.netwindowswindbgcdb

Cannot .loadby sos mscorwks or .loadby sos clr

I have a .NET .86 application. I'm trying to run dumpdomain from cdb but keep getting an error.

There are a lot of questions about this, and I've tried several variations:

C:\Users\d.banks\Documents>cdb DoNothingx86.exe

Microsoft (R) Windows Debugger Version 10.0.17134.12 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: DoNothingx86.exe

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*C:\Symbols\Microsoft
*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\Symbols\Microsoft
*http://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00000000`002d0000 00000000`002d8000   image00000000`002d0000
ModLoad: 00007ff8`4f790000 00007ff8`4f960000   ntdll.dll
ModLoad: 00000000`77af0000 00000000`77c73000   ntdll.dll
ModLoad: 00000000`6dda0000 00000000`6ddf2000   C:\WINDOWS\System32\wow64.dll
ModLoad: 00000000`6de10000 00000000`6de87000   C:\WINDOWS\System32\wow64win.dll
(3e64.e4c): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ff8`4f862cc0 cc              int     3

0:000> .loadby sos.dll mscorwks
Unable to find module 'mscorwks'

0:000> .loadby sos mscorwks
Unable to find module 'mscorwks'

0:000> .loadby C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll mscorwks
Unable to find module 'mscorwks'

0:000> .loadby sos.dll clr
Unable to find module 'clr'

0:000> .loadby sos clr
Unable to find module 'clr'

0:000> .loadby C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll clr
Unable to find module 'clr'

0:000> .load C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
The call to LoadLibrary(C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll) failed, Win32 error 0n193
    "%1 is not a valid Win32 application."
Please check your debugger configuration and/or network access.
0:000> .load C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll clr
The call to LoadLibrary(C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll clr) failed, Win32 error 0n126
    "The specified module could not be found."
Please check your debugger configuration and/or network access.

I've tried using the x86 debugger:

Microsoft (R) Windows Debugger Version 10.0.17134.12 X86
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: DoNothingx86.exe

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*C:\Symbols\Microsoft
*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\Symbols\Microsoft
*http://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00930000 00938000   image00930000
ModLoad: 77af0000 77c73000   ntdll.dll
ModLoad: 77900000 779e0000   WOW64_IMAGE_SECTION
ModLoad: 733c0000 73419000   C:\WINDOWS\SysWOW64\MSCOREE.DLL
ModLoad: 77900000 779e0000   C:\WINDOWS\SysWOW64\KERNEL32.dll
ModLoad: 76a00000 76ba2000   C:\WINDOWS\SysWOW64\KERNELBASE.dll
(1e98.2bb0): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll -
eax=00000000 ebx=00000000 ecx=327c0000 edx=00000000 esi=00f326e8 edi=00bd7000
eip=77b96d5c esp=00cff2e4 ebp=00cff310 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrInitShimEngineDynamic+0x71c:
77b96d5c cc              int     3

0:000> .loadby sos.dll mscorwks
Unable to find module 'mscorwks'

0:000> .loadby sos.dll clr
Unable to find module 'clr'

0:000> .loadby sos mscorwks
Unable to find module 'mscorwks'

0:000> .loadby sos clr
Unable to find module 'clr'
Solution

  • From 

    ModLoad: 00000000`6dda0000 00000000`6ddf2000   C:\WINDOWS\System32\wow64.dll

    we can see that it's a 32 bit process, so you need 32 bit SOS. 32 bit SOS only works with 32 bit WinDbg.

    For loading extensions, there are 2 commands. One is .loadby, the other is .load. For .loadby use a relative path, for .load use a full path.

    For .loadby, there are 5 options:

    .loadby sos mscorsvr
.loadby sos mscorwks
.loadby sos clr
.loadby sos coreclr
.loadby sos <somethingelse>

    where mscorsvr is really really old (.NET CLR 1, server version), mscorwks is quite old (.NET CLR 1 and 2, but still around) , clr is common today (.NET CLR 4), coreclr might be increasing (UWP and Silverlight) and <somethingelse> is annoying (look at lm and find something that looks similar but has a number attached).

    The main issue is that you're trying to load SOS when the .NET runtime is not loaded yet. Wait until .NET is loaded and then the command will work. It's certainly not possible at the initial breakpoint.

    Use

    sxe ld clr
sxe ld mscorwks
sxe ld coreclr
g

    to let the application run until .NET is available