I have a dump in which both .NET versions have been loaded:
0 : 000 & gt; LM MLR Start End Module Name 65490000 65aff000 CLR (deferred) 0: 000 & gt; End of LM M. MScrovides module name 6A 980000 6F2C 2000 MScorovics (deferred) Now I have uncertainty to which version to use SOS will load without both problems .
0: 000> .oded Soos MScorex 0: 000 & gt; .loaded SOCE CLR Which version will I use best for my analysis? Or do I always need both?
Is the .cordll -ve -u -l reliable in this case?
.symfix c: \ symbols .cordll -ve -u -l CLRDLL: C: \ Windows \ Microsoft.NET \ Framework \ v4.0.30319 \ mscordacwks.dll: 4.0.30319.18047f: 8 Desired version 4.0.30319.296 F: 8 CLRDLL: Loaded DLL c: \ symbols \ Mscordacwks_x86_x86_4.0.30319.296.dll \ 50484AA966f000 \ mscordacwks_x86_x86_4.0.30319.296 CLR DLL Status: Loaded DLL c: \ symbols \ mscordacwks_x86_x86_4 0.30319.296.dll \ 50484AA966f000 \ mscordacwks_x86_x86_4.0.30319.296.dll Thread 0 shows mscorwks commands to use:
~ 0s k By default, this will use the .NET 4 Framework by default. === UPDATE ===
.cordll This behavior can be changed by .cordll-I . I have received both versions of SOS that match the target computer and loaded by path
.load C: \ SOS \ 4.0.30319.296 \ SOS.dll I have upgraded to the latest 6.3 from WinDbg 6.2. Still not better.
I have also asked SEEX author Steve Johnson who has suggested the .cordll-I , but it does not work in my dump, nor the name of the module With the base address only .cordll -i clr Cordell -i 65490000 ! Any attempt to always run threads result Failed to request threadstore.
! Any attempt to run Clrstack always results in Unable to run managed stack. The current thread is probably not a managed thread, you can run the thread to get a list of managed threads in the process.
=== UPDATE ===
As suggested by Mario Hayward, complex scenarios specify full SOS path as well as loading a SOS extension in the process Can be avoided (or if it is already loaded, take one off) or we can use the .setdll to define the default SOS version. . However, this does not improve the analysis.
=== UPDATE ===
I have also tried to unload one of the NAT modules. .reload / u Hope WinDbg / SOS will not be in any more conflict, but there will be no luck yet.
This is a very ugly problem and there is no easy solution for this. The main issue is that your customers use a different modification made by you compared to CLR. With some hurdles, looking at the wildly different amendment numbers, you have .NET 4.5 installed and the client is using .NET 4.0. But just one security patch may be enough to cause a mismatch, they are coming late late.
Afacks are much more involved in using a VM or machine that uses exact as a single modification net In the left-side CLR feature NAT4, otherwise it can tell how you can finish with two CLR versions in one process. V2.0 version will usually have to implement a COM server. You avoid anything by adding context to [COMVCABLE] .NET assembly