All geek questions in one place

Is WinDbg supposed to be so painfully slow?

I am trying to analyze some mini emergency dumps. I am using Windows 10 Pro Build 1607 and WinDbg 10.0.14321.1024. I have a symbol file path set to

SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols

Basically, whenever I download minidump (all files are smaller than 1 MB .dmp), WinDbg actually parses them. I understand that the first launch can take a long time, but it took me almost 12 hours before he let me enter the command. I assumed that since the characters were cached, it would not take a lot of time to reopen the same .dmp. This is not the case. It loads, almost instantly switches to "Loading kernel characters", then takes another 30 minutes before it prints the string "BugCheck". It was another 30 minutes, and I still can’t enter commands into it.

My computer has a 512 GB SSD, 8 GB of RAM, and an i5-4590. I don’t think it should be so slow.

What am I doing wrong?

+4
source share
2 answers

This is a character server that is very slow. Others also noticed: https://twitter.com/BruceDawson0xB/status/772586358556667904

Your symbol path contains a local cache, so it should load faster next time, but it seems that the cache is inefficient, I can’t say why (I suspect that the downloaded characters are not perfect and they load again, every time).

_NT_SYMBOL_PATH ( - , sympath) SRV*C:\SymCache, .. , , . . , .

+6

, . , Microsoft.

Wireshark , , :

  • .
  • WinDbg (6.2.9200)
  • HTTP HTTPS
  • , , . 11 / 20 / ( , 6500 /).
  • , .., " ", . 8 .
  • , " ".
  • HTTP ( ) 8 9

WinDbg kernel character loading

Search phase

HTTP roundtrip times

+10

Source: https://habr.com/ru/post/1653708/

More articles:


All Articles