Lost in WinDbg with 64-bit dump on 32-bit machine

2019-07-25 02:23发布

I'm a newbie with WinDbg and got this dump from the WER ReportQueue folder on a 64-bit Windows 2008 Server. I need to examine the dump and want to do so on my developer machine on which I've installed the Debugging Tools for Windows package. When I try to load SOS I got the following error which I've never seen before:

0:035> .loadby sos mscorwks
The call to LoadLibrary(C:\Windows\Microsoft.NET\Framework64\v2.0.50727\sos) failed, Win32 error 126
    "The specified module could not be found."
Please check your debugger configuration and/or network access.

My machine is running 32-bit Windows 7, which obviously doesn't have the Framework64 folder.

I need some advice pointing me in the right direction here. What do I need to do if I want to examine the dump from a 64-bit process on a 32-bit machine? Is it possible to do this?

Big thanks in advance!

2条回答
Ridiculous、
2楼-- · 2019-07-25 02:51

If you want to analyze a 64-bit process dump then you need to run the 64 bit version version of the debugger on a 64-bit machine. A dump from 32-bit process can be analyzed on 32-bit and 64-bit machine. So if you are sure the dump is from 64-bit process, it needs to be analyzed on 64-bit machine.

查看更多
Evening l夕情丶
3楼-- · 2019-07-25 03:07

The issue is not that you can analyze 64-bit dump from 32-bit WinDbg you can. From the WinDbg help file:

If you are analyzing a dump file, and if the dump file was made on Windows XP or a later version of Windows, you can use either the 32-bit package or the x64 package. (It is not important whether the dump file is a user-mode dump file or a kernel-mode dump file, and it is not important whether the dump file was made on an x86-based or an x64-based platform.)

If you are analyzing a dump file, and if the dump file was made on Windows 2000 operating system, you should use the 32-bit package. (It is not important whether the dump file is a user-mode dump file or a kernel-mode dump file)

If you are performing live kernel-mode debugging, and if the target computer is running Windows XP or a later version of Windows, you can use either the 32-bit package or the x64 package. (This situation applies to both x86-based and x64-based targets.)

If you are performing live kernel-mode debugging, and if the target computer is running Windows 2000, you should use the 32-bit package.

If you are performing live user-mode debugging, use the x64 package for debugging WOW64 with both 64-bit and 32-bit code. To debug other targets, use a 32-bit debugger to debug 32-bit code.

What is the issue? Here you are trying to load a 64-bit extension to analyze the problem. It is not possible to load 64-bit extensions on 32-bit WinDbg. The question would then be does the 32-bit version of SOS support 64-bit analysis, can you force WinDbg to use the 32-bit SOS?

You can force a specific version of SOS to load by using

.load as per http://msdn.microsoft.com/en-us/library/bb190764.aspx

However I expect the 32-bit version wouldn't work to analyze a 64-bit process, haven't tried this though.

查看更多
登录 后发表回答