使用WinDBG分析、调试dump文件

最新推荐文章于 2024-10-16 10:01:53 发布

weixin_34101784

最新推荐文章于 2024-10-16 10:01:53 发布

阅读量174

点赞数

原文链接：http://www.cnblogs.com/peijihui/archive/2011/03/22/1991731.html

版权

本文介绍了解决因MS Cordacwks.dll版本不一致导致的Windbg扩展命令无法正常工作的问题。通过复制匹配版本的MS Cordacwks.dll文件并放置到Windbg搜索路径中，可以有效解决该问题。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

.load C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll

!dumpheap -stat

!dumpheap -mt <内存地址>

问题1、如何处理源dump文件的mscordacwks.dll文件与调试机上的版本不一致问题而无法使用extension cmd的问题

问题描述：

当抓取了问题机器上的managed application的dump文件之后，而在另外一台机器上对该dump进行分析时。如果问题机器和目标机器的mscordacwks.dll版本不一致，则在 .load C:\Windows\Microsoft.NET\Framework\v2.0.50727\sos.dll之后目标机器上找不到正确的mscordacwks.dll而导致无法使用debugger extension command.

例如随便键入一个extension command: !dumpheap

收到的错误信息如下：

*** ERROR: Symbol file could not be found. Defaulted to export symbols for mscorwks.dll -
PDB symbol for mscorwks.dll not loaded
Failed to load data access DLL, 0x80004005
Verify that 1) you have a recent build of the debugger (6.2.14 or newer)
            2) the file mscordacwks.dll that matches your version of mscorwks.dll is
                in the version directory
            3) or, if you are debugging a dump file, verify that the file
                mscordacwks_<arch>_<arch>_<version>.dll is on your symbol path.
            4) you are debugging on the same architecture as the dump file.
                For example, an IA64 dump file must be debugged on an IA64
                machine.

You can also run the debugger command .cordll to control the debugger's
load of mscordacwks.dll. .cordll -ve -u -l will do a verbose reload.
If that succeeds, the SOS command should work on retry.

If you are debugging a minidump, you need to make sure that your executable
path is pointing to mscorwks.dll as well.

用.cordll -ve -u -l看看

CLRDLL: C:\WINDOWS\Microsoft.NET\Framework\v2. 0.50727 \mscordacwks.dll: 2.0 . 50727.1434 f: 0
doesn ' t match desired version 2.0.50727.1433 f:0
CLRDLL: Unable to find mscordacwks_x86_x86_2. 0.50727 . 1433 .dll by mscorwks search
CLRDLL: Unable to find ' mscordacwks_x86_x86_2.0.50727.1433.dll ' on the path
CLRDLL: Unable to find mscorwks.dll by search
CLRDLL: ERROR: Unable to load DLL mscordacwks_x86_x86_2. 0.50727 . 1433 .dll, Win32 error 0n2
CLR DLL status: ERROR: Unable to load DLL mscordacwks_x86_x86_2. 0.50727 . 1433 .dll, Win32 error 0n2

原来调试机器上的mscordacwks.dll和所抓取dump时的mscordacwks.dll所需要的dll版本不一致。怎么办？很简单，就是把发生问题的客户机上的mscordackws.dll文件copy过来，然后将其rename为其所需要的文件名，并将其放置到适当的search path下。这里最适合的search path就是windbg安转文件夹下了。

然后用.cordll -ve -u -l 看看，结果如下：