error while backing up oracle database using rman - rman

I have a RMAN backup of 11G Release 1; the backup is full backup mean it includes control file, datafiles and archivelogs. The database name is ORCL and OS is windows XP.
Now I want to restore this backup on new machine, the new machine is also windows XP and the directory structure is 100% same as on old machine.
What I do on new machine; I install the 11 G R1 and create database with name of ORCL and copy the rman backup folder on new machine in same directory as it was on old machine.
I got the problem (RMAN-03002) while recover the database.
Below the following steps.
C:\> sqlplus sys/kris#orcl as sysdba
Sql> shutdown immediate;
Sql> exit;
C:\> set oracle_sid = orcl
C:\> rman
RMAN> connect target orcl
RMAN> startup nomount;
RMAN> restore controlfile from autobackup;
Starting restore at 16-DEC-12
using target database control file instead of recovery catalog
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=152 device type=DISK
recovery area destination: D:\app\administrator\flash_recovery_area
database name (or database unique name) used for search: ORCL
channel ORA_DISK_1: AUTOBACKUP D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\AUT
OBACKUP\2012_12_12\O1_MF_S_801849930_8DJQHTTW_.BKP found in the recovery area
AUTOBACKUP search with format "%F" not attempted because DBID was not set
channel ORA_DISK_1: restoring control file from AUTOBACKUP D:\APP\ADMINISTRATOR\
FLASH_RECOVERY_AREA\ORCL\AUTOBACKUP\2012_12_12\O1_MF_S_801849930_8DJQHTTW_.BKP
channel ORA_DISK_1: control file restore from AUTOBACKUP complete
output file name=D:\APP\ADMINISTRATOR\ORADATA\ORCL\CONTROL01.CTL
output file name=D:\APP\ADMINISTRATOR\ORADATA\ORCL\CONTROL02.CTL
output file name=D:\APP\ADMINISTRATOR\ORADATA\ORCL\CONTROL03.CTL
Finished restore at 16-DEC-12
RMAN> alter database mount;
database mounted
released channel: ORA_DISK_1
RMAN> catalog recovery area;
Starting implicit crosscheck backup at 16-DEC-12
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=152 device type=DISK
Crosschecked 5 objects
Finished implicit crosscheck backup at 16-DEC-12
Starting implicit crosscheck copy at 16-DEC-12
using channel ORA_DISK_1
Finished implicit crosscheck copy at 16-DEC-12
searching for all files in the recovery area
cataloging files...
cataloging done
List of Cataloged Files
=======================
File Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2012_12_12\O
1_MF_1_1450_8DK6YO0M_.ARC
File Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2012_12_13\O
1_MF_1_1451_8DLPSYDY_.ARC
File Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2012_12_13\O
1_MF_1_1452_8DLVBJZ7_.ARC
File Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2012_12_13\O
1_MF_1_1452_8DM0LM1L_.ARC
File Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2012_12_13\O
1_MF_1_1453_8DM0LM1L_.ARC
File Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2012_12_13\O
1_MF_1_1454_8DM0NQ8X_.ARC
File Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\AUTOBACKUP\2012_12_12\O
1_MF_S_801849930_8DJQHTTW_.BKP
searching for all files in the recovery area
List of Files Unknown to the Database
=====================================
File Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2012_12_13\O
1_MF_1_1453_8DLXCJOB_.ARC
Do you really want to catalog the above files (enter YES or NO)? Y
cataloging files...
