.exe. But this time if| type in g£Lags -p, i's now saying that, page heap enabled with flags . So that indicates that the full page heap has been enabled for notepad exe. OF course we want to remove any of our page heaps and that’s been enabled for applications; #1aqs ~p /cli sab Le and the name of our application, so not epad . exe; page heap disabled for notepad.exe, is what it relums. And we can confirm it by gags ~p, itsays, No application has page heap enabled. The Administrator: Command Prompt window is displayed. In the Administrator: Command Prompt window, the presenter enters the following command at the C:\Windows\system32 command prompt stags-p ‘As a result tho folowing output is cisplayed: path: SOFTWARE Microsoft|Windows NT\CurrentVersion\Image File Execution Options notepad exe: page heap enabled with flags Next he enters the following command at the C:\Windows\system32 command prompt: flags —p /enable notepad.oxe /ull As a result, the following output is displayed: path; SOFTWARE WMicrosoft\Windows NT\CurrentVersion\lmage File Execution Options notepad.exe: page heap enabled He then enters the following command at the C:\Windows\system32 command prompt: gflags -p As a result, the following output is displayed: path: SOFTWARE WMicrosofiiWindows NT\CurrentVersion\image File Execution Options notepad exe: page heap enabled with flags ‘Next the presenter enters the following command at the C\Windows\system32 command prompt: gflags—p /isablo notepad.exo hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im| 21184manos ‘silt Course Transcript, Asa result, the following output is displayed: path: SOFTWARE WMicrosoft\Windows NT\CurrentVersion\image File Execution Options notepad exe: page heap disabled He then enters the following command at the C:\Windows\system32 command prompt: gflags -p As a result, the following output is displayed: ‘No application has page heap enabled. hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im|manos ‘silt Course Transcript, What Causes Resources Issues Leaming Objective After completing this topic, you should be able to + recognize what causes resource issues 1. Understanding resource issues Resource issues can sometimes be encountered curing the development process. inthis video, Il explain what causes resource sues. Before we go into what causes resource isles let's discuss what resources are? And resources are items that take up memory in your system and that's your basic description. And this indludes handles, heap memory virial memory, even synchronization primitives. So itlets you do tings like open fies, threads, images. I's thse objects \which your programs has access to inside your programs memory space, And nan ideal world every time a resource is created in memory, that memory i freed when the program is dane with the resource. lssues with resources occur when your processes fal to release the resources when they're no longer needed, And there area few stuatons where ths can occur. You may have a porter to resource that's been deleted before your memory has becn fread. So once the pointer is gone, there is no way to access the memory inorder to ee i up. f your application maintains a reference to an objec, its going to continue to persist and then things like garbage collection won't catch that memory and free it up for the system Heading: What Causes Resources Issues When an application is closed, resources are supposed to be freed. ‘And you could have a large object in your application that never leaves the scope of the application. The memory Continues to be used, and it won't be freed. An example could be a large data set, you may load one and think i's gone, but then you load another large set, and now you have both data sets in memory using more resources than it should ‘And some of this could be hard to track down and that may only happen occasionally. Sometimes it may be due to simply not testing enough beforehand or not putting limits within your application. And you may have tested by adding a dozen medium size data sets, for example, but you digit pick up on any resources leaks, That's not really found until our customer starts to regularly use extra-large data sets and they start running into trouble. Now when a resources leak ‘occurs, it can lead to a number of problems. So first having unused resources tied up by your application means that it really is stealing memory from other applications that could be used. Even if your application is the only one installed on a server, memary is being taken from the operating system or even your own application itself. When memory leaks occur, your operating system will start to swap data between the page fle and memory; and i's not a good thing to have data being switched from hard disk to memory constantly. With less memory available and data being exchanged between the page file and memory, this is going to lead to a system performance being degraded and your system will no longer be able to handle as many requests or process data as fast as it used to bo. ‘And the other issue with resource leaks is that it could be costly to troubleshoot, especialy when i's not easy to reproduce. So for debugging these, after the fact, is going to cost your company, time, money, and effort. So how can you recognize