1. IT-Security >
  2. Programmierung >
  3. Collecting and analyzing memory dumps

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Collecting and analyzing memory dumps


Programmierung vom | Direktlink: devblogs.microsoft.com Nachrichten Bewertung

Building upon the diagnostics improvements introduced in .NET Core 3.1, we’ve introduced a new tool for collecting heap dumps from a running .NET Core process.

In a previous blog post we introduced, dotnet-dump, a tool to allow you to capture and analyze process dumps. Since then, we’ve been hard at work to improve the experience when working with dumps.

Two of the key improvements we’ve made to dotnet-dump are:

  • We no longer require sudo for collecting dumps on Linux
  • dotnet dump analyze is now a supported on Windows

GC dumps

However, one of the key limitations that remains is process dumps are not portable. It is not possible to diagnose dumps collected on Linux with Windows and vice-versa.

Many common scenarios don’t require a full process dump inspection. To enable these scenarios, we’ve introduced a new lightweight mechanism for collecting a dump that is portable. By triggering a garbage collection in the target process, we are able to stream events emitted by the garbage collector via the Existing EventPipe mechanism to regenerate a graph of object roots from those events.

These GC dumps are useful for several scenarios including:

  • Comparing number of objects by type on the heap
  • Analyzing object roots
  • Finding what objects have a reference to what type
  • Other statistical analysis about objects on the heap

dotnet-gcdump

In .NET Core 3.1, we’re introducing a new tool that allows you to capture the aforementioned process dumps for analysis in PerfView and Visual Studio.

You can install this .NET global tool by running the following command:

dotnet tool install --global dotnet-gcdump

Once you’ve installed dotnet gcdump, you can capture a GC dump by running the following command:

dotnet gcdump collect -p <target-process-PID>

Note: Collecting a gcdump triggers a full Gen 2 garbage collection in the target process and can change the performance characteristics of your application. The duration of the GC pause experienced by the applicaiton is proportional to the size of the GC heap; applications with larger heaps will experience longer pauses.

The resulting .gcdump file can be analyzed in Visual Studio and PerfView on Windows.

Analyzing GC dumps in Visual Studio

The collected GC dumps can be analyzed by opening the .gcdump files in Visual Studio. Upon opening in Visual Studio, you are greeted with the Memory Analysis Report page.

Memory analysis report in Visual Studio 2019

The top pane shows the count and size of the types in the snapshot, including the size of all objects that are referenced by the type (Inclusive Size).

In the bottom pane, the Paths to Root tree displays the objects that reference the type selected in the upper pane. The Referenced Types tree displays the references that are held by the type selected in the upper pane.

In addition to the memory analysis report of just a single GC dump, Visual Studio also allows you to compare two gc dumps. To view details of the difference between the current snapshot and the previous snapshot, navigate to the Compare To section of the report and select another GC dump to serve as the baseline.

Memory analysis comparison in Visual Studio 2019

Closing

Thanks for trying out the new diagnostics tools in .NET Core 3.1. Please continue to give us feedback, either in the comments or on GitHub. We are listening carefully and will continue to make changes based on your feedback.

The post Collecting and analyzing memory dumps appeared first on .NET Blog.

...

Externe Webseite mit kompletten Inhalt öffnen

https://devblogs.microsoft.com/dotnet/collecting-and-analyzing-memory-dumps/

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • Collecting and analyzing memory dumps

    vom 315.01 Punkte ic_school_black_18dp
    Building upon the diagnostics improvements introduced in .NET Core 3.1, we’ve introduced a new tool for collecting heap dumps from a running .NET Core process. In a previous blog post we introduced, dotnet-dump, a tool to allow you to capture and analyze process dumps. Since then, we’ve
  • MemProcFS - The Memory Process File System

    vom 219.05 Punkte ic_school_black_18dp
    The Memory Process File System is an easy and convenient way of accessing physical memory as files a virtual file system.Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via
  • Find solutions faster by analyzing crash dumps in Visual Studio

    vom 195.68 Punkte ic_school_black_18dp
    When unexpected crashes occur in your managed application you are often left with little evidence of the issue; capturing and analyzing memory dumps may be your last best option. Thankfully Visual Studio is a great tool for analyzing your apps memory d
  • Announcing .NET Core 3.0

    vom 146.08 Punkte ic_school_black_18dp
    Announcing .NET Core 3.0 We’re excited to announce the release of .NET Core 3.0. It includes many improvements, including adding Windows Forms and WPF, adding new JSON APIs, support for ARM64 and improving performance across the board. C# 8 is als
  • Legitimate Skimmed Services.!

    vom 136.63 Punkte ic_school_black_18dp
    Old Private Vendor Now Selling In Public. Introducing to the General Public, My Track 1 & Track 2 Dumps Service! Skimm My Own Dumps. Not A Reseller.... Many Customer Don't Know Which Bins Work In His/Her Area. Just Say which Countries You Want To wo
  • Legitimate Skimmed Services.!

    vom 136.63 Punkte ic_school_black_18dp
    Old Private Vendor Now Selling In Public. Introducing to the General Public, My Track 1 & Track 2 Dumps Service! Skimm My Own Dumps. Not A Reseller.... Many Customer Don't Know Which Bins Work In His/Her Area. Just Say which Countries You Want To wo
  • Legitimate Skimmed Services.!

    vom 136.63 Punkte ic_school_black_18dp
    Old Private Vendor Now Selling In Public. Introducing to the General Public, My Track 1 & Track 2 Dumps Service! Skimm My Own Dumps. Not A Reseller.... Many Customer Don't Know Which Bins Work In His/Her Area. Just Say which Countries You Want To wo
  • Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs

    vom 131.51 Punkte ic_school_black_18dp
    Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be
  • Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes

    vom 128.66 Punkte ic_school_black_18dp
    This is the second in our series of Top 5 interesting cases from 2019. Each of these bugs has some element that sets them apart from the more than 1,000 advisories released by the program this year. Today’s blog looks a local privilege escalation in t
  • Virtual machine memory allocation and placement on Azure Stack

    vom 105.64 Punkte ic_school_black_18dp
    Customers have been using Azure Stack in a number of different ways. We continue to see Azure Stack used in connected and disconnected scenarios, as a platform for building applications to deploy both on-premises as well as in Azure. Many customers wa
  • ♛ Cit0day.in - the citadel of your wish! ♛ [DUMPS EMAIL:PASS]

    vom 102.34 Punkte ic_school_black_18dp
    Cit0day.in – is a service, which allows you getting fresh dumps. All the sites were cracked by our team. It means that everything is generally coming to you directly from us. You won’t find trash, which are popular in sale. We crack quite a big
  • GREAT DUMPS ATM TRACKS 1 + 2 WITH PIN – Out Pin 101/201 UPDATE INSTOCK 100% VA

    vom 99.03 Punkte ic_school_black_18dp
    GREAT DUMPS ATM TRACKS 1 + 2 WITH PIN – Out Pin 101/201 UPDATE INSTOCK 100% VALID LEVEL Dumps Track 1 & 2 with Pin (code 101/121/201/221 and mores) ** Usa :101 - Visa Classic, MasterCard Standart - Visa Gold|Platinum|Business, MasterCard

Team Security Diskussion über Collecting and analyzing memory dumps