no files cataloged
List of Files Which Where Not Cataloged
=======================================
File Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2012_12_13\O
1_MF_1_1453_8DLXCJOB_.ARC
RMAN-07517: Reason: The file header is corrupted
RMAN> list backup;
List of Backup Sets
===================
BS Key Size Device Type Elapsed Time Completion Time
------- ---------- ----------- ------------ ---------------
512 245.35M DISK 00:00:39 12-DEC-12
BP Key: 512 Status: AVAILABLE Compressed: NO Tag: TAG20121212T160059
Piece Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\BACKUPSET\2012
_12_12\O1_MF_ANNNN_TAG20121212T160059_8DJQ7OF3_.BKP
List of Archived Logs in backup set 512
Thrd Seq Low SCN Low Time Next SCN Next Time
---- ------- ---------- --------- ---------- ---------
1 1440 487654314 09-DEC-12 487695982 10-DEC-12
1 1441 487695982 10-DEC-12 487719639 10-DEC-12
1 1442 487719639 10-DEC-12 487741536 10-DEC-12
1 1443 487741536 10-DEC-12 487741634 10-DEC-12
1 1444 487741634 10-DEC-12 487771824 10-DEC-12
1 1445 487771824 10-DEC-12 487803737 12-DEC-12
1 1446 487803737 12-DEC-12 487810247 12-DEC-12
1 1447 487810247 12-DEC-12 487819910 12-DEC-12
1 1448 487819910 12-DEC-12 487837944 12-DEC-12
BS Key Type LV Size Device Type Elapsed Time Completion Time
------- ---- -- ---------- ----------- ------------ ---------------
513 Full 1.94G DISK 00:03:18 12-DEC-12
BP Key: 513 Status: AVAILABLE Compressed: NO Tag: TAG20121212T160150
Piece Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\BACKUPSET\2012
_12_12\O1_MF_NNNDF_TAG20121212T160150_8DJQ92L5_.BKP
List of Datafiles in backup set 513
File LV Type Ckp SCN Ckp Time Name
---- -- ---- ---------- --------- ----
1 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\SYSTEM01.D
BF
2 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\SYSAUX01.D
BF
3 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\UNDOTBS01.
DBF
4 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\USERS01.DB
F
5 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\EXAMPLE01.
DBF
6 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_SMILE.
DBF
7 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_GENERA
L.DBF
8 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_EMR.DB
F
9 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_DIAGNO
STICS.DBF
10 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_PHARMA
CY.DBF
11 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_PATIEN
T.DBF
12 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_ACCOUN
T.DBF
13 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_INVENT
ORY.DBF
14 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_HR.DBF
15 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_DUMMY.
DBF
16 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_AUDIT.
DBF
17 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_FACILI
TIES.DBF
19 Full 487837993 12-DEC-12 D:\APP\ADMINISTRATOR\ORADATA\ORCL\HMS_COMMON
.DBF
BS Key Size Device Type Elapsed Time Completion Time
------- ---------- ----------- ------------ ---------------
514 222.00K DISK 00:00:06 12-DEC-12
BP Key: 514 Status: AVAILABLE Compressed: NO Tag: TAG20121212T160520
Piece Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\BACKUPSET\2012
_12_12\O1_MF_ANNNN_TAG20121212T160520_8DJQHGS1_.BKP
List of Archived Logs in backup set 514
Thrd Seq Low SCN Low Time Next SCN Next Time
---- ------- ---------- --------- ---------- ---------
1 1449 487837944 12-DEC-12 487838190 12-DEC-12
BS Key Type LV Size Device Type Elapsed Time Completion Time
------- ---- -- ---------- ----------- ------------ ---------------
515 Full 12.17M DISK 00:00:00 12-DEC-12
BP Key: 515 Status: AVAILABLE Compressed: NO Tag: TAG20121212T160530
Piece Name: D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\AUTOBACKUP\201
2_12_12\O1_MF_S_801849930_8DJQHTTW_.BKP
SPFILE Included: Modification time: 12-DEC-12
SPFILE db_unique_name: ORCL
Control File Included: Ckp SCN: 487838210 Ckp time: 12-DEC-12
