如何将dotnetframework3.5的dmp文件在windbg中有效分析？

一个dotnetframe3.5的windows服务出现死锁，dmp下来后无法自动加载sos.dll，经过以下几个过程，问题解决。过程大致如下。 windbg第一次打开得到的dmp文件，有类似提示 ADDITIONAL_DEBUG_TEXT: SOS.DLL is not loaded for managed code. Analysis might be incomplete 执行 .cordll -ve -u -l 提示 0:000> .cordll -ve -u -l CLR DLL status: No load attempts 原因是32位的程序跑在64位操作系统时，没有使用32位的任务管理器来“创建内存转储文件”。 在命令行录入以下命令打开32位任务管理器 C:\Windows\SysWOW64\Taskmgr.exe 有了32位的dmp后，用最新的windbg打开，依然没有自动加载sos。那就看看需要哪个sos.dll了 首先开日志，看看要什么文件。执行以下命令序列： !sym noisy .cordll -ve -u -l 你会看到类似信息 0:000> .cordll -ve -u -l CLRDLL: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll:2.0.50727.9179 f:0 doesn't match desired version 2.0.50727.8980 f:0 SYMSRV2: [mscordacwks_x86_x86_2.0.50727.8980.dll] Uri C:\ProgramData\Dbg\sym\mscordacwks_x86_x86_2.0.50727.8980.dll\669159A3621000\file.ptr SYMSRV2: [mscordacwks_x86_x86_2.0.50727.8980.dll] Uri C:\ProgramData\Dbg\sym\mscordacwks_x86_x86_2.0.50727.8980.dll\669159A3621000\file.ptr SYMSRV2: [index2.txt] GET from host msdl.microsoft.com SYMSRV2: [index2.txt] Downloaded 0 percentSYMSRV2: Header reply: http/1.1 404 not found 拿上面的信息去问元宝，提示以下内容 方法一：获取匹配的 DLL（推荐） 这是最直接可靠的方法。 获取正确的 DLL：从产生此 dump 文件的原始计算机上，复制 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll文件。 重命名文件：将复制过来的 mscordacwks.dll重命名为错误信息中明确要求的文件名：mscordacwks_x86_x86_2.0.50727.8980.dll。 放置文件：将重命名后的文件放入您的符号路径（例如 `c:\symbols`下的相应目录）或 WinDbg 的安装目录 如果完全按元宝提示去做，你可能会在拷贝文件到c:\symbols时提示文件已存在，无法拷贝。这是因为c:\symbols可能有一个跟dll一样名字的目录。删除这个目录，拷贝文件进去，还是不行。 其实是我忽略了结尾处的一个重要信息 SYMSRV2: [file.ptr] HTTP 404 (request #0) SYMSRV2: [file.ptr] Checking response kind: ResponseOther { symbol_agent_status: None } SYMSRV2: [file.ptr] http_download_from_symbol_server failed. Error: HTTP 404: File not found. Host: msdl.microsoft.com SYMSRV2: http_download_from_symbol_server failed. Error: HTTP 404: File not found. Host: msdl.microsoft.com SYMSRV2: [mscordacwks_x86_x86_2.0.50727.8980.dll] File not downloaded. Error: No file found. CLRDLL: Unable to find mscordacwks_x86_x86_2.0.50727.8980.dll by mscorwks search CLRDLL: Unable to find 'mscordacwks_x86_x86_2.0.50727.8980.dll' on the path DBGHELP: C:\ProgramData\Dbg\sym\mscorwks.dll\669159A3621000\mscorwks.dll - OK CLRDLL: Unable to get version info for 'C:\ProgramData\Dbg\sym\mscorwks.dll\669159A3621000\mscordacwks_x86_x86_2.0.50727.8980.dll', Win32 error 0n87 Cannot Automatically load SOS CLRDLL: ERROR: Unable to load DLL mscordacwks_x86_x86_2.0.50727.8980.dll, Win32 error 0n87 CLRDLL: Consider using ".cordll -lp <path>" command to specify .NET runtime directory. CLR DLL status: ERROR: Unable to load DLL mscordacwks_x86_x86_2.0.50727.8980.dll, Win32 error 0n87 于是我将从原始计算机上获得的mscordacwks.dll, 改名mscordacwks_x86_x86_2.0.50727.8980.dll， 并拷贝到C:\ProgramData\Dbg\sym\mscorwks.dll\669159A3621000\目录。