–        Performance MonitorPAL

–        Process Monitor

–        Process Explorer

–        MPSReport

–        SPSReport

–        SPDisposeCheck

–        Dependency Walker

–        SQL Nexus

–        LogParser

–        Indihiang

–        PowerShell

–        Application Verifier

–        Logger/LogViewer


–        XPerf – Windows Performance Analyzer

–        PerfView – Low Level Profiler for .NET applications

–        DebugDiag – Debug Diagnostic

–        ProcDump – Process Dump

–        WinDbg – Windows Debugging Tools

–        WinDbg Scripts – Automate the Debugging

–        Netmon – Microsoft Network Monitor

–        Fiddler – HTTP Debugger Proxy

–        NP .NET Profiler – Lightweight profiler designed to assist in troubleshooting issues such as slow performance, memory related issues, and first chance exceptions in .NET applications


Performance Monitor

–        Use to get information about the application’s health.

–        Use to see if and when the suspicious symptom happens.

–        Save a log file. It can be analyzed later.

–        Part of the Windows Operating System.



PAL (Performance Analysis of Logs)

–        The PAL tool reads in a Performance Monitor counter log (any known format) and analyzes it using complex, but known thresholds (provided).

–        The tool generates an HTML based report which graphically charts important performance counters and throws alerts when thresholds are exceeded.

–        The thresholds are originally based on thresholds defined by the Microsoft product teams and members of Microsoft support, but continue to be expanded by this ongoing project.


Process Monitor

–        Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation

–        Reliable capture of process details, including image path, command line, user and session ID

–        Filters can be set for any data field, including fields not configured as columns

–        Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data

–        Process tree tool shows relationship of all processes referenced in a trace

–        Boot time logging of all operations


Process Explorer

–        Easy way to see information from processes.

–        What is each thread doing? Call stack is available.

–        How is the CPU usage? You can see the CPU usage, Kernel and User Mode.

–        You can see which program has a particular file or directory opened.

–        You can search for a specific handle or DLL among the processes running.



–        Check DLL’s versions, hotfixes, software updates.

–        Compare if two machines have the same drivers, registry settings and softwares.



–        Think of MPSReport for SharePoint.

–        The SPS Reporting Tool is utilized to gather detailed information regarding a systems current configuration.



–        The SPDisposeCheck utility will assist you dig through your custom SharePoint MSIL assemblies looking for areas in your code that may require “closer examination” and might lead to Dispose() related memory leaks.

–        A manual code review is still required to cast out ‘false positives’ that the tool may produce in the output report



Best Practices:

Dependency Walker

–        Scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules

–        For each module found, it lists all the functions that are exported by that module.

–        Detailed information about each file including a full path to the file, base address, version numbers, machine type, debug information, and more.

–        Useful for troubleshooting system errors related to loading and executing modules.


SQL Nexus

–        You don’t need to be a DBA to use this tool. J

–        You can quickly and easily load SQL Trace files; T-SQL script output, including SQL DMV queries; and Performance Monitor logs into a SQL Server database for analysis.

–        Excellent tool for isolating problems on the SQL Server side.




–        Focused on managed heap

– Who allocates what

– What objects survive

– What is on the heap

– Who is holding on to objects

–        Instrumented application writes log

–        Separate tool to analyze log offline

–        Intrusive tool

–        By default, every allocation, every call is logged

–        Expect 10 – 100 x slowdown

–        Logging can be turned off selectively for speedup

–        Not a tool to measure where time is spent


How To: Use CLR Profiler


–        Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows operating system such as the Event Log, the Registry, the file system, and Active Directory



Forensic Log parsing:

Log Parser scripts:

Visual LogParser tools:


– Based on LogParser

– Great tool to analyze IIS logs

– Generate great charts

– User interface easy to interact

– Downside: slower than running regular LogParser scripts



–        Why do you need to learn another scripting language?

–        Less code than JScript and VBScript to accomplish the same task.

–        Total integration with .NET Framework.

–        Great for administrators and developers.

–        In PFE we use PowerShell as the preferred programming language used to create tools!

–     Alternative to LogParser tool.


PowerShell is part of Windows 7 and newer versions.