RMAN> run {
Set until 1450 …. [sequence number taking from list backup command]
Restore database;
Recover database;
}
executing command: SET until clause
Starting restore at 16-DEC-12
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00001 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\SYSTEM01.DBF
channel ORA_DISK_1: restoring datafile 00002 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\SYSAUX01.DBF
channel ORA_DISK_1: restoring datafile 00003 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\UNDOTBS01.DBF
channel ORA_DISK_1: restoring datafile 00004 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\USERS01.DBF
channel ORA_DISK_1: restoring datafile 00005 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\EXAMPLE01.DBF
channel ORA_DISK_1: restoring datafile 00006 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_SMILE.DBF
channel ORA_DISK_1: restoring datafile 00007 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_GENERAL.DBF
channel ORA_DISK_1: restoring datafile 00008 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_EMR.DBF
channel ORA_DISK_1: restoring datafile 00009 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_DIAGNOSTICS.DBF
channel ORA_DISK_1: restoring datafile 00010 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_PHARMACY.DBF
channel ORA_DISK_1: restoring datafile 00011 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_PATIENT.DBF
channel ORA_DISK_1: restoring datafile 00012 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_ACCOUNT.DBF
channel ORA_DISK_1: restoring datafile 00013 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_INVENTORY.DBF
channel ORA_DISK_1: restoring datafile 00014 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_HR.DBF
channel ORA_DISK_1: restoring datafile 00015 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_DUMMY.DBF
channel ORA_DISK_1: restoring datafile 00016 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_AUDIT.DBF
channel ORA_DISK_1: restoring datafile 00017 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_FACILITIES.DBF
channel ORA_DISK_1: restoring datafile 00019 to D:\APP\ADMINISTRATOR\ORADATA\ORC
L\HMS_COMMON.DBF
channel ORA_DISK_1: reading from backup piece D:\APP\ADMINISTRATOR\FLASH_RECOVER
Y_AREA\ORCL\BACKUPSET\2012_12_12\O1_MF_NNNDF_TAG20121212T160150_8DJQ92L5_.BKP
channel ORA_DISK_1: piece handle=D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\B
ACKUPSET\2012_12_12\O1_MF_NNNDF_TAG20121212T160150_8DJQ92L5_.BKP tag=TAG20121212
T160150
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:04:55
Finished restore at 16-DEC-12
Starting recover at 16-DEC-12
using channel ORA_DISK_1
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of recover command at 12/16/2012 14:13:39
ORA-19698: D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO01.LOG is from different databa
se: id=1329913169, db_name=ORCL

Yes, I know it's a bit too late, but it looks like that redolog (as well as its probably neighbours from the same directory) just left stalled from your previous experiments from other database there.

Related

How do I exclude a subfolder of a subfolder in compress-archive

I want to zip a folder containing files, and subfolders containing more files and more subfolders. But I want exclude just one subfolder of a subfolder. I have seen many various complicated answers but none seem to really work on this scenario.
folder structure
temp/
a/
aa/
aaa/
aaaa/
filesinaaaa.txt
filesinaaa.txt
filesinaa.txt
at.txt
b/
bb/
bt.txt
c.txt
I want to exclude all files in a/aa/aaa/ while keeping the resulting zip in the same dir structure. And if possible remove the files that were included in the zip.
So result expected is
temp/
a/
aa/
aaa/
aaaa/
filesinaaaa.txt
filesinaaa.txt
result.zip
In linux it is as simple as
cd temp
zip -rm result.zip . -x "a/aa/aaa/*"
what is the simplest way to do this in powershell?
answers i've tried do not really work on subfolder of a subfolder.
