32位託管程序,在64位操作系統上運行,出現異常時,最好用32位的windbg做dump文件,這樣做出來的dump文件可以直接分析。
如果碰到採用windows自帶的任務管理器產生的dump文件,此時分析就麻煩一點。分析步驟如下:
1、切換到32位模式
0:000> !wow64exts.sw
Switched to 32bit mode
2、加載託管代碼分析組件SOS
0:000:x86> .loadby sos mscorwks
3、切換到需要分析的線程
0:000:x86> ~44s
4、調用!dumpstack命令分析,如果一切正常,則直接可以分析成功。
0:044:x86> !dumpstack
步驟4中可能出現錯誤:
0:044:x86> !dumpstack
Failed to load data access DLL, 0x80004005
Verify that 1) you have a recent build of the debugger (6.2.14 or newer)
2) the file mscordacwks.dll that matches your version of mscorwks.dll is
in the version directory
3) or, if you are debugging a dump file, verify that the file
mscordacwks_<arch>_<arch>_<version>.dll is on your symbol path.
4) you are debugging on the same architecture as the dump file.
For example, an IA64 dump file must be debugged on an IA64
machine.
You can also run the debugger command .cordll to control the debugger's
load of mscordacwks.dll. .cordll -ve -u -l will do a verbose reload.
If that succeeds, the SOS command should work on retry.
If you are debugging a minidump, you need to make sure that your executable
path is pointing to mscorwks.dll as well.
出現該問題時,首先檢查windbg的版本,本人分析過程中發現,部分計算機可以正常分析,部分不可以。經檢查發現,6.11版本的windbg可以按照文章--Windbg分析託管代碼dump文件沒有找到相應版本的mscordacwks.dll (http://blog.csdn.net/liuyan4794/archive/2010/07/28/5771773.aspx) 中介紹的方法處理。但是6.9版本的windbg根本上就不會提示mscorwks.dll版本不匹配的問題。所以如果發現windbg的版本比較低,需要安裝較新的版本windbg。