Professional Documents
Culture Documents
How Do You Create Memory Dumps For Diagnostics Purposes in Wincc/Pcs 7?
How Do You Create Memory Dumps For Diagnostics Purposes in Wincc/Pcs 7?
Security Siemens provides products and solutions with industrial security functions that
informa- support the secure operation of plants, systems, machines and networks.
tion In order to protect plants, systems, machines and networks against cyber
threats, it is necessary to implement – and continuously maintain – a holistic,
state-of-the-art industrial security concept. Siemens’ products and solutions only
form one element of such a concept.
Customer is responsible to prevent unauthorized access to its plants, systems,
machines and networks. Systems, machines and components should only be
connected to the enterprise network or the internet if and to the extent necessary
and with appropriate security measures (e.g. use of firewalls and network
segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be
taken into account. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them
more secure. Siemens strongly recommends to apply product updates as soon
as available and to always use the latest product versions. Use of product
versions that are no longer supported, and failure to apply latest updates may
increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial
Security RSS Feed under http://www.siemens.com/industrialsecurity.
© Siemens 2021 All rights reserved
Table of content
1 Installing the Microsoft Windows Software Development Kit (SDK) ............ 4
2 Start and Parameterize the "adplus.exe" Program ....................................... 8
2.1 Preparations ...................................................................................... 9
2.2 Start and Parameterize the "adplus.exe" Program............................ 10
2.3 Terminating Process Monitoring with the "adplus.exe" Program ....... 12
2.3.1 Procedure for terminating monitoring without terminating the
process being monitored.................................................................. 12
3 Entering the "adplus.exe" Program in the Startup List of the WinCC
Project........................................................................................................... 14
4 Notes ............................................................................................................. 16
5 Enabling and Using the "gflags" Tool ......................................................... 17
5.1 Enabling the "gflags" Tool ................................................................ 17
6 Usage of ProcDump ..................................................................................... 20
6.1 Approach ......................................................................................... 20
6.2 Notes............................................................................................... 21
7 Glossary........................................................................................................ 22
Question
How do you create memory dumps for diagnostics purposes in WinCC/PCS 7?
Answer
Follow the instructions and notes listed in this document for a detailed answer to
the above question.
Note
The following procedure is idenical for both versions.
2. Start the downloaded "sdksetup.exe" file.
In the "Specify Location" window you select the "Download the Windows Software
Development Kit for installation on a separate computer" option.
Select a path in which you want to temporarily save installation files.
© Siemens AG 2021 All rights reserved
No. Procedure
3. In the new window select only "Debugging Tools for Windows".
© Siemens AG 2021 All rights reserved
Note
Microsoft .NET Framework 4.0 is also installed automatically.
Install the downloaded files on this computer or copy the files to a target computer
and install them there.
No. Procedure
4. Start the "sdksetup.exe" file.
Retain the proposed installation path.
© Siemens AG 2021 All rights reserved
No. Procedure
6. Select only "Debugging Tools for Windows" and click the "Install" button.
© Siemens AG 2021 All rights reserved
WARNING When you proceed as described below, there might be situations where
performance is impaired as listed below:
• Loss of performance
• Extremely high use of memory
• Changed system timings
• Unusable plant
First, check whether the application you want to examine with adplus.exe was
compiled for a 32 bit or 64 bit architecture.
To do so, select in Windows 10 the "Details" tab of the Task Manager and activate
the column "Platform" by means of the context menu, if it's not already visible.
© Siemens AG 2021 All rights reserved
Figure 2-1
In previous OS versions, you recognize 32 bit processes by the name suffix "*32".
2.1 Preparations
Table 2-1
No. Procedure
1 Create a directory in which you want to store the diagnostics data
generated (c:\temp, for example).
2 Download the adplusconfig.xml file from this entry onto your computer and copy
this file into the newly created directory. Configure this file corresponding to your
requirements.
<Exception Code='AV'>
<Actions1> FullDump </Actions1>
<ReturnAction1> GN </ReturnAction1>
</Exception>
No. Procedure
3 Start WinCC Runtime (Alarm Logging Runtime must be enabled in the
Startup list).
Wait until WinCC Runtime has completely started.
Note
Beside the cmd-console, a second console will be opened for diagnostic
purposes. Don't manipulate that console, in particular don't close the
console window.
4 Check at regular intervals in the "c:\temp" path whether .dmp files have
been created.
Note
A new directory is created each time "adplus" starts.
This should be taken into account when checking new files.
Table 2-4
No. Procedure
1 If monitoring is enabled as described above, a second window (cdb.exe) is
opened in addition to the cmd window. The debug information etc. is listed
in this second window.
2 Select this window and press "CTRL + C". This creates a manual
minidump.
© Siemens AG 2021 All rights reserved
No. Procedure
3 Now enter the "qd" ("quit with detach") command in this window. This
detaches the monitored process and terminates monitoring. You can now
close the two windows cmd.exe and cdb.exe without affecting the process
being monitored.
© Siemens AG 2021 All rights reserved
2 Using the "Down" button you move the new entry to the bottom so that it is
started last.
Note This works only with processes that are not executed in the System Account
(which is why the command line environment must also be started with
administrator rights).
© Siemens AG 2021 All rights reserved
4 Notes
• The "adplus.exe" tool from Microsoft needs the "Net Framework 4". If not
already installed on the computer to be analyzed, the "sdksetup.exe" setup
installs it on the target system.
• The "adplus.exe" tool starts a process called "cdb.exe". This is a debugging
tool which connects with the process to be monitored and keeps a look out for
exceptions.
• The configuration given above increases the memory requirement for the log
files in c:\temp continuously, because the debugging information of the cdb.exe
process is written continuously to these log files. Examinations are being made
as to how this can be stopped, so that the log files do not become enormous in
size after a long running time.
• To stop monitoring of the processes, you must terminate the process to be
monitored. In this case it would suffice to disable the WinCC Runtime, because
this also terminates the "CCAlgRtServer.exe" process. However, this also
means that after restarting the computer or WinCC, you have to restart the
"adplus.exe" with the appropriate parameters.
• The above-mentioned application requires that the process to be monitored
has already been started. The "adplus.exe" tool also has the option of being
started before the process to be monitored and then connecting automatically
to it. It is not recommended to use this feature, because the "adplus.exe" tool
© Siemens AG 2021 All rights reserved
would in this case cause too much load on the CPU. An alternative solution is
being looked for at the time to provide the same function but at not such a
great cost of resources.
WARNING When you proceed as described below, there might be situations where
performance is impaired as listed below:
• Loss of performance
• Extremely high use of memory
• Change of system timing
• Inoperability of the plant
The procedures should only be executed if recommended by the service
staff of the Siemens Technical Support.
General
This option writes additional information in the user dump. (This enables and
configures "PageHeaps" in the operating system.)
This information might be useful if you have memory swell or memory overflows on
your system.
The "gflags" tool is installed automatically when you install the Microsoft Windows
Software Development Kit (SDK).
The tool is in the following path:
• For the supervision of 32-bit processes
C:\Programs\Windows Kits\ 8.0\ Debuggers\x86
• For the supervision of 64-bit processes
C:\Programs (X86)\Windows Kits\ 8.0\ Debuggers\x64
Table 5-1
No. Procedure
1 Click the "Start" button on the Windows desktop.
Enter "cmd" in the input field and confirm with "OK".
Open the context menu of the "cmd.exe" file and select "Run as administrator".
Confirm the system query with "Yes".
© Siemens AG 2021 All rights reserved
No. Procedure
3 Now enter one of the commands below according to whether you want to enable or disable
"gflags":
The command for enabling "gflags" for the "script.exe" is:
"gflags -p /enable script.exe /full"
Note
In the case of memory overwrites you need the "/full" parameter.
In the case of memory usage you do not need the "/full" parameter.
Please check out the use of the "/full" parameter with our Technical Support.
The screenshot below shows how the commands given above are executed. In the first line
"gflags" is enabled. In the second and third lines the change is queried.
In the next line "gflags" is disabled and then the change is checked.
© Siemens AG 2021 All rights reserved
4 Restart the computer now to apply the settings in the Registry. As of now the additional
information is written in the dumps.
Note
It is mandatory to disable "gflags" after completing the examination.
6 Usage of ProcDump
The program Adplus triggers the creation of a memory dump, as soon as the
access violation with the error code 0xC0000005 happens. If another error code
occurs, Adplus might not trigger a memory dump. The command line tool
ProcDump can trigger the creation of memory dumps for any error with an error
code that might occur.
System requirements
• Windows Vista or higher
• Windows Server 2008 or higher
6.1 Approach
Nr. Approach
1 Download the program ProcDump V9.0:
https://docs.microsoft.com/en-US/sysinternals/downloads/procdump
2 Unpack the ZIP-file into a folder of your choice (e.g. c\temp). The
subsequent memory dumps will also be placed in this folder.
3 Click the "Start" button on the Windows desktop. Enter "cmd" in the input
field and confirm with "OK". Open the context menu of the "cmd.exe" file
© Siemens AG 2021 All rights reserved
and select "Run as administrator". Confirm the system query with "Yes".
4 Navigate to the directory, where the ProcDump files are located inside the
cmd. In this case its "c:\temp".
Further details on parameters can be taken from the following table or the
URL:
https://docs.microsoft.com/en-US/sysinternals/downloads/procdump
Parameter Description
-n 5 Number of dumps to write before exiting.
6.2 Notes
• The memory dumps are saved by the following:
"PROCESSNAME_YYMMDD_HHMMSS"
• If you want to stop the monitoring of the process, without closing it, you can
press "Ctrl-C" or close the cmd.exe.
7 Glossary
dmp/dump file
Backup of the memory dump of a running process.
Using this backup it is possible to retrace the software behavior at a specific point in
time (time of creation, for example).
The information cannot be evaluated by end users.
Debugging information
Applications can generate additional analysis information. This information is generally
invisible to the end user and can only be seen using the appropriate tools.
Exception
Exceptional situation in an application that can either be detected and remedied in the
program or which leads to a crash.
Access Violation
In the application there is unauthorized access to memory areas, which can lead to
abortion of the application, for example.
© Siemens AG 2021 All rights reserved