Analyzing a CLR .dmp file in WinDbg

4

I have a C# .NET 3.5 application created in Visual Studio 2008 that is crashing on a Windows XP SP3 (x86) PC with no development environment.

I have been able to get the .dmp file from the PC and take it back to my Windows 7 64-bit development PC and load it into WinDbg 6.12.

But, I can't see any code in the call stack from my C# application. It looks like it's entirely a native call stack.

The result from !analyze -v is below.

I have the relevant EXE, DLL, and PDB files in the same directory as the .DMP. The executable that crashed was compiled in debug mode.

I also have Visual Studio 2008, if that's easier to use. But opening the dump file in there also only shows a native call stack, nothing from my code.

How can I view the CLR call stack?

0:004> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


FAULTING_IP:
kernel32!RaiseException+53
7c812afb 5e              pop     esi

EXCEPTION_RECORD:  0392f018 -- (.exr 0x392f018)
ExceptionAddress: 7c812afb (kernel32!RaiseException+0x00000053)
   ExceptionCode: e0434f4d (CLR exception)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 80070057

PROCESS_NAME:  foo.exe

ERROR_CODE: (NTSTATUS) 0xe0434f4d - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xe0434f4d - <Unable to get error code text>

EXCEPTION_PARAMETER1:  80070057

MOD_LIST: <ANALYSIS/>

MANAGED_STACK: !dumpstack -EE
No export dumpstack found

MANAGED_BITNESS_MISMATCH:
Managed code needs matching platform of sos.dll for proper analysis. Use 'x86' debugger.

ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]

LAST_CONTROL_TRANSFER:  from 79ef2bfc to 7c812afb

FAULTING_THREAD:  ffffffff

DEFAULT_BUCKET_ID:  STACKIMMUNE

PRIMARY_PROBLEM_CLASS:  STACKIMMUNE

BUGCHECK_STR:  APPLICATION_FAULT_STACKIMMUNE_NOSOS_CLR_EXCEPTION

STACK_TEXT:
00000000 00000000 foo.exe+0x0


SYMBOL_NAME:  foo.exe

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: foo

IMAGE_NAME:  foo.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4d5da0cd

STACK_COMMAND:  ** Pseudo Context ** ; kb

FAILURE_BUCKET_ID:  STACKIMMUNE_e0434f4d_foo.exe!Unknown

BUCKET_ID:  APPLICATION_FAULT_STACKIMMUNE_NOSOS_CLR_EXCEPTION_foo.exe

Followup: MachineOwner
---------
c#
debugging
windbg
asked on Stack Overflow Feb 25, 2011 by PaulH • edited May 7, 2017 by Peter Mortensen

3 Answers

6

Managed code needs a matching platform of sos.dll for proper analysis. Use the 'x86' debugger.

You would have to use the x86 debugger/WinDbg to debug an x86 memory dump. Use .loadby sos mscorwks to load the appropriate sos. You could also verify if the extension is loaded properly by using the .chain command.

Tess has some good debugging tutorials.

answered on Stack Overflow Feb 27, 2011 by Naveen • edited May 7, 2017 by Peter Mortensen
3

This tutorial is a good start to see some of the WinDbg commands. I think the following commands should show you the current stack trace:

.sympath SRV*d:\localsymbols*http://msdl.microsoft.com/download/symbols
!reload
.loadby sos mscorwks
K
answered on Stack Overflow Feb 26, 2011 by BrandonAGr • edited May 7, 2017 by Peter Mortensen
1

Debugging managed crash dumps in WinDbg requires additional modules (primarily SOS.dll) and commands.

Some good starting links are here.

answered on Stack Overflow Feb 25, 2011 by John Arlen

User contributions licensed under CC BY-SA 3.0