that you may have a resource leak with your application? Well, first the number of resources for your application will start to increase and it may not be a sudden jump right away. It could be a slow accumulation over time Lunt it hits a wall and you can use even Windows Task Manager to keep an eye on the handles count as well as the virtual memory that's being used. And you just make sure that they/re not steadily increasing overtime, and you should notice this when there are lus in your application as its processing data. Another method for realizing that you may have a resource leak is when you notice your operating system is running very slowly. For a server running your application, you could set up performance monitors and these could alert you when there are issues, and this is probably going to be your first indicator that there could be a problem. And even if your application starts to encounter the occasional error, this could be a warning about resources leaks. And lastly i you try to launch a new application on the computer, but it won't start, that's a good indication that the application isnt the problem, it may be your system not having enough resources to start the new app. hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im|manos Overview of Windows Handles Leaming Objective After completing this topic, you should be able to + recognize how Windows handles aro used to identify resource issues 1. Understanding Windows handles Inthe Windows operating system, an object is a data structure and it represents the system resources. And this includes things such as files and threads and even graphics. Applications have to request a handle to the object in order to interact ‘or use them. And the handle contains a memory address of the resource. And that’s how your application works with the object. By not allowing applications to directly access the object and as said, they have a layer between it, the operating system can provide security over what processes can access the resources and it does this through the use of access control ists. The operating system tracks all the open handles in a table. And so it remembers the reference counts as well as the object counts, And some objects can support multiple handles, so that's why Windows needs to remember these counts. When applications close the handles to the objects, the counts decrease; and i's when the count gets to zero, that Windows itself will remove the objects from memory. And ths is why is important that your application closes all the objects that it has handles for. If they don't, then the system, it doesn't try to guess that the resources no longer need it. The resource will simply remain in memory and there is usually no way to remove it because the application that ‘was supposed to didn't doit and is no longer available. hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im|manos ‘silt Course Transcript, Tools for Tracking Down Resource Issues Leaming Objective After completing this topic, you should be able to + recognize how to find resource handles for running applications 1. Using resource handles When looking to track down possible resoutco issues, tha quickest and easiest tool to use is Task Manager, mainly because its found on every version ofthe Windows operating systems and is quick to bring up. You hold down the CtrlsShifteEsc keys and it pops open an your screen I you cick the Performance tab in Task Manager, wil show you the total number of hands in use by the entre system. Ifyou know what applications and services are running, you can then begin fo know what numbers should be expected. I you want to see how many handles each process Is using, you need to ewitch othe Processes tab and then add the handles coluri to thelist, then you can see ifthe number of handles used by your application is continuing to inerease, The next tool wel discuss is Process Explorer. And Process Explorer is part of tho Windows Sysinternals group of tools, andi listed under the Process Utity section. It provides more detail than Task Manager does, as you can see the names and the types of handles that are in use by your application. You need to activate the Handle pane in order to view these. When the Handle pane is activated it ists the handles, butt doesn't show a quick count. You'll need to add the handles column to the Proves vw in order to see the total numberof handles. And there isa command ine version availabe, and its simpy called handle.exe. I's also avaiable from the Sysintenal sit, but | think most of you wil prefer the GUI version ‘The last to! well talk about is the | ht. race command. This command is available with the debuggers, and it does show you the same information as is the previous tools. However, the biggest benefit is that i's going to list the call stack for teach handle and this will make it easier to find out where the handles were created. When you run this command, there are a few parameters that you need to know. And the first is the ~cnab Le parameter, and this enables handle tracing on your specified process or handle. And it also takes a snapshot ofthe handle information at that point in time. There is also a -snapshot command, and you use this when you want to have a snapshot of the handle information at a different