Get the right .net native symbols for Windbg

Question

I\'m doing some crash dump debugging, where I am looking a dump taken from a production server. The machine I\'m running WinDbg on must have a slightly different version of

Answer 1

There are some things to consider for .NET:

1. Make sure you have a good dump for .NET, i.e. 64 bit dump of 64 bit process or 32 bit dump of 32 bit process. If lm m wow64 shows a module, it's not a "good" dump.
2. Set up the symbols, at least .symfix c:\symbols and .reload

3. Get the .NET debugging files (SOS.dll and mscordacwks.dll) from the original PC and rename them accordingly. See the details in another answer.

   My freeware tool Mscordacwks Collector will do that for you, including the renaming.

   If that PC is no longer available, you might want to search those files in my mscordacwks and SOS archive

   Disclaimer: I'm the author of those, if that wasn't clear enough.

Answer 2

the ni in the name shows that this is a native version (ngen optimized) which differs from machine to machine. You have to create the PDB on the machine where you got the dmp with ngen:

ngen createpdb C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\
f989891b3a507d4aaec44ab1df12e9d5\System.Data.Linq.ni.dll c:\symbols /debug

Now add the PDBs from C:\symbols to Windbgs symbol path.

Answer 3

You can have WINDBG download the official symbols from Microsoft Servers by running the following command:

.sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
.reload /f

This will store the symbols downloaded from the server in a local cache at C:\Symbols and then force a reload of the symbols for all currently loaded modules.