I'm doing some crash dump debugging, where I am looking a dump taken from a production server. The machine I'm running WinDbg on must have a slightly different version of the .NET runtime installed -- I'm getting errors loading the native images of .NET system assemblies (so can't load for example System.Data.Linq
).
What is the best way to ensure that my debug machine has access to all the right symbols?
Edit Added output of lmv for Thomas Weller
000007fb`68660000 000007fb`68993000 System_Data_Linq_ni C (pdb symbols) C:\Program Files\Debugging Tools for Windows (x64)\sym\System.Data.Linq.pdb\703A918D116A4558BB44245924371ACD1\System.Data.Linq.pdb
Loaded symbol image file: System.Data.Linq.ni.dll
Image path: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\acbd568cd3c2499fbb7b2639c4a46a81\System.Data.Linq.ni.dll
Image name: System.Data.Linq.ni.dll
Has CLR image header, track-debug-data flag not set
Timestamp: Fri Apr 11 20:41:26 2014 (534899C6)
CheckSum: 00000000
ImageSize: 00333000
File version: 4.0.30319.34209
Product version: 4.0.30319.34209
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
the ni
in the name shows that this is a native version (ngen optimized) which differs from machine to machine. You have to create the PDB on the machine where you got the dmp with ngen:
ngen createpdb C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\
f989891b3a507d4aaec44ab1df12e9d5\System.Data.Linq.ni.dll c:\symbols /debug
Now add the PDBs from C:\symbols to Windbgs symbol path.
You can have WINDBG download the official symbols from Microsoft Servers by running the following command:
.sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
.reload /f
This will store the symbols downloaded from the server in a local cache at C:\Symbols
and then force a reload of the symbols for all currently loaded modules.
There are some things to consider for .NET:
- Make sure you have a good dump for .NET, i.e. 64 bit dump of 64 bit process or 32 bit dump of 32 bit process. If
lm m wow64
shows a module, it's not a "good" dump. - Set up the symbols, at least
.symfix c:\symbols
and.reload
Get the .NET debugging files (SOS.dll and mscordacwks.dll) from the original PC and rename them accordingly. See the details in another answer.
My freeware tool Mscordacwks Collector will do that for you, including the renaming.
If that PC is no longer available, you might want to search those files in my mscordacwks and SOS archive
Disclaimer: I'm the author of those, if that wasn't clear enough.
来源:https://stackoverflow.com/questions/32405305/get-the-right-net-native-symbols-for-windbg