point in time, than when you first called the ~enaib Le, And since now you have a reference to the handle at a specified poriad in time, you then use a -\Windows Kits\8.1\Debuggers\x64. So our path to our debugging tools is already set up. Next we can look at trying to use UMDH Tool on our WordPad app. Before that we actually have to find the Process ID. Soif go to Task Manager and launch WordPad, now if! go to Task Manager and on the Details tab, scroll down, there is ‘wordpad.exe, and the second column is our PID. So it's 3572, so we'll have to remember that. So now if! type ume and then —p to indicate our Process ID, which is 3572, (On the Windows desktop, the Administrator: Command Prompt window is open. The presenter enters the following at the C:\Windows\system32 command prompt: PATH Asa result, the following text is displayed in the window. PATH=C:\Windows\Systom32;C:\Windows;C:\Windows\Systom32\Wbem;C:\Windows|System32\WindowsPowerShell1.0\;C:\Program Files (x86)\Windows Kits\8. Windows Performance Toolkit:C:\Program Files\Microsoft SQL. ‘Serverit10\Tools\Binn\;C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64 The presenter navigates to the Windows taskbar and clicks the Task Manager icon. As a resul, the Task Manager window is displayed. The Task Manager window includes the following menus: File, Options, and View. Below the menu bar the following tabs are displayed: Processes, Performance, App history, Startup, Users, Details, and Services. The Task Manager window includes the End task button. The Processes tabbed page is displayed, which includes a table with 15 rows and the following six columns: Name, Status, CPU, Memory, Disk, Network. Rows in the fable are divided in the following two sections: Apps and Background processes. The presenter opens the WordPad document from the Windows taskbar and the Document - WordPad window is displayed. Then he navigates to the Task Manager window and clicks the Details tab. As a result, the Details tabbed page Is displayed which includes the table with the following seven columns: Name, PID, Status, User name, CPU, Memory (P, and Description. The presenter scrolls down the table and selects the row displaying Name value as wordpad.exe. For the Namo wordpad.exe, the PID value is 3572, the Status is Running, the User name is Admin, the CPU value 00, the Memory (p value is 13,920 K, and the Description is Windows Wordpad. The presenter navigates to the Administrator: Command Prompt window and types the following at the C:\Windows\system32 command prompt hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im| 2184manos ‘silt Course Transcript, umdh -p:3572 and if just type Enter. Now i's going to output al the information that UMDH can pull up about the memory usage of ‘WordPad and i's quite long. And as you can see, it's scrolling by. This wil defintely go past and start the buffer for our command prompt. So how can we actually see all the information? Well, there is a way of storing this to a text file, and ‘we'll lt that go for now. As you can see from Task Manger, is the WordPad, just on its own, just turning up, It's already Using, you know, 13 mags of memory. So there is quite a bit in use just by WordPad, launching at the start. So this may take a litle while for UMDH Tool to run, Oh now i's done, so i's end of data for the heap, So naw the one thing | want to do before we save all that output toa file is that there is a g Zags command that we need to run in order to display the stack trace data. So we should really lype in gf lags ~i wordpad..exe and then mst; it will actually store the stack trace data when we are using UMDH. (On the Windows desktop, the Administrator: Command Prompt window is open. The presenter has already typed the following at the C:\Windows\system32 command prompt: umadh -p:3572 Next he hits the Enter key. As a result, the command prompt window displays the fast auto scrolied output information that UMDH pulls up about the memory usage of WordPad. At the end of the output, the following line is displayed on the ‘command prompt window: End of data for heap @ CF23FB0000 Next the presenter enters the following at the C:\Windows\system32 command prompt gflags—i wordpad.exe *ust ‘As a result, the following output is displayed on the command prompt window: Current Registry Settings for wordpad.oxe executable are: 00001000 st ~ Create user mode stack trace database In the Details tabbed page of the Task Manager window, for the wordpad.exe, the value of the Memory is 13888 K. So now Ican type undh —p: and then the number of our Process ID is 3572. I can use a~f: parameter and store that information into a log fle, So Log. txt. Wel hit Enter, so all that information has gone to our tex! file, And now the one thing with UMDH is you can compare multiple snapshots of our heap information. So now we have one log, we should do another one after we have added some information to WordPad, Sol am going to quickly just put in some Lorem Ipsum text, just so to use up some more memory space. So there WordPad now has some information init. Now ‘we can run umdih. And this time, there's same Log . txt, welll save itto Lowz there. So that's done. Sending every output to the command prompt does add time to this, sending it to the text file, it's been