6

I'm looking into creating dump files for a managed process.

I know that I can use windbg to create a dump file, but I'm wondering if their are any special flags that I should pass to the ".dump" command, given that it's a managed application instead of a native one.

a related side question: I've heard of a tool called mscordmp.exe (if you google it, you can find mention of it online). Is mscordmp still relevant? I can't find a download point for it anywhere, but I thought it might be better suited for dumping managed memory than windbg.

Greg Hewgill
  • 951,095
  • 183
  • 1,149
  • 1,285
brad
  • 2,221
  • 3
  • 24
  • 26
  • possible duplicate of [How do I take a good crash dump for .NET?](http://stackoverflow.com/questions/24874027/how-do-i-take-a-good-crash-dump-for-net) – Thomas Weller Sep 29 '15 at 06:17

2 Answers2

4

You should use /ma to create full memory dump. Otherwise sos will complain that managed analysis will be very limited.

Volker von Einem
  • 556
  • 4
  • 13
0

No, there's no any special flags related to managed application, windbg just creates memory dump, it's raw data. It is the purpose of your analysis tool to know whether your dump was created for managed application or unmanaged.

If speaking about analysing managed application, you there can be the following steps:

  1. attach windbg to process running managed application
  2. run .dump /ma <outputfilename.dmp>. It creates dump file, this operation can take about several minutes depending on memory consumed by process. The /ma flag orders to create full memory dump of attached process with all options enabled (it is not full system dump, only attached process).
  3. detach from process, it can continue to run, while you can load dump file into windbg and analyse it.
  4. sos.dll is the common windbg extension for analysing managed applications.

p.s. There can be problem enabling sos.dll with .load sos.dll, in that case you can try .loadby sos mscorwks.

Dmitrii Lobanov
  • 4,897
  • 1
  • 33
  • 50