2

我有一个 .NET .86 应用程序。我正在尝试dumpdomain从 cdb 运行,但不断收到错误消息。

关于这个有很多问题,我尝试了几种变体:

C:\Users\d.banks\Documents>cdb DoNothingx86.exe

Microsoft (R) Windows Debugger Version 10.0.17134.12 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: DoNothingx86.exe

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*C:\Symbols\Microsoft
*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\Symbols\Microsoft
*http://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00000000`002d0000 00000000`002d8000   image00000000`002d0000
ModLoad: 00007ff8`4f790000 00007ff8`4f960000   ntdll.dll
ModLoad: 00000000`77af0000 00000000`77c73000   ntdll.dll
ModLoad: 00000000`6dda0000 00000000`6ddf2000   C:\WINDOWS\System32\wow64.dll
ModLoad: 00000000`6de10000 00000000`6de87000   C:\WINDOWS\System32\wow64win.dll
(3e64.e4c): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ff8`4f862cc0 cc              int     3

0:000> .loadby sos.dll mscorwks
Unable to find module 'mscorwks'

0:000> .loadby sos mscorwks
Unable to find module 'mscorwks'

0:000> .loadby C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll mscorwks
Unable to find module 'mscorwks'

0:000> .loadby sos.dll clr
Unable to find module 'clr'

0:000> .loadby sos clr
Unable to find module 'clr'

0:000> .loadby C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll clr
Unable to find module 'clr'

0:000> .load C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
The call to LoadLibrary(C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll) failed, Win32 error 0n193
    "%1 is not a valid Win32 application."
Please check your debugger configuration and/or network access.
0:000> .load C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll clr
The call to LoadLibrary(C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll clr) failed, Win32 error 0n126
    "The specified module could not be found."
Please check your debugger configuration and/or network access.

我试过使用 x86 调试器:

Microsoft (R) Windows Debugger Version 10.0.17134.12 X86
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: DoNothingx86.exe

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*C:\Symbols\Microsoft
*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\Symbols\Microsoft
*http://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00930000 00938000   image00930000
ModLoad: 77af0000 77c73000   ntdll.dll
ModLoad: 77900000 779e0000   WOW64_IMAGE_SECTION
ModLoad: 733c0000 73419000   C:\WINDOWS\SysWOW64\MSCOREE.DLL
ModLoad: 77900000 779e0000   C:\WINDOWS\SysWOW64\KERNEL32.dll
ModLoad: 76a00000 76ba2000   C:\WINDOWS\SysWOW64\KERNELBASE.dll
(1e98.2bb0): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll -
eax=00000000 ebx=00000000 ecx=327c0000 edx=00000000 esi=00f326e8 edi=00bd7000
eip=77b96d5c esp=00cff2e4 ebp=00cff310 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrInitShimEngineDynamic+0x71c:
77b96d5c cc              int     3

0:000> .loadby sos.dll mscorwks
Unable to find module 'mscorwks'

0:000> .loadby sos.dll clr
Unable to find module 'clr'

0:000> .loadby sos mscorwks
Unable to find module 'mscorwks'

0:000> .loadby sos clr
Unable to find module 'clr'
4

1 回答 1

2 

ModLoad: 00000000`6dda0000 00000000`6ddf2000   C:\WINDOWS\System32\wow64.dll

我们可以看到它是一个 32 位进程,所以你需要 32 位 SOS。32 位 SOS 仅适用于 32 位 WinDbg。

对于加载扩展,有 2 个命令。一个是.loadby,另一个是.load。使用.loadby相对路径,.load使用完整路径。

对于.loadby,有 5 个选项:

.loadby sos mscorsvr
.loadby sos mscorwks
.loadby sos clr
.loadby sos coreclr
.loadby sos <somethingelse>

wheremscorsvr真的很旧(.NET CLR 1,服务器版本),mscorwks很旧(.NET CLR 1 和 2,但仍然存在),clr今天很常见(.NET CLR 4),coreclr可能会增加(UWP 和 Silverlight)和<somethingelse>很烦人(查看lm并找到看起来相似但附有数字的东西)。

主要问题是您试图在 .NET 运行时尚未加载时加载 SOS。等到 .NET 被加载,然后该命令将起作用。在初始断点处肯定是不可能的。

利用

sxe ld clr
sxe ld mscorwks
sxe ld coreclr
g

让应用程序运行直到 .NET 可用

于 2018-09-10T19:53:11.233 回答