开发者

creating a dump file for a managed (.net) application using windbg (or mscordmp)

开发者 https://www.devze.com 2022-12-17 19:41 出处:网络
I\'m looking into creating dump files for a managed process. I know that I can use windbg to create a dump file, but I\'m wondering if their are any special flags that I should pass to the \".dump\"

I'm looking into creating dump files for a managed process.

I know that I can use windbg to create a dump file, but I'm wondering if their are any special flags that I should pass to the ".dump" command, given that it's a managed application in开发者_如何学Gostead of a native one.

a related side question: I've heard of a tool called mscordmp.exe (if you google it, you can find mention of it online). Is mscordmp still relevant? I can't find a download point for it anywhere, but I thought it might be better suited for dumping managed memory than windbg.


You should use /ma to create full memory dump. Otherwise sos will complain that managed analysis will be very limited.


No, there's no any special flags related to managed application, windbg just creates memory dump, it's raw data. It is the purpose of your analysis tool to know whether your dump was created for managed application or unmanaged.

If speaking about analysing managed application, you there can be the following steps:

  1. attach windbg to process running managed application
  2. run .dump /ma <outputfilename.dmp>. It creates dump file, this operation can take about several minutes depending on memory consumed by process. The /ma flag orders to create full memory dump of attached process with all options enabled (it is not full system dump, only attached process).
  3. detach from process, it can continue to run, while you can load dump file into windbg and analyse it.
  4. sos.dll is the common windbg extension for analysing managed applications.

p.s. There can be problem enabling sos.dll with .load sos.dll, in that case you can try .loadby sos mscorwks.

0

精彩评论

暂无评论...
验证码 换一张
取 消