Analyzing a CLR .dmp file in WinDbg

Question

I have a C# .NET 3.5 application created in Visual Studio 2008 that is crashing on a Windows XP SP3 (x86) PC with no development environment.

I have been able to get the .dmp file from the PC and take it back to my Windows 7 64-bit development PC and load it into WinDbg 6.12.

But, I can't see any code in the call stack from my C# application. It looks like it's entirely a native call stack.

The result from !analyze -v is below.

I have the relevant EXE, DLL, and PDB files in the same directory as the .DMP. The executable that crashed was compiled in debug mode.

I also have Visual Studio 2008, if that's easier to use. But opening the dump file in there also only shows a native call stack, nothing from my code.

How can I view the CLR call stack?

0:004> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


FAULTING_IP:
kernel32!RaiseException+53
7c812afb 5e              pop     esi

EXCEPTION_RECORD:  0392f018 -- (.exr 0x392f018)
ExceptionAddress: 7c812afb (kernel32!RaiseException+0x00000053)
   ExceptionCode: e0434f4d (CLR exception)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 80070057

PROCESS_NAME:  foo.exe

ERROR_CODE: (NTSTATUS) 0xe0434f4d - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xe0434f4d - <Unable to get error code text>

EXCEPTION_PARAMETER1:  80070057

MOD_LIST: <ANALYSIS/>

MANAGED_STACK: !dumpstack -EE
No export dumpstack found

MANAGED_BITNESS_MISMATCH:
Managed code needs matching platform of sos.dll for proper analysis. Use 'x86' debugger.

ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]

LAST_CONTROL_TRANSFER:  from 79ef2bfc to 7c812afb

FAULTING_THREAD:  ffffffff

DEFAULT_BUCKET_ID:  STACKIMMUNE

PRIMARY_PROBLEM_CLASS:  STACKIMMUNE

BUGCHECK_STR:  APPLICATION_FAULT_STACKIMMUNE_NOSOS_CLR_EXCEPTION

STACK_TEXT:
00000000 00000000 foo.exe+0x0


SYMBOL_NAME:  foo.exe

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: foo

IMAGE_NAME:  foo.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4d5da0cd

STACK_COMMAND:  ** Pseudo Context ** ; kb

FAILURE_BUCKET_ID:  STACKIMMUNE_e0434f4d_foo.exe!Unknown

BUCKET_ID:  APPLICATION_FAULT_STACKIMMUNE_NOSOS_CLR_EXCEPTION_foo.exe

Followup: MachineOwner
---------

Answer 1

Managed code needs a matching platform of sos.dll for proper analysis. Use the 'x86' debugger.

You would have to use the x86 debugger/WinDbg to debug an x86 memory dump. Use .loadby sos mscorwks to load the appropriate sos. You could also verify if the extension is loaded properly by using the .chain command.

Tess has some good debugging tutorials.

Answer 2

This tutorial is a good start to see some of the WinDbg commands. I think the following commands should show you the current stack trace:

.sympath SRV*d:\localsymbols*http://msdl.microsoft.com/download/symbols
!reload
.loadby sos mscorwks
K