Geek Answers Handbook

Creating a dump file for a managed (.net) application using windbg (or mscordmp)

I am creating dump files for a managed process.

I know that I can use windbg to create a dump file, but I'm wondering if they have any special flags that I have to pass to the ".dump" command, given that this is a managed application instead of my own,

related question: I heard about the mscordmp.exe tool (if you recognize it, you can find it on the Internet). Is mscordmp relevant? I can’t find the download point for it anywhere, but I thought it might be better for dumping managed memory than windbg.

+6
windbg
source share
2 answers

You must use / ma to create a complete memory dump. Otherwise, sos will complain that guided analysis will be very limited.

+4
source share

No, there are no special flags associated with the managed application, no, windbg just creates a memory dump, this is raw data. The goal of your analysis tool is to find out if your dump is created for a managed application or an unmanaged one.

If we talk about analyzing a managed application, you can take the following steps:

  • attach windbg to handle a running managed application
  • run .dump /ma <outputfilename.dmp> . It creates a dump file, this operation may take several minutes depending on the amount of memory consumed by the process. The /ma flag orders the creation of a complete memory dump of the connected process with all parameters enabled (this is not a complete system dump, only the attached process).
  • Distracted from the process, it can continue to work, while you can load the dump file into windbg and analyze it.
  • sos.dll is a common windbg extension for analyzing managed applications.

ps There may be a problem allowing sos.dll with .load sos.dll , in which case you can try .loadby sos mscorwks .

0
source share

More articles:


All Articles