WinDbg – Dot Net Debugging Without Source Code

Debugging with WinDbg can be challenging but rewarding. One area where Windbg shines is in the area of debugging dot net without the source code.

I am very much a beginner on this but I will tell you some things that I have found invaluable. First one, Tess Ferrandez is a goddess! She is an ASP.Net Escallation Engineer at Microsoft. Her blog, If Broken It Is, Fix It You Should, is absolutely filled full of tips and tricks. She also has a very good video at DNR Tv.

Setting Up Your PC To Use WinDbg

If you are debugging  a Dot Net Program’s crash dump, you are going to need the following file off of that computer: mscordacwks*.dll. You are going to need the version of it that the program is using. The asterick (*) is where the versioning would be in the file name. You are going to want to place it in the same folder as WinDbg with the following syntax for the file name:
mscordacwks_x86_x86_2.0.50727.3603.dll

The x86 is obviously for the x86 system architecture, you can also use x64 or the IA64 for the Itanium line. Following that you have the version of Dot Net 2.0.50727 followed by the exact version number of the dll, in this case 3603.

You can then run the .loadby sos mscorwks

If you do not do this correctly you will see something like this trying to run one of the SOS (Dot Net, managed code commands):

Failed to load data access DLL, 0x80004005
Verify that 1) you have a recent build of the debugger (6.2.14 or newer)
2) the file mscordacwks.dll that matches your version of mscorwks.dll is
in the version directory
3) or, if you are debugging a dump file, verify that the file
mscordacwks_<arch>_<arch>_<version>.dll is on your symbol path.
4) you are debugging on the same architecture as the dump file.
For example, an IA64 dump file must be debugged on an IA64
machine.

You can also run the debugger command .cordll to control the debugger’s
load of mscordacwks.dll.  .cordll -ve -u -l will do a verbose reload.
If that succeeds, the SOS command should work on retry.

If you are debugging a minidump, you need to make sure that your executable
path is pointing to mscorwks.dll as well.

In this case change the name of the dll to the correct name and then run the .cordll -ve -u -l command.

David Douglass’ blog has a great cheat sheet for common commands in WinDbg: .Net On My Mind

I just want to take a minute to thank people following this blog, you are a few but devoted bunch! If you have any questions, comments, or topic suggestions, I will be more than happy to discuss them.

Advertisements