Exclude sub-directories from Compress-Archive Powershell Cmd
How do I exclude a folder in compress-archive
over complicated result
Archive folder without some subfolders and files using PowerShell
You can use 7z CLI to do so, here is the doc explaining the usage of -x option in 7z
Showing an example of the option below for reference
The directory structure explained in the question:
C:\Users\adam_\Desktop\temp〉dir -R
a b c.txt
./a:
aa at.txt
./a/aa:
aaa filesinaa.txt
./a/aa/aaa:
aaaa filesinaaa.txt
./a/aa/aaa/aaaa:
filesinaaaa.txt
./b:
bb bt.txt
./b/bb:
Creating the archive:
PS C:\Users\adam_\Desktop\temp> 7z a -tzip result.zip . -x!a/aa/aaa/*
7-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21
Scanning the drive:
5 folders, 4 files, 63 bytes (1 KiB)
Creating archive: result.zip
Add new data to archive: 5 folders, 4 files, 63 bytes (1 KiB)
Files read from disk: 4
Archive size: 1217 bytes (2 KiB)
Everything is Ok
Result archive details:
PS C:\Users\adam_\Desktop\temp> 7z l .\result.zip
7-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21
Scanning the drive for archives:
1 file, 1217 bytes (2 KiB)
Listing archive: .\result.zip
--
Path = .\result.zip
Type = zip
Physical Size = 1217
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
2022-05-05 09:48:37 D.... 0 0 a
2022-05-05 09:48:12 D.... 0 0 a\aa
2022-05-05 09:47:45 D.... 0 0 a\aa\aaa
2022-05-05 09:48:12 ....A 13 13 a\aa\filesinaa.txt
2022-05-05 09:48:37 ....A 13 13 a\at.txt
2022-05-05 09:49:20 D.... 0 0 b
2022-05-05 09:48:58 D.... 0 0 b\bb
2022-05-05 09:49:20 ....A 19 19 b\bt.txt
2022-05-05 09:49:56 ....A 18 18 c.txt
------------------- ----- ------------ ------------ ------------------------
2022-05-05 09:49:56 63 63 4 files, 5 folders

WinDbg "Failed to load data access DLL"

there is a .NET application that seems to have memory leak in the unmanaged heap. I found a promising blog that explains how to debug the unmanaged heap and trace the heap frames up to the managed functions that caused the memory allocation (https://www.deleaker.com/blog/2021/03/19/unmanaged-memory-leaks-in-dotnet/). As I'm a first time windbg user, I decided to repeat the example shown in the blog. I copypasted the code, downloaded the debug tool package and used the windbg as suggested. Here is whgere I get stuck:
Microsoft (R) Windows Debugger Version 10.0.22000.194 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
*** wait with pending attach
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
ModLoad: 00000000`00120000 00000000`00128000 C:\<MyPath>\WinDbgTest.exe
ModLoad: 00007ffe`c4c10000 00007ffe`c4e05000 C:\WINDOWS\SYSTEM32\ntdll.dll
ModLoad: 00000000`77800000 00000000`779a3000 ntdll.dll
ModLoad: 00007ffe`c3180000 00007ffe`c31d9000 C:\WINDOWS\System32\wow64.dll
ModLoad: 00007ffe`c30d0000 00007ffe`c3153000 C:\WINDOWS\System32\wow64win.dll
ModLoad: 00000000`777f0000 00000000`777fa000 C:\WINDOWS\System32\wow64cpu.dll
ModLoad: 00000000`74890000 00000000`748e2000 mscoree.dll
ModLoad: 00000000`75e50000 00000000`75f40000 KERNEL32.dll
ModLoad: 00000000`76f40000 00000000`77154000 KERNELBASE.dll
ModLoad: 00000000`756b0000 00000000`7572a000 ADVAPI32.dll
ModLoad: 00000000`75730000 00000000`757ef000 msvcrt.dll
ModLoad: 00000000`75be0000 00000000`75c55000 SECHOST.dll
ModLoad: 00000000`76610000 00000000`766d0000 RPCRT4.dll
ModLoad: 00000000`74760000 00000000`747ed000 mscoreei.dll
ModLoad: 00000000`766d0000 00000000`76715000 SHLWAPI.dll
ModLoad: 00000000`74750000 00000000`7475f000 AppCore.dll
ModLoad: 00000000`74e30000 00000000`74e38000 VERSION.dll
ModLoad: 00000000`707a0000 00000000`70f50000 clr.dll