pretty quick. Now we can compare thase two lag fles with UMDH tool. If we type in uindh and then log .txt, log2. txt >, and Im going to send that to third file called Logcompaze . txt. So UMDH will now compare the two log files, the memory details found in each, and store the differences in Logcompaze . txt. And once that's done, we'll open that in Notepad and take a uick look at it, (On the Windows desktop, the Administrator: Command Prompt window is open. The presenter enters the following at the ‘C:’\Windows\system32 command prompt umdh -p:3572 -flogt.txt ‘Next he navigates to the Document — WordPad window and adds some random text to the WordPad document fle and ‘minimizes the window. In the Details tabbed page of the Task Manager window, for the wordpad.exe, the value of the Memory is changed to the 14200 K from the 13888 K. Then he navigates to the Administrator: Command Prompt window land runs the following command at the C:\Windowsisystem32 command prompt: mal -p:3572 -tlog2 tet \Noxt he runs the folowing command at tho C:\Windows\systom32 command promt umdh log'.ttfog2.txt > logoompare.txt alright. Now our log compare has been created, just go and put that info notepad. And you can see that choosing the debug symbols for WordPad and other elements of the Windows operating system. So i's downloaded those PDB files, which are the symbol files. And then it goes into comparing all the heap memory allocations that have been used by hp brary skilportconvcoursewaralContriccalsd doug 04. enusioupuhimilecurse_transcrpt.im|manos ‘silt Course Transcript, WordPad, and there is quite a bit. And we scroll down at the bottom, and it will give you a lst of the increase in memory that’s been used. Here are the call stacks that have been used. So here we have WordPad, that's caling a delete; also other calls, the UIRisbon, so it's making use of the Windows element in the operating system. But now you can start ‘comparing what's happened in your application, and looking at the memory in order to find problems with any resources being leaked in your applications if you start looking more closely into these stack traces and all the heap information that ‘you can find. (On the Windows desktop, the Administrator: Command Prompt window is open. The prosenter runs the following at the ‘C:\Windows\system32 command prompt: Notepad logeompare.txt Asa result, the logcompare — Notepad editor window is displayed. ‘Next in the logcompare - Notepad editor window, from the debug library that displays ist of symbol files, the presenter highlights two PDB files. He then scrolls down in the Notepad editor window and highlights the following: wordpadloperator delete[}+2F0 UIRibbon!SCM:WndProc+37 hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im|manos ‘silt Course Transcript, Web Browser Memory Issues Leaming Objective After completing this topic, you should be able to + recognize web browser memory issues 1. Recognizing web browser memory issues Both Windows 8 Store and phone applications can be coded using JavaScript and KMTLS. The use of JavaScript 9s a language means tha tings are bita diferent when determining memory issues as compared wth C++, Ci, or Visual Basic NET. Some ofthe possible causes of memory issues include circular references, where is possible that a JavaScript object, references, an obect inthe Document Object Mode, and then that DOM object ends up referencing the JavaScript objec. So you havea vicious circle and that could end up causing problems, Another memory issue can be caused by closures, Now isa common coding convention in JavaScript, butt can potentially end up wth memory issues, Closures of functions are refered ton independent variables, and wit closures you can end up with variables that remain in memory even after function has returned is result. An a third memory issue can occur your coda is simply sing too mich memory, You might have code that returns more data than yoU need or even realized, and it ‘managed to stick around in your code, ether remaining cached, ort could generate more data without freeing up the previous data if that should be replacing To help figure out these types of memory issues, when building Windows Store applications, you can make use of the JavaScript memory analyzer, And this tool was first available with Visual Studio 2012 in the Update 1, and i's available in Visual Studio 2013 as well. And not only can it be used for Windows Store-based applications on Windows 8, it can also be used for the Windows Phone Store apps, at least when both project types are using JavaScript and HTMLS. The JavaScript memory analyzer provides four views, which you can use when you're debugging your application. First, there is a lve memory usage summary view, and this shows alive view of the process memory for the application, including the JavaScript heap. And in this view, you can take snapshots, and you can even mark or receive, when marked sections of your code have been executed. When you stop collecting data, you're then presented with the snapshot summary view. ‘The view includes the summary that has the heap size, our differential heap size, where there is the difference between the current snapshot and the previous one. And it also has a count of all the objects created in the application, The