Getting started with managed dump files using WinDbg


If you have an application built on pre .NET 4.0, you can’t use Visual studio to debug a dump file. Even if you can use Visual Studio, WinDbg offers a nice alternative and some extra features in some scenarios. For example help finding deadlocks and a faster way to scan a lot of threads.

Getting started with managed (.NET) debugging using WinDbg. Just follow these steps:

  1. Get and install and then start WinDbg
  2. Open Crash Dump
  3. .loadby sos mscorwks Loads the .NET extension
  4. !clrstack Shows the stack of the current thread or use ~* e !clrstack for stacks for all threads
  5. !threads shows a list of the managed threads
  6. ~19 s selects thread 19
  7. !dso dump all objects on the stack
  8. !do dump object
  9. !da dump array


If I open a crash dump and run:

  • .loadby sos mscorwks
  • !clrstack

in my case I see a stack that ends (or begins) with System.Net.Sockets.Socket.Receive or something else that tells me that it is a request thread and in the application I work with, such a call is associated a Simple.Communication.Path. Then I run

  • !dso (shows all objects on the stack)

and in the output I search for Simple.Communication.Path I find a Path object on the stack with address 22fd77b4. I hope this is the path requested. to show the value I run:

  • !do 22fd77b4 in the response I find 22fd77ec systemAbsolutePath so I run:
  • !do 22fd77ec it shows (among other things): String: /Top/Servers/AS5/Trend Quantities/Internal Logs/Interval Trend Log 10_copy_7 So there I have my path.

Make it easier

To make it easier, download the SOSEX extension and copy it into your windbg program folder (WinDbg is also xcopy deployable)

  • .load sosex Loads the sosex extensions
  • !mk –a Lists the current thread with locals and parameters.

You will find the path from above formatted as a string ready to read as an argument to one of the methods on the stack. Find out more about SOSEX here. Another SOSEX favorite:

  • !dlk shows deadlocks

to find out more about for example investigating memory leaks look in the readme.txt that comes with SOSEX.

Another extension

I just recently found out about a new extension Psscor2 from Microsoft. Download it, put it in your WinDbg directory and load it:

  • .load psscor2
  • !help

And play around. Have fun.

More Information

Here you can find the basic commands needed: SOS Cheat Sheet If WinDbg doesn’t find the symbols, look here: Resolving symbol problems in WinDbg

This Post Has One Comment

Leave a Reply