Sometimes little bit of C# and ClrMD can save a lot of time when investigating a crash dump…
and the follwing is exactly the case in question.
While debugging a crash dump of a production issue, I saw the following line in the output of !dumpheap -stat command in WinDBG:
00007fff8638eb68 24357247 584573928 System.WeakReference`1[[Raven.Database.Config.ILowMemoryHandler, Raven.Database]]
Investigating ~24 million entries on what goes on there would obviously take ALOT of time, and randomly selecting couple of entries returned that WeakReference pointed to NULLs.
I suspected that most of the WeakReferences point to null, but what about non-null ones? Manually, its too hard to find-out… So, ClrMD to the rescue! After some mucking around and some experimentation, I came up with the following code:
using (var session = ClrMDSession.LoadCrashDump(@"c:\path\to\the\dump.dmp"))
Most likely this code can be made more efficient and optimized yes. Yet, it did it’s job - a throwaway code to investigate specific issue, that otherwise would take too long to investigate manually.
Oh, and in case you are wondering, what the heck is ClrMDSession class in the snippet - I used in this code an awesome ClrMD.Extensions library that streamlines and simplifies the use of ClrMD, and also provides some pretty neat method extensions for common ClrMD related tasks.
You can take a look at it in it’s GitHub repository.
So… as I said - profit!