snapshot details view is where you can drill down and see what objects are being used, the size and type of each of those objects 2s well. And the fourth one is the snapshot diff view. And with this view, you can start to see which objects were added or removed from your heap as compared to a baseline snapshot, And using that view you can then try to isolate ‘where the memory issues are occurring. You run your application and you perform the actions in the interface that you think could be causing any of your problems. You then take a heap snapshot and then you should repeat the steps in the UL again, and take another snapshot afterwards. And from there, you can start to compare the differences between the snapshots using the snapshot diff viewer. hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im|manos ‘silt Course Transcript, Using JSCRIPT Memory Analyzer Leaming Objective After completing this topic, you should be able to + recognize how to use the JSCRIPT Memory Analyzer tool 1. Exploring JSCRIPT Memory Analyzer Lots take a look at how we can use the JavaSerit Memory Analyzer too in Visual Stuco to identify potential memory losses in your application. So Ihave a basic application here. I run tlk, withthe cu button, run then my Local Machine; and so we have a New Random Number button, if! cick t,t generates new random numbers and it adds it to the side ofthis page. Now ideal, this wouldn't be what we want to occur, we want to replace the current random number wit the brand new one. I've just lft t up here, so we can actualy see what's going on. So every time, you cick the bution, the new one is added tothe app. | Stop my debugging now. And this ime, I want to run our JavaScript Memory Analyzer tool So | can go, click the DEBUG ment, selec the Performance and Diagnostics ile i opens up a new ‘window and now we can choose the JavaScript Memory tool So that wo cick that check box, make sure i's checked, click the Start button, So wel run the application once again; now i's going to do a profilo the memory. Tho JScrptMomoryLoak project is open inthe Microsoft Visual Studio IDE. The manu bar at tho tap of tho IDE contains the folowing menus and icons: FILE, EDIT, VIEW, PROJECT, BUILD, DEBUG, TEAM, TOOLS, TEST, ARCHITECT, ANALYZE, WINDOW, and HELP. Tho code edlor window inthe Microsoft Visual Studo IDE contains the following tabs: ‘Snapshot #3 - Snaps...28(3).alagsession), 20140928(3).dlagsossion, default htm, defaults, and defaulcss. Tho defaults tabbed page is open and displays the folowing code: function (f “use strict" var app = WindS Application; var activation = Windows ApplicationModel Activation; var wrapper; var elem: app.onactvated = function (args) { if (args.detail. kin activation ActivationKind.faunch) { if args.detaipreviousExecutionState '== activation. AppicationExecutionState.erminated) yelse ( } args.setPromise(WinJS.ULprocessAll)); At the bottom ofthe IDE, the Output window is displayed. It includes the 'Show output from’ drop-down list and this drop- down list displays the option, Debug. This window also displays the following message: 'WWAbost.exe" (Script): Loaded ‘Script Code (MSAppHost2.0)" The program '[2172] WWAHost.oxe' has existed with code -1 (Oxf. The presenter now runs this code and the JIScriptMemoryLeak resultant page is displayed. This page displays the button 'New Random Number. This page also displays the number '13' at the top-left comer. The presenter clicks the New Random Number button and a random number, for instance, number '2'is displayed below number '13". As the presenter clicks the New Random Number button, tho following numbers are displayed one after another: 94, 17, 61, 79, 97, 100, 94, 63, and 20. He then closes the resultant page and retums to the Microsoft Visual Studio IDE, Next he clicks the Stop icon on the toolbar. The presenter then clicks the DEBUG menu and the following options are displayed in the drop-down: Windows, Graphics, Start Debugging, Start Without Debugging, Attach to Process, Other Debug Targets, Exceptions, Performance and Diagnostics, Refresh Windows app, Step Info, Step Over, Start Windows Phone Application Analysis, Toggle Breakpoint, New Breakpoint, Delete All Breakpoints, InteliTrace, Clear All DataTips, Export DataTips, Import DataTips, Options and Settings, and JScriotMMemoryl.eak Properties. The presenter selects the Performance and Diagnostics options and the Report20140928-1127.diagsession tabbed page is displayed in the codo editor window. This tabbed page includes two panes: the left pane and the right pane. The left pane displays the tite of this interface, Performance and Diagnostics, and lists the recently viewed sessions under the Recently Opened Sessions section. The right pane includes the following: Analysis Target and Available Tools sections and a Start button, The Analysis Target hp brary skilportconvcoursewaralContriccalsd doug 204. enusioupuUhimlccurse_transcrpt.im| Stemanos ‘silt Course Transcript, section contains a drop-down list named Change Target and links to Startup Project and JScriptMemoryLeak. The Available Tools section includes the Show all tools link and the following checkboxes: CPU Usage, Energy Consumption, HTML UI Responsiveness, JavaScript Function Timing, and JavaScript Memory. The JavaScript