Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I take a good crash dump for .NET?

I have captured a crash dump of my 32 bit .NET application running on a 64 bit Windows operating system. During the analysis somebody found out that I have a 64 bit dump and told me that it is not possible to analyze this dump due to wrong bitness.

When using Windows Task Manager to create the dump, I was not aware that I was doing something wrong. This always worked for 32 bit operating systems.

How can I take a good dump for .NET, especially with the correct bitness?

like image 365
Thomas Weller Avatar asked Jul 21 '14 20:07

Thomas Weller


1 Answers

Why is bitness relevant here?

The bitness matters for .NET applications for the following reasons:

  • a DAC (data access control) library (mscordakwks.dll) of the correct bitness is needed. There's no cross-bitness DAC available.
  • the debugger needs to be able to load the SOS debugging extension of the correct bitness

It is not possible to convert a dump from 64 bit to 32 bit, although in theory it should contain all necessary information.

If you're feeling lucky, you can also try some of the instructions anyway

  • How to use Windbg to debug a dump of a 32bit .NET app running on a x64 machine

How to detect the bitness of an application?

If you don't know the bitness, you can find it out like this:

Windows 7 Task Manager shows *32 on processes: Windows 7 Task Manager

In Windows 8 task manager, go to the Details tab and add a column named Platform: Windows 8 Task Manager

Visual Studio shows the bitness when attaching to the process: Bitness in Visual Studio

Process Explorer can be configured to show the Image Type column: Bitness in Process Explorer

Tools

Programs which detect bitness automatically:

  • Process Explorer
  • ProcDump
  • Microsoft Visual Studio
  • Windows Error Reporting LocalDumps

Tools which capture a dump with specific bitness:

  • 64 Bit: default Task Manager on a 64 bit OS
  • 32 Bit: Task manager run from %windir%\SysWOW64\taskmgr.exe on a 64 Bit OS
  • 64 Bit: ProcDump run with the -64 command line switch
  • 32 Bit: WinDbg x86 version
  • 64 Bit: WinDbg x64 version
  • 32 Bit: DebugDiag x86 version
  • 64 Bit: DebugDiag x64 version
  • 32 Bit: ADPlus x86 version
  • 64 Bit: ADPlus x64 version

Just choose the bitness according to your application, not according the OS.

Why is memory relevant here?

For .NET you need a full memory dump, otherwise you cannot figure out the content of the objects. To include full memory, do the following:

  • in WinDbg, specify /ma when doing .dump
  • in Process Explorer, choose "Create full dump" (although technically, the result is still a minidump)
  • in ProcDump , apply the -ma command line switch
  • in Visual Studio, choose "Minidump with heap"
  • Task Manager will always create a dump with full memory
  • For Windows Error Reporting LocalDumps set DumpType to 2

Visual Studio instructions

I found out that many developers aren't even aware that Visual Studio can create dumps. The reason probably is that the menu is invisible for a long time. These are the steps:

  • Start Visual Studio: menu is invisible
  • Attach to a process: menu is still invisible
  • Break: menu becomes visible (find it under Debug / Save dump as)

Why 64 bit dumps of 32 bit applications at all?

Probably just for debugging the WoW64 layer itself.

like image 141
Thomas Weller Avatar answered Sep 29 '22 12:09

Thomas Weller