For other Windows versions you can download from:

PowerShell blog:

Application Verifier (for Native coded applications)

– When the application is using APIs correctly:

–        Unsafe TerminateThread APIs.

–        Correct use of Thread Local Storage (TLS) APIs.

–        Correct use of virtual space manipulations (for example, VirtualAlloc, MapViewOfFile).

– Whether the application is hiding access violations using structured exception handling.

– Whether the application is attempting to use invalid handles.

– Whether there are memory corruptions or issues in the heap.

– Whether the application runs out of memory under low resources.

– Whether the correct usage of critical sections is occurring.

– Whether an application running in an administrative environment will run well in an environment with less privilege.

– Whether there are potential problems when the application is running as a limited user.

– Whether there are uninitialized variables in future function calls in a thread’s context.




–        Logger.exe logs every API call done by the target application.

–        LogViewer.exe displays the API calls logged by Logger.exe

–        With LogViewer.exe you can specific APIs that were called, filtering the output.


Logger/LogViewer are part of the Debugging Tools For Windows:

Command reference for Logexts.dll extension:

Calling Logexts.dll from WinDbg:



–        A very efficient tracing infrastructure provided by Windows

–        Enables high volume of tracing with minimal performance degradation

–        Can be used in User Mode and Kernel Mode

–        Provides many different graphical views of trace data including:

–        CPU Sampling

–        CPU and Disk utilization by process and thread

–        Interrupt service routine and deferred procedure call using

–        Hard faults

–        Disk I/O Detail

–    Call stacks



–        Tool for quickly and easily collecting and viewing time and memory performance data.

–        Like XPERF, it is based on ETW (Event Tracing for Windows)

– 2 modes of execution:

–            Optimizing Time.

–            Optimizing Memory.

–        Access to call stacks and Garbage Collector information.

–        Low Level compared to other Profilers.





–        You can create rules in order to collect dumps under specific conditions.

–        Crash rule – used for exceptions.

–        Performance rule – used for performance problems in any application, based on any Performance Monitor counter (like Procdump but with more options and UI). Also used for hangs or performance problems in IIS, based on internal ETW events.

–        Memory and Handle Leak rule – for memory leaks coming from native code.

–        Manual Dump collection– used in cases when the rules don’t apply, like performance.

–        Automated Analysis feature – DebugDiag can debug the dump for you and present a report with the findings! The dump files don’t need to be collected with DebugDiag.


How to use the Debug Diagnostics tool to troubleshoot a process that has stopped responding in IIS

How to use the IIS Debug Diagnostics tool to troubleshoot a memory leak in an IIS process

How to use the IIS Debug Diagnostics Tool to troubleshoot an IIS process that stops unexpectedly

How to use the Debug Diagnostics Tool to troubleshoot high CPU usage by a process in IIS

A client application may intermittently receive an error message when a client application tries to create a COM+ component


–        Enables you to collect dump files when a specific application is consuming high CPU.

–        You choose the CPU threshold to trigger the dump.

–        Excellent for intermitent high CPU scenarios.



–        Free and powerful Microsoft debugger.

–        More powerful than Visual Studio.

–        Enables user mode debugging and kernel debugging.

–        Post-Mortem debugging (dump analysis) and live debugging.

–        Downside: More difficult to use than Visual Studio but worth learning.


Psscor2.dll – debugger extension:

Sosex.dll – debugger extension:

WinDbg Scripts

–        Scripts are used to automate the debugging session.

–        WinDbg Scripts are created with the WinDbg script language which is similar to C.

–        WinDbg Scripts are great for small scripts.



–        Use it when you suspect the bottleneck is network related.

–        Collects logs from network activity.

–        Easy way to visualize HTTP, TCP/IP and other types of network communication.




–        Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet.

–        If you think the network might be the bottleneck for the poor performance of your web application you can use Fiddler or Netmon.


Instructional videos:

NP .NET Profiler

–   Easy to use .NET Profiler, easier to use than Visual Studio.

–   Used for issues such as slow performance, memory related issues, and first-chance exceptions in .NET applications.