Memory checkbox is selected by defaut. The presenter now clicks the Start button and the JScriptMemoryLeak resultant page is displayed. This page displays the New Random Number button. This page also displays the number '68' atthe top-left corner. So if| click our New Random Number button once again, more random numbers pop up; | Alt+Tab back to Visual Studio. We'll see that our report window is up and running, checking the total memory for our application, we know how long this session's been lasting. And | can Take heap snapshot by clicking the area below the monitor. So that gets my baseline to the first heap snapshot. | can Alt*Tab back to my application, cick New Random Number button once again, Alt+Tab back to take another heap snapshot. And let's just do that a third time, so New Random Number, Alt+Tab back to Visual Studio, take a third heap snapshot. | want to stop my diagnostics now, click the Stop button, The JScriptMemoryLeak resultant page is displayed. The presenter clicks the New Random Number button for multiple times. As the presenter clicks the button, the following numbers are displayed one after another: 98, 92, 72, 69, 48, 37, 14, and 65. Then he navigates to the Report20140928-1127-diagsession tabbed page. This tabbed page displays the Stop | Take Heap Snapshot options at the top-teft corner. This page also includes the following sections: Diagnostic session, Total ‘memory (MB), and Take heap snapshot with a camera icon. The Diagnostic session section includes a timer and a User ‘mark drop-down at the top-right corner and a scale displaying the following seconds at a defined interval: 258, 50s, 1:15min, 1:40min, 2:05min, and 2:30min. The Total memory (MB) section is expandable and displays the legend key for Process memory usage (private bytes) at the top-right comer. This section also displays a graph with 0.0 as the minimum Value and 16.8 as the maximum value. This graph displays a growing line which indicates the usage of the memory. The presenter now clicks the Take heap snapshot section with the camera icon and a snapshot of the resultant page is displayed to the left of the Take heap snapshot section with Snapshot #1 (11:28:38 AM) as the tite. This section also includes 694.91 KB and 259 objects as Baseline values. Then the presenter navigates to the resullant page and clicks the New Random Number button. As a result, the number, 84, is displayed below the existing ist of random numbers. Next he navigates to the Report20140928-1127.diagsession tabbed page and clicks the Take heap snapshot section with the camera icon. As a result, a snapshot of the resultant page is displayed to the right of the first snapshot with Snapshot #2 (11:28:52 AM) as the ttl, This section also displays the following baseline values: 698.97 KB, +4.06 KB with an upward arrow placed to the right of this value 262 objects, +2/-0 with an upward arrow placed to the right of this value He then navigates to the resultant page and clicks the New Random Number button. As a result, the number, 70, is displayed below the existing list of random numbers. Again, he navigates to the Report20140928-1127.diagsession tabbed page and clicks the Take heap snapshot section with the camera icon. As a result, a snapshot of the resultant page Is displayed to the right of the second snapshot with ‘Snapshot #3 (11:29:01 AM) as the tite. This section also displays the following baseline values: 699.62 KB, +664 B with an upward arrow placed to the right of this value 262 objects, +1/-0 with an upward arrow placed to the right of this value ‘And so we now have three snapshots for my application, our baseline and two additional ones. And you can see that it indicates a memory consumption’s being going up. And this +1 /-0 in our third snapshot that indicates that we had objects ‘added, so we had one object added in this case and it didn't lose a reference to any other one. So this could be an Indication of a possible memory leak; we're adding elements and not removing other ones. If| click that link, the snapshot ‘opens up inits own widow; | can change the scope by clicking the Scope drop-down menu. So you can have Objects left over from Snapshot #2 (2), or Objects added between Snapshot #2 and #3 (1), so let's ust choose Objects left over from Snapshot #2 (2). Here we have a navigator prototype, and the one we'te interested in is this HTMLDivElement. So we have a div with an id of "random-number"; it's stil maining in aur system, So we can go and look at our call instance we're familiar with that we can start looking or identifying where to look in our call for that. | go to our defaults fle; | know that in our initialize () function, we remove an element. So we have an elem variable removeNNods. That element variable is actually initialized back in the onact i va‘ed function, so that's where it gets the eLem ID. The Report20140928-1127 diagsession tabbed page is displayed. On this tabbed page, the presenter olicks the Stop Collection option. As a result, the Diagnostic session, Total memory (MB), and Take heap snapshot sections are removed and only the Snapshots are displayed. The presenter now clicks the +1 /-0 link in the Snapshot #3 and the Snapshot #3 ~ hp brary skilportconvcoursewaralContriccalsd doug 204. enusloupuhimccurse_transcrpt.iml