An utility ProcessSnapshot takes advantage of Debugging Tools API<\/a> (dbghelp.dll<\/a> – note the dialog also displays DLL version in the right bottom corner) and writes this helpful information to text file and it can also take a sequence of the snapshots to compare thread performance and\/or stacks and check the difference.<\/p>\n The generated file is in the directory of the utility application and looks like:<\/p>\n <\/p>\n How exactly this can facilitate troubleshooting problems with software. Here are several scenarios:<\/p>\n In all mentioned above scenarios the snapshot is very helpful for troubleshooting, profiling, fixing.<\/p>\n Update 23-Dec-2008. The application auto-enables SeDebugPrivilege<\/a> (SE_DEBUG_NAME) so that snapshot could be taken from processes such as service processes.<\/p>\n A binary [Win32<\/a>, x64<\/a>] and Visual C++ .NET 2008 source code are available from SVN<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" While troubleshooting released application on remote production site, it is very useful to grasp a state of the process for further analysis. There are several scenarios in which the following information about process state is helpful: modules (DLLs) loaded into process and their versions threads and their call stacks process and thread performance An utility… <\/p>\n![\"\"](\"https:\/\/alax.info\/blog\/wp-content\/uploads\/2008\/10\/14-image001-300x175.png\" "\\"Process")
<\/a><\/p>\nSnapshot\r\n System Time: 10\/14\/2008 8:46:33 PM\r\n Local Time: 10\/14\/2008 11:46:33 PM\r\n\r\nPerformance\r\n Creation System Time: 10\/14\/2008 8:46:28 PM\r\n Kernel Time: 0.094 s\r\n User Time: 0.031 s\r\n\r\nModules\r\n\r\n Module: ProcessSnapshot.exe @00400000\r\n Base Address: 0x00400000\r\n Base Size: 0x0005b000 (372736)\r\n Name: ProcessSnapshot.exe\r\n Path: D:\\Projects\\Utilities\\ProcessSnapshot\\Release\\ProcessSnapshot.exe\r\n Product Version: 1.0.0.1\r\n File Version: 1.0.0.125\r\n\r\n Module: ntdll.dll @7c900000\r\n Base Address: 0x7c900000\r\n Base Size: 0x000af000 (716800)\r\n Name: ntdll.dll\r\n Path: C:\\WINDOWS\\system32\\ntdll.dll\r\n Product Version: 5.1.2600.5512\r\n File Version: 5.1.2600.5512\r\n[...]\r\n\r\nThreads\r\n\r\n Thread: 3824\r\n Base Priority: 8\r\n Creation System Time: 10\/14\/2008 8:46:57 PM\r\n Kernel Time: 0.063 s\r\n User Time: 0.031 s\r\n Call Stack\r\n ntdll!7c90e4f4 KiFastSystemCallRet (+ 0) @7c900000\r\n USER32!7e4249c4 GetCursorFrameInfo (+ 460) @7e410000\r\n USER32!7e424a06 DialogBoxIndirectParamAorW (+ 54) @7e410000\r\n USER32!7e4247ea DialogBoxParamW (+ 63) @7e410000\r\n ProcessSnapshot!00403f45 ATL::CDialogImpl<CMainDialog,ATL::CWindow>::DoModal (+ 67) [c:\\program files\\microsoft visual studio 9.0\\vc\\atlmfc\\include\\atlwin.h, 3478] (+ 28) @00400000\r\n ProcessSnapshot!00403b6f CProcessSnapshotModule::RunMessageLoop (+ 74) [d:\\projects\\utilities\\processsnapshot\\processsnapshot.cpp, 67] (+ 0) @00400000\r\n ProcessSnapshot!004049b9 ATL::CAtlExeModuleT<CProcessSnapshotModule>::Run (+ 17) [c:\\program files\\microsoft visual studio 9.0\\vc\\atlmfc\\include\\atlbase.h, 3552] (+ 0) @00400000\r\n ProcessSnapshot!004041c3 ATL::CAtlExeModuleT<CProcessSnapshotModule>::WinMain (+ 48) [c:\\program files\\microsoft visual studio 9.0\\vc\\atlmfc\\include\\atlbase.h, 3364] (+ 5) @00400000\r\n ProcessSnapshot!00434477 wWinMain (+ 5) [*d:\\projects\\utilities\\processsnapshot\\release\\processsnapshot.inj:5, 14] (+ 0) @00400000\r\n ProcessSnapshot!00415058 __tmainCRTStartup (+ 274) [f:\\dd\\vctools\\crt_bld\\self_x86\\crt\\src\\crt0.c, 263] (+ 27) @00400000\r\n !00360033<\/pre>\n
\n