再尝试加载 .cordll -ve -u -l 还是有类似的错误，但在结尾处提示如下： SYMSRV2: http_download_from_symbol_server failed. Error: HTTP 404: File not found. Host: msdl.microsoft.com SYMSRV2: [mscordacwks_x86_x86_2.0.50727.8980.dll] File not downloaded. Error: No file found. CLRDLL: Unable to find mscordacwks_x86_x86_2.0.50727.8980.dll by mscorwks search CLRDLL: Unable to find 'mscordacwks_x86_x86_2.0.50727.8980.dll' on the path DBGHELP: C:\ProgramData\Dbg\sym\mscorwks.dll\669159A3621000\mscorwks.dll - OK CLRDLL: Loaded DLL C:\ProgramData\Dbg\sym\mscorwks.dll\669159A3621000\mscordacwks_x86_x86_2.0.50727.8980.dll CLRDLL: Unable to get version info for 'C:\ProgramData\Dbg\sym\mscorwks.dll\669159A3621000\SOS_x86_x86_2.0.50727.8980.dll', Win32 error 0n87 Cannot Automatically load SOS CLR DLL status: Loaded DLL C:\ProgramData\Dbg\sym\mscorwks.dll\669159A3621000\mscordacwks_x86_x86_2.0.50727.8980.dll 好了，拿上面的信息问元宝， 方法一：手动加载 SOS（最直接有效） 找到正确的 SOS.dll：从产生 dump 文件的原始机器上复制： 路径：C:\Windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll 或者从相同环境的另一台机器获取 在 WinDbg 中手动加载： 复制 .load C:\path\to\your\SOS.dll 或者如果已经放到了符号路径的相应目录，可以直接使用： load 复制 .load C:\ProgramData\Dbg\sym\mscorwks.dll\669159A3621000\SOS.dll 我的做法是，将原始计算机上得到的SOS.dll改名为SOS_x86_x86_2.0.50727.8980.dll，并拷贝到错误信息提示的目录： C:\ProgramData\Dbg\sym\mscorwks.dll\669159A3621000 再执行 .cordll -ve -u -l 虽还有类似无法下载的日志，但结尾处已提示正常加载SOS SYMSRV2: [file.ptr] HTTP 404 (request #0) SYMSRV2: [file.ptr] Checking response kind: ResponseOther { symbol_agent_status: None } SYMSRV2: [file.ptr] http_download_from_symbol_server failed. Error: HTTP 404: File not found. Host: msdl.microsoft.com SYMSRV2: http_download_from_symbol_server failed. Error: HTTP 404: File not found. Host: msdl.microsoft.com SYMSRV2: [mscordacwks_x86_x86_2.0.50727.8980.dll] File not downloaded. Error: No file found. CLRDLL: Unable to find mscordacwks_x86_x86_2.0.50727.8980.dll by mscorwks search CLRDLL: Unable to find 'mscordacwks_x86_x86_2.0.50727.8980.dll' on the path DBGHELP: C:\ProgramData\Dbg\sym\mscorwks.dll\669159A3621000\mscorwks.dll - OK CLRDLL: Loaded DLL C:\ProgramData\Dbg\sym\mscorwks.dll\669159A3621000\mscordacwks_x86_x86_2.0.50727.8980.dll Automatically loaded SOS Extension CLR DLL status: Loaded DLL C:\ProgramData\Dbg\sym\mscorwks.dll\669159A3621000\mscordacwks_x86_x86_2.0.50727.8980.dll 至此，就能正常执行!threadpool等命令了。