ModLoad: 00000000`75890000 00000000`75a26000 USER32.dll
ModLoad: 00000000`774e0000 00000000`774f8000 win32u.dll
ModLoad: 00000000`705b0000 00000000`7065b000 ucrtbase_clr0400.dll
ModLoad: 00000000`70660000 00000000`70674000 VCRUNTIME140_CLR0400.dll
ModLoad: 00000000`76ec0000 00000000`76ee3000 GDI32.dll
ModLoad: 00000000`75c60000 00000000`75d3c000 gdi32full.dll
ModLoad: 00000000`76810000 00000000`7688b000 msvcp_win.dll
ModLoad: 00000000`75a30000 00000000`75b50000 ucrtbase.dll
ModLoad: 00000000`75f50000 00000000`75f75000 IMM32.dll
ModLoad: 00000000`6f180000 00000000`7058e000 mscorlib.ni.dll
ModLoad: 00000000`76060000 00000000`76143000 ole32.dll
ModLoad: 00000000`77560000 00000000`777e2000 combase.dll
ModLoad: 00000000`76e50000 00000000`76ead000 bcryptPrimitives.dll
ModLoad: 00000000`6f0f0000 00000000`6f17a000 clrjit.dll
ModLoad: 00000000`757f0000 00000000`75886000 OLEAUT32.dll
(745c.6ac0): Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
00007ffe`c4cb0810 cc int 3
0:005> !heap -s
************************************************************************************************************************
NT HEAP STATS BELOW
************************************************************************************************************************
NtGlobalFlag enables following debugging aids for new heaps:
stack back traces
LFH Key : 0xca6fcf0f30c2eb6b
Termination on corruption : ENABLED
Heap Flags Reserv Commit Virt Free List UCR Virt Lock Fast
(k) (k) (k) (k) length blocks cont. heap
-------------------------------------------------------------------------------------
0000000001db0000 08000002 60 32 60 11 5 1 0 0
0000000000150000 08008000 64 4 64 2 1 1 0 0
-------------------------------------------------------------------------------------
0:005> !heap -stat -h 0000000001db0000
heap # 0000000001db0000
group-by: TOTSIZE max-display: 20
size #blocks total ( %) (percent of total busy bytes)
2094 1 - 2094 (48.69)
838 1 - 838 (12.28)
800 1 - 800 (11.96)
120 5 - 5a0 (8.41)
1d8 2 - 3b0 (5.51)
100 3 - 300 (4.48)
238 1 - 238 (3.32)
50 4 - 140 (1.87)
42 3 - c6 (1.16)
3c 2 - 78 (0.70)
62 1 - 62 (0.57)
48 1 - 48 (0.42)
30 1 - 30 (0.28)
28 1 - 28 (0.23)
10 1 - 10 (0.09)
4 1 - 4 (0.02)
0:005> !heap -flt s 2094
_HEAP # 1db0000
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
0000000001db10c0 020c 0000 [00] 0000000001db10f0 02094 - (busy)
unknown!printable
_HEAP # 150000
0:005> !heap -p -a 0000000001db10f0
address 0000000001db10f0 found in
_HEAP # 1db0000
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
0000000001db10c0 020c 0000 [00] 0000000001db10f0 02094 - (busy)
unknown!printable
7ffec4c3b49d ntdll!RtlpAllocateHeapInternal+0x0000000000000a7d
7ffec4c5dce1 ntdll!RtlpInitEnvironmentBlock+0x0000000000000049
7ffec4ce27c1 ntdll!LdrpInitializeProcess+0x0000000000000ba1
7ffec4c84ceb ntdll!LdrpInitialize+0x000000000000015f
7ffec4c84b73 ntdll!LdrpInitialize+0x000000000000003b
7ffec4c84b1e ntdll!LdrInitializeThunk+0x000000000000000e
0:005> .load C:\<DllPath>\WinDbgDlls\sos.dll
0:005> !ip2md 7ffec4c84b1e
Failed to load data access DLL, 0x80004005
Verify that 1) you have a recent build of the debugger (6.2.14 or newer)
2) the file mscordacwks.dll that matches your version of clr.dll is
in the version directory or on the symbol path
3) or, if you are debugging a dump file, verify that the file
mscordacwks_<arch>_<arch>_<version>.dll is on your symbol path.
4) you are debugging on supported cross platform architecture as
the dump file. For example, an ARM dump file must be debugged
on an X86 or an ARM machine; an AMD64 dump file must be
debugged on an AMD64 machine.
