Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
797 views
in Technique[技术] by (71.8m points)

windbg - How do I take a good crash dump for .NET?

I have captured a crash dump of my 32 bit .NET application running on a 64 bit Windows operating system. During the analysis somebody found out that I have a 64 bit dump and told me that it is not possible to analyze this dump due to wrong bitness.

When using Windows Task Manager to create the dump, I was not aware that I was doing something wrong. This always worked for 32 bit operating systems.

How can I take a good dump for .NET, especially with the correct bitness?

Question&Answers:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Why is bitness relevant here?

The bitness matters for .NET applications for the following reasons:

  • a DAC (data access control) library (mscordakwks.dll) of the correct bitness is needed. There's no cross-bitness DAC available.
  • the debugger needs to be able to load the SOS debugging extension of the correct bitness

It is not possible to convert a dump from 64 bit to 32 bit, although in theory it should contain all necessary information.

If you're feeling lucky, you can also try some of the instructions anyway

How to detect the bitness of an application?

If you don't know the bitness, you can find it out like this:

Windows 7 Task Manager shows *32 on processes: Windows 7 Task Manager

In Windows 8 task manager, go to the Details tab and add a column named Platform: Windows 8 Task Manager

Visual Studio shows the bitness when attaching to the process: Bitness in Visual Studio

Process Explorer can be configured to show the Image Type column: Bitness in Process Explorer

Tools

Programs which detect bitness automatically:

Tools which capture a dump with specific bitness:

  • 64 Bit: default Task Manager on a 64 bit OS
  • 32 Bit: Task manager run from %windir%SysWOW64askmgr.exe on a 64 Bit OS
  • 64 Bit: ProcDump run with the -64 command line switch
  • 32 Bit: WinDbg x86 version
  • 64 Bit: WinDbg x64 version
  • 32 Bit: DebugDiag x86 version
  • 64 Bit: DebugDiag x64 version
  • 32 Bit: ADPlus x86 version
  • 64 Bit: ADPlus x64 version

Just choose the bitness according to your application, not according the OS.

Why is memory relevant here?

For .NET you need a full memory dump, otherwise you cannot figure out the content of the objects. To include full memory, do the following:

  • in WinDbg, specify /ma when doing .dump
  • in Process Explorer, choose "Create full dump" (although technically, the result is still a minidump)
  • in ProcDump , apply the -ma command line switch
  • in Visual Studio, choose "Minidump with heap"
  • Task Manager will always create a dump with full memory
  • For Windows Error Reporting LocalDumps set DumpType to 2

Visual Studio instructions

I found out that many developers aren't even aware that Visual Studio can create dumps. The reason probably is that the menu is invisible for a long time. These are the steps:

  • Start Visual Studio: menu is invisible
  • Attach to a process: menu is still invisible
  • Break: menu becomes visible (find it under Debug / Save dump as)

Why 64 bit dumps of 32 bit applications at all?

Probably just for debugging the WoW64 layer itself.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...