How to Capture Debugging Information for Memory Leak in Windows 2008 R2

book

Article ID: CTX126255

calendar_today

Updated On:

Description

This article describes how to capture IMA debugging information for an IMA memory leak in XenApp on Windows 2008 R2. This procedure can be used for any process.
This document also discusses a sample scenario of recording memory leak using PowerShell for the firefox.exe process.

Requirements

To complete the procedure, access the following components:

Windows Debugging Tools

ProcDump

The following components are optional:

PowerShell

PowerShell ISE

Instructions

Recording IMA Memory Leak for XenApp on Windows 2008 R2 Operating System

To record the IMA Memory leak, complete the following procedure:

Download the 32-bit version of the Windows Debugging Tools from the Microsoft website, see here.
Install the 32-bit version 6.11.1.404 of the tool.
Note: The older version is required to avoid a 64/32-bit mismatch in gflags.exe and umdh.exe, which are running on a 32-bit process. In this procedure, ImaSrv.exe is the process.
Create the following folders to save symbols, log files, and dump files on the computer:
C:\Symbols\CTX
C:\Symbols\MS
C:\Logs
C:\Dumps

Create a new environment variable for the Symbols folder with the following details:

Variable name: _NT_SYMBOL_PATH_
Variable value: SRV*c:\Symbols \MS*http://msdl.microsoft.com/download/symbols;SRV*c:\Symbols\CTX*http://ctxsym.citrix.com/symbols

Run the following command from the command prompt to enable User Mode Stack Trace Database:
gflags -i ImaSrv.exe +ust
Note: You can also enable the User Mode Stack Trace Database through the GFlags GUI.
To enable the User Mode Stack Trace Database through the GUI, complete the following procedure:
1. Start Gflags.exe.
2. In the GUI, activate the Image File tab and specify the required details, as shown in the following screen shot.

Restart the IMA Service.
Download ProcDump from Windows Sysinternals - ProcDump v3.04 .
Move procdump.exe to the C:\windows\system32 folder.
Moving the file to this folder ensures that the file is available in the $PATH folder.
To create a dump file for the ImaSrv.exe process and to create a log file, complete the following procedure:
1. Make a note of the process ID from the Windows Task Manager, as shown in the following screen shot.
2. Run the following command to create a log file:
  procdump –ma 1340 c:\Dumps\
  C:\Program Files (x86)\Debugging Tools for Windows (x86)>umdh -p:1340 -f:c:\Logs\Log1.txt
  Note: The procdump command requires the –ma parameter to record the complete memory space for the process.
Repeat Step 9 in increments of 150 to 200 megabytes. Ensure to increment the dump and the log file names to correspond to the increment. The following is a sample of the incremented file names:
ImaSrv1.dmp
Log1.txt
ImaSrv2.dmp
Log2.txt

Recording Memory Leak Using PowerShell

This procedure is optional. To record memory leak using PowerShell and test using firefox.exe as a sample process, complete the following procedure:

Install the PowerShell Integrated Scripting Environment through the Add Features wizard. The following screen shot displays the Add Features wizard:
Save the following script either using the PowerShell ISE or Notepad:

# 2008 R2 Memory Leak Capture Script
if($args.length -lt 1) {
    Write-Warning "You need to provide a PID as an argument";
    exit;
}
# Get the process ID that is passed as a parameter
$process_id = $args[0];
# Increment to use for memory dumps in MEGABYTES
$memory_increment = 20;
if(Get-Process -Id $process_id -ErrorAction SilentlyContinue) {
    # Set the Process Object
    $tmp = Get-Process -Id $process_id;
    $mem = $tmp.PrivateMemorySize / 1024 / 1024;
    $process_name = $tmp.ProcessName;
    Write-Host "The process is running, current memory usage is $mem - preparing to dump ($process_name)..."
    for($i = 1; $i -lt 5; $i++) {
        $dump = "dump" + $i;
        Write-Host $inc;
        procdump -m $mem -ma $process_id c:\Dumps\$dump;
        umdh.exe -p:$process_id -f:c:\Logs\Log$i.txt
        $mem += $memory_increment;
    }
}
else {
    Write-Warning "The process is not running.  You can view the running processes below.  Please try again";
    Get-Process;
    exit;
}

Note: You can modify the Increment to use for memory dumps procedure as required. The size is in Megabytes. For example, $memory_increment = 150.

Run the script from PowerShell or from the command prompt. Run the following command from PowerShell:
PS> C:\script-name.ps1 PID
script-name is name of the script created in Step 2. PID is the process ID noted from Window Task Manager
Run the following command to test the script for the firefox.exe process:
PS C:\ > c:\leak.ps1 5880
Note: For testing this command, the gflags were set for firefox.exe. Multiple tabs were opened on the browser to increase memory size for testing. The sample Process ID for firefox.exe, which was noted from the Windows Task Manager was 5880.
The following is a sample output for the preceding command:

The process is running, current memory usage is 27.63671875 - preparing to dump (firefox)...
ProcDump v1.81 - Writes process dump files
Copyright (C) 2009-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
Process: firefox.exe (5880)
CPU threshold: n/a
Commit threshold: 27 MB
Threshold seconds: 10
Number of dumps: 1
Hung window check: Disabled
Exception monitor: Disabled
Terminate monitor: Disabled
Dump file: c:\Dumps\dump1.dmp
Time CPU Duration
Process has hit memory usage spike threshold.
Writing dump file c:\Dumps\dump1_100810_134059.dmp...
Dump written.
ProcDump v1.81 - Writes process dump files
Copyright (C) 2009-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
Process: firefox.exe (5880)
CPU threshold: n/a
Commit threshold: 47 MB
Threshold seconds: 10
Number of dumps: 1
Hung window check: Disabled
Exception monitor: Disabled
Terminate monitor: Disabled
Dump file: c:\Dumps\dump2.dmp
Time CPU Duration
Process has hit memory usage spike threshold.
Writing dump file c:\Dumps\dump2_100810_134129.dmp...
Dump written.
ProcDump v1.81 - Writes process dump files
Copyright (C) 2009-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
Process: firefox.exe (5880)
CPU threshold: n/a
Commit threshold: 67 MB
Threshold seconds: 10
Number of dumps: 1
Hung window check: Disabled
Exception monitor: Disabled
Terminate monitor: Disabled
Dump file: c:\Dumps\dump3.dmp
Time CPU Duration
Process has hit memory usage spike threshold.
Writing dump file c:\Dumps\dump3_100810_134136.dmp...
Dump written.
ProcDump v1.81 - Writes process dump files
Copyright (C) 2009-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
Process: firefox.exe (5880)
CPU threshold: n/a
Commit threshold: 87 MB
Threshold seconds: 10
Number of dumps: 1
Hung window check: Disabled
Exception monitor: Disabled
Terminate monitor: Disabled
Dump file: c:\Dumps\dump4.dmp
Time CPU Duration
Process has hit memory usage spike threshold.
Writing dump file c:\Dumps\dump4_100810_134204.dmp...
Dump written.

Issue/Introduction

This article describes how to capture IMA debugging information for an IMA memory leak in XenApp on Windows 2008 R2.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"