WinDbg – Quick Setup

Files

Debugging Tools for Windows

Symbols

1. SRV*<YOUR_TEMP_FOLDER>*http://msdl.microsoft.com/download/symbols

Setup steps

• 安裝

Note: 使用x64 OS時，如果你的application是32-bit，還是請安裝x86版本，這樣可以免去切換windbg到32-bit mode手續

• 指定symbol path

在windbg command line輸入

.sympath SRV*c:\tmp*http://msdl.microsoft.com/download/symbols;<OTHER_PATH1>;<OTHER_PATH2>

如果你不想每次開啟windbg都輸入的話，可以透過設定環境變數 _NT_SYMBOL_PATH的方式來讓windbg使用

(My Computer -> Properties -> Advanced System Settings -> Environment Variables)

• 載入SOS extension for managed code debugging.

.loadby sos mscorwks

這樣就可以開始使用SOS command進行分析

Note:

當運行WinDBG的機器（本機）與製造dump的機器（目標機器）不同時，你可能會framework版本不同的問題，進而導致SOS extension不能使用的情況

當你看到以下的訊息時，就是遇到這個問題

Failed to load data access DLL, 0x80004005Verify that 1) you have a recent build of the debugger (6.2.14 or newer)2) the file mscordacwks.dll that matches your version of mscorwks.dll is in the version directory 3) or, if you are debugging a dump file, verify that the file mscordacwks_<arch>_<arch>_<version>.dll is on your symbol path. 4) you are debugging on the same architecture as the dump file. For example, an IA64 dump file must be debugged on an IA64 machine. You can also run the debugger command .cordll to control the debugger’s load of mscordacwks.dll.  .cordll -ve -u -l will do a verbose reload. If that succeeds, the SOS command should work on retry. If you are debugging a minidump, you need to make sure that your executable path is pointing to mscorwks.dll as well.

你可以透過指令lmv m mscorwks來進一步確認dump的.net framework版本與本機是否相符

0:000> lmv m mscorwks start             end                 module name 00000000`69cd0000 00000000`6a261000   mscorwks   (deferred) Image path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Image name: mscorwks.dll Timestamp:        Thu Jun 04 13:23:52 2009 (4A275A68) CheckSum:         0059A5A5 ImageSize:        00591000 File version:     2.0.50727.4927 Product version:  2.0.50727.4927 File flags:       0 (Mask 3F) File OS:          4 Unknown Win32 File type:        2.0 Dll File date:        00000000.00000000 Translations:     0409.04b0 CompanyName:      Microsoft Corporation ProductName:      Microsoft® .NET Framework InternalName:     mscorwks.dll OriginalFilename: mscorwks.dll ProductVersion:   2.0.50727.4927 FileVersion:      2.0.50727.4927 (NetFXspW7.050727-4900) FileDescription:  Microsoft .NET Runtime Common Language Runtime – WorkStation LegalCopyright:   © Microsoft Corporation.  All rights reserved. Comments:         Flavor=Retail

當不相符時，請複製目標機器中的３個檔案到本機 (Ex: c:\CorrectSOS\)

• C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

這個檔案需要適當的rename，以Win7 7600為例，需要將其改成mscordacwks_x86_x86_2.0.50727.4927.dll (如上)

• C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
• C:\Windows\Microsoft.NET\Framework\v2.0.50727\sos.dll

然後將 c:\CorrectSOS加到WinDBG的search path並重載debugging modules

1. .exepath+ c:\CorrectSOS\
2. .cordll -ve -u –l