–   It can troubleshoot the following types of .NET applications:

  • ASP.NET Web Applications
  • .NET Windows Applications (WCF, WPF and WF )
  • .NET Console Applications
  • .NET Window Services
  • .NET COM+ Components
  • Azure Service


debugging tools More articles about

  1. Debugging Tools for Windows__from WDK7

    1. There are two main tools : (1).WinDBG This is mainly used for Not IDE Next Debugging program / Check information, etc (2).cdb.exe This is mainly used for Qt5.3.2 for VS10 Step debugger for 2. WDK7 ...

  2. install Debugging Tools Time error Setup could not find the file WinSDK_amd64 To deal with

    install Debugging Tools Time error Setup could not find the file WinSDK_amd64 To deal with 1. Software source :  Download on Microsoft's official website SDK ISO Installation package ( contain debu ...

  3. Visual Studio 2010 Debugging guide for beginners :Mastering Debugging in Visual Studio 2010 - A Beginner's Guide

    Introduction In the software development life cycle, testing and defect fixing take more time than a ...

  4. Download the WDK, WinDbg, and associated tools

    Download the WDK, WinDbg, and associated tools This is where you get your Windows Driver Kit (WDK) a ...

  5. SQL Debugging

    C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn>“C:\Program Files\Debugging ...

  6. Linux One time installation of development tools :yum groupinstall Development tools

    [[email protected] ~]$ yum grouplist | moreLoaded plugins: fastestmirror, refresh-packagekit, se ...

  7. troubleshooting tools in JDK 7-- Reprint

    This chapter describes in detail the troubleshooting tools that are available in JDK 7. In addition, ...

  8. turn :Remote debugging with Visual Studio 2010

    Original URL you ...

  9. android sdk tools List

    ANDROID SDK ADKROID SDK Our tools are divided into two parts , Part of it is SDK tools, It's not about the platform , The other part is Platform tools Support the latest Android platform   SDK tools Yes SDK m ...

Random recommendation

  1. 【 Code Notes 】iOS- Realize the asynchronous loading and caching of network pictures

    Code : - (void)viewDidLoad { [super viewDidLoad]; // Do any additional setup after loading the view. se ...

  2. 《Prism 5.0 The source code walkthrough 》Bootstrapper

    Prism The framework needs to do some initialization work when the application starts ,Bootstrapper That's what I'm here to do , It's the starting point . Bootstrapper The main things to do are : Create and configure module catalog, establish D ...

  3. Ajax Diary

    Briefly speaking Ajax The content of blog is summed up as blog . AJAX Can and can only read files from the server , We use ajax It is divided into the following steps : 1.  establish ajax object 2.  Link server 3.  Send a request 4.  Receive return value Next ...

  4. shortest path -spfa

    About spfa It's dead #include<bits/stdc++.h> using namespace std; const int maxn = 1e5+5,maxm = 1e6+5,i ...

  5. C# Add objects to ArrayList Code for

    Make a backup of some good code segments in the development process , The following code is about C# Add objects to ArrayList Code for . ArrayList alcollect = new ArrayList();string str = ...

  6. 10.Odoo Product analysis ( Two ) – Business sector (5) – The calendar (1)

    see Odoo Product analysis series -- Catalog A calendar template can also be understood as a calendar view , Based on the analysis of " sales " Module calendar view . Here is a detailed introduction :  From the page , It's divided horizontally into two parts , Sinister 80% display ...

  7. BZOJ4764 Master tanfei ——LCT

    Title Description since WC Since retiring , I'm getting lazy . To help him move his muscles , Also inspired by the problem of flying sheep , Guys in the computer room Decided to work together to construct a sequence like this . This sequence has N term , Each item represents the strength value of a small partner , ...

  8. C# Primitive type

    C# Programming , There are two ways to initialize an integer : (1). More complicated methods , The code is as follows : Int32 a = new Int32(); (2). The minimalist approach , The code is as follows : ; Compare the two methods , The analysis is as follows : The first one is : Too complicated , ...

  9. Tencent cloud Linux Mount data disk

            View the mounted hard disk   1) function fdisk -l Command to view hard disk information .   When the hard disk is never initialized , You need to create a file system first ,       Hard disk formatting   function mkfs.ext4 device_n ...

  10. pyalgotrade introduction

    Introduction code analysis : from pyalgotrade import strategyfrom pyalgotrade.barfeed import yahoofeed # Inherited from BacktestingStr ...