You can also run the debugger command .cordll to control the debugger's
load of mscordacwks.dll. .cordll -ve -u -l will do a verbose reload.
If that succeeds, the SOS command should work on retry.
If you are debugging a minidump, you need to make sure that your executable
path is pointing to clr.dll as well.
0:005> .cordll -ve -u -l
CLR DLL status: No load attempts
Everything seems to work until I call !ip2md, here comes a "Failed to load data access DLL". Following some google results I have put the clr.dll, SOS.dll and mscordacwks.dll in one folder and made sure that they all have the same bitness and the same version.
How to proceed?
Instead of loading a specific version of SOS located somewhere on your PC, let .NET decide which version to load.
Replace
.load C:\<DllPath>\WinDbgDlls\sos.dll
by
.loadby sos clr
This tells WinDbg to load the SOS extension from whatever place CLR was loaded from. This will make sure that the versions match and the DAC matches as well.
.loadby may depend on the .NET version
.loadby sos mscorwks ; *** .NET 2
.loadby sos clr ; *** .NET 4
.loadby sos coreclr ; *** Silverlight and .NET Core

Windbg: USER mode dump, windows event is set or not

I am trying to debug dump, my USER mode STOPPED_PENDING service, just checking whether service stop event "MySvcStopEvent" is Set or Not, I got event handle, tried to dump handle details,
0:002> !handle 0x00000000`00000164 f
Handle 0000000000000164
Type Event
Attributes 0
GrantedAccess 0x1f0003:
Delete,ReadControl,WriteDac,WriteOwner,Synch
QueryState,ModifyState
HandleCount 3
PointerCount 785993
Name \BaseNamedObjects\MySvcStopEvent
Object specific information
Not able to figure out whether event set or not?
As Commented Object Specific Information will be displayed only if they are present in the dump
you may have to create the dump using appropriate options to make sure the info you seek is included in the dump
here is a live target display for Handle Type EVENT
0:000> !handle 0 f EVENT
Handle 4
Type Event
Attributes 0
GrantedAccess 0x1f0003:
Delete,ReadControl,WriteDac,WriteOwner,Synch
QueryState,ModifyState
HandleCount 2
PointerCount 32769
Name <none>
Object Specific Information
Event Type Manual Reset
Event is Waiting
Handle c
Type Event
Attributes 0
GrantedAccess 0x1f0003:
Delete,ReadControl,WriteDac,WriteOwner,Synch
QueryState,ModifyState
HandleCount 2
PointerCount 65537
Name <none>
Object Specific Information
Event Type Auto Reset
Event is Waiting
Handle 3c
Type Event
Attributes 0
GrantedAccess 0x1f0003:
Delete,ReadControl,WriteDac,WriteOwner,Synch
QueryState,ModifyState
HandleCount 2
PointerCount 65535
Name <none>
Object Specific Information
Event Type Auto Reset
Event is Set
Handle 40
Type Event
Attributes 0
GrantedAccess 0x1f0003:
Delete,ReadControl,WriteDac,WriteOwner,Synch
QueryState,ModifyState
HandleCount 2
PointerCount 65536
Name <none>
Object Specific Information
Event Type Auto Reset
Event is Set
4 handles of type Event
you can use the dumpchk tool that is provided in the windbg package to check the dumps it parses the _MINIDUMP_HEADER and emits statistics of the input dmp file
among which the Number OfStreams or _MINIDUMP_HEADER flags indicate the amount of data that is present in the dump file
the four dump files below are created with
.dump,.dump /f , .dump /h , .dump/ma using windbg on a random process and the relevant signals grepped and posted
F:\>f:\git\usr\bin\ls.exe -lag *.dmp
-rw-r--r-- 1 197121 7979145 Sep 20 13:09 bar.dmp
-rw-r--r-- 1 197121 7989384 Sep 20 13:10 blah.dmp
-rw-r--r-- 1 197121 9180 Sep 20 13:09 foo.dmp
-rw-r--r-- 1 197121 11198 Sep 20 13:10 hand.dmp
F:\>f:\git\usr\bin\ls.exe -lag *.txt
-rw-r--r-- 1 197121 8612 Sep 20 13:12 bar.txt
-rw-r--r-- 1 197121 22447 Sep 20 13:12 blah.txt
-rw-r--r-- 1 197121 13912 Sep 20 13:11 foo.txt
-rw-r--r-- 1 197121 15458 Sep 20 13:12 hand.txt
F:\>f:\git\usr\bin\grep.exe -ir "Loading.*Dump.*File" -A 1 *.txt
bar.txt:Loading Dump File [F:\bar.dmp]
bar.txt-User Dump File: Only application data is available
--
blah.txt:Loading Dump File [F:\blah.dmp]
blah.txt-User Mini Dump File with Full Memory: Only application data is available
--
foo.txt:Loading Dump File [F:\foo.dmp]
foo.txt-User Mini Dump File: Only registers, stack and portions of memory are available
--
hand.txt:Loading Dump File [F:\hand.dmp]
hand.txt-User Mini Dump File: Only registers, stack and portions of memory are available
F:\>f:\git\usr\bin\grep.exe -ir "Number.*of.*Streams" -A 1 *.txt
blah.txt:NumberOfStreams 17
blah.txt-Flags 641826
--
foo.txt:NumberOfStreams 13
foo.txt-Flags 40000
--
hand.txt:NumberOfStreams 15
hand.txt-Flags 40004
regarding the last comment
I based that answer on this quote from the documentation and it worked for me a few times when I needed it but the answer wasn't validated by the op and was commented to be superfluous.
the quote from documentation in Remarks Section
However, you cannot use this extension on user-mode dump files, unless you specifically created them with handle information. (You can create such dump files by using the .dump /mh (Create Dump File) command.)
Curiosity always kills the cat EDIT
created 3 dumps using sysinternals procdump on a win10 64 bit machine
using 64 bit debuggee.
loaded them all in windbg to look for Handle type Event
all of them have handle data and all of them have object specific information.
so obviously this is a coin toss problem or probably a 64 bit 32 bit weird corner case issue maybe
no conclusive evidence for pro or con could be derived
f:\src\wait>f:\sysint\procdump.exe -mm wait.exe waitmm.dmp
f:\src\wait>f:\sysint\procdump.exe -ma wait.exe waitma.dmp
f:\src\wait>f:\sysint\procdump.exe -mc ffffffff wait.exe waitmc.dmp
f:\src\wait>f:\git\usr\bin\ls -lag *.dmp
-rw-r--r-- 1 197121 7003583 Sep 23 17:47 waitma.dmp
-rw-r--r-- 1 197121 124387 Sep 23 17:47 waitmc.dmp
-rw-r--r-- 1 197121 124369 Sep 23 17:47 waitmm.dmp
f:\src\wait>cdb -c "!handle 0 f Event;q" -z waitmc.dmp
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
0:000> cdb: Reading initial command '!handle 0 f Event;q'
Handle 0000000000000004
Type Event
Attributes 0
GrantedAccess 0x1f0003:
Delete,ReadControl,WriteDac,WriteOwner,Synch
QueryState,ModifyState
HandleCount 2
PointerCount 65537
Name <none>
Object specific information
Event Type Manual Reset
Event is Set
Handle 0000000000000008
Type Event
Attributes 0
GrantedAccess 0x1f0003:
Delete,ReadControl,WriteDac,WriteOwner,Synch
QueryState,ModifyState
HandleCount 2
PointerCount 65538
Name <none>
Object specific information
Event Type Auto Reset
Event is Waiting
4 handles of type Event
quit:
f:\src\wait>cdb -c "!handle 0 f Event;q" -z waitma.dmp
0:000> cdb: Reading initial command '!handle 0 f Event;q'
Handle 0000000000000004
Type Event
Attributes 0
GrantedAccess 0x1f0003:
Delete,ReadControl,WriteDac,WriteOwner,Synch
QueryState,ModifyState
HandleCount 2
PointerCount 65537
Name <none>
Object specific information
Event Type Manual Reset
Event is Set
Handle 0000000000000008
Type Event
Attributes 0
GrantedAccess 0x1f0003:
Delete,ReadControl,WriteDac,WriteOwner,Synch
QueryState,ModifyState
HandleCount 2
PointerCount 65538
Name <none>
Object specific information
Event Type Auto Reset
Event is Waiting
4 handles of type Event
quit:
f:\src\wait>cdb -c "!handle 0 f Event;q" -z waitmm.dmp
