How do I take a good crash dump for .NET?

.net windbg crash-dumps minidump

Solution 1:

Why is bitness relevant here?

The bitness matters for .NET applications for the following reasons:

  • a DAC (data access control) library (mscordakwks.dll) of the correct bitness is needed. There's no cross-bitness DAC available.
  • the debugger needs to be able to load the SOS debugging extension of the correct bitness

It is not possible to convert a dump from 64 bit to 32 bit, although in theory it should contain all necessary information.

If you're feeling lucky, you can also try some of the instructions anyway

  • How to use Windbg to debug a dump of a 32bit .NET app running on a x64 machine

How to detect the bitness of an application?

If you don't know the bitness, you can find it out like this:

Windows 7 Task Manager shows *32 on processes: Windows 7 Task Manager

In Windows 8 task manager, go to the Details tab and add a column named Platform: Windows 8 Task Manager

Visual Studio shows the bitness when attaching to the process: Bitness in Visual Studio

Process Explorer can be configured to show the Image Type column: Bitness in Process Explorer

Tools

Programs which detect bitness automatically:

  • Process Explorer
  • ProcDump
  • Microsoft Visual Studio
  • Windows Error Reporting LocalDumps

Tools which capture a dump with specific bitness:

  • 64 Bit: default Task Manager on a 64 bit OS
  • 32 Bit: Task manager run from %windir%\SysWOW64\taskmgr.exe on a 64 Bit OS
  • 64 Bit: ProcDump run with the -64 command line switch
  • 32 Bit: WinDbg x86 version
  • 64 Bit: WinDbg x64 version
  • 32 Bit: DebugDiag x86 version
  • 64 Bit: DebugDiag x64 version
  • 32 Bit: ADPlus x86 version
  • 64 Bit: ADPlus x64 version

Just choose the bitness according to your application, not according the OS.

Why is memory relevant here?

For .NET you need a full memory dump, otherwise you cannot figure out the content of the objects. To include full memory, do the following:

  • in WinDbg, specify /ma when doing .dump
  • in Process Explorer, choose "Create full dump" (although technically, the result is still a minidump)
  • in ProcDump , apply the -ma command line switch
  • in Visual Studio, choose "Minidump with heap"
  • Task Manager will always create a dump with full memory
  • For Windows Error Reporting LocalDumps set DumpType to 2

Visual Studio instructions

I found out that many developers aren't even aware that Visual Studio can create dumps. The reason probably is that the menu is invisible for a long time. These are the steps:

  • Start Visual Studio: menu is invisible
  • Attach to a process: menu is still invisible
  • Break: menu becomes visible (find it under Debug / Save dump as)

Why 64 bit dumps of 32 bit applications at all?

Probably just for debugging the WoW64 layer itself.

Related

Enter data into a custom-handled input field
Inner join on two text files
Better way to find last used row
Symbol equivalent to NEQ, LSS, GTR, etc. in Windows batch files
How can I use backslashes (\) in a string?
How to use Key Bindings instead of Key Listeners
Definition of Reflexive Transitive Closure
How to dynamically create a local variable?
Parse DateTime with time zone of form PST/CEST/UTC/etc
Extends JFrame vs. creating it inside the program
Understanding JavaScript Truthy and Falsy
Changing a CSS rule-set from Javascript