0:000> cdb: Reading initial command '!handle 0 f Event;q'
Handle 0000000000000004
Type Event
Attributes 0
GrantedAccess 0x1f0003:
Delete,ReadControl,WriteDac,WriteOwner,Synch
QueryState,ModifyState
HandleCount 2
PointerCount 65537
Name <none>
Object specific information
Event Type Manual Reset
Event is Set
Handle 0000000000000008
Type Event
Attributes 0
GrantedAccess 0x1f0003:
Delete,ReadControl,WriteDac,WriteOwner,Synch
QueryState,ModifyState
HandleCount 2
PointerCount 65538
Name <none>
Object specific information
Event Type Auto Reset
Event is Waiting
4 handles of type Event
quit:

Get disk informations without using WMI

I'm using check_mk as monitoring solution and I disabled WMI service cause it create timeout when check_mk query for information.
Get-WmiObject / Get-Disk / Get-PSDrive use WMI service to get information and I would like to get disk information like total space, used space etc without using WMI beacause I can't.
Do you know any workaround do to that?
TL;DR -
(echo select disk=0 & echo list partition & (for /l %A in (1,1,10) do #echo select disk=next &#echo list partition)) | diskpart | findstr /i /v /r "^$ > microsoft ^reached ^select ^there ^the\ start"
Details -
The 'diskpart.exe' command can get you what you want. It requires admin rights, but since you mentioned disabling services, that didn't sound like an issue.
Rather than interacting with DISKPART's unique menu system, this example will blindly request the list of partitions on the first 11 disks (and filter away unnecessary lines..). Should be enough.
:-)
Cmd:
(echo select disk=0 & echo list partition & (for /l %A in (1,1,10) do #echo select disk=next &#echo list partition)) | diskpart | findstr /i /v /r "^$ > microsoft ^reached ^select ^there ^the\ start"
Output From My Live System:
Disk 0 is now the selected disk.
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB
Disk 1 is now the selected disk.
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 350 MB 1024 KB
Partition 2 Primary 270 GB 351 MB
Partition 3 Recovery 845 MB 271 GB
Partition 4 Primary 204 GB 272 GB
Disk 2 is now the selected disk.
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

Process information in dump

I learnt that .tlist command in windbg dumps all the processes running in the system at the time of creating crash dump.
I would like to see the Memory Information of each process. So that it will help me to see if the system is over loaded by any specific process.
!process 0 1 will list all the processes and show memory related info for each. I issued this command using livekd and got all the processes. And here's my chrome process (which I picked out from the output):
PROCESS fffffa8007cb4200
SessionId: 1 Cid: 1158 Peb: 7efdf000 ParentCid: 0ff8
DirBase: 1b7962000 ObjectTable: fffff8a00addb010 HandleCount: 135.
Image: chrome.exe
VadRoot fffffa80090a6f80 Vads 169 Clone 0 Private 4037. Modified 3702. Locked 0.
DeviceMap 0000000000000000
Token fffff8a0091f9120
ElapsedTime 00:05:49.161
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (8020, 50, 345) (32080KB, 200KB, 1380KB)
PeakWorkingSetSize 10137
VirtualSize 144 Mb
PeakVirtualSize 151 Mb
PageFaultCount 66631
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 5784
Job fffffa8009822e30
Note memory related properties such as "Working Set Sizes", "Virtual Size", etc.
ps. Works with livekd and with system memory dumps (which I believe is what livekd does).
Marc
This information is not contained in process dump. .tlist queries your current system, not the state when the dump was taken. If you can take a system dump, than you can check out processes and their memory usage, as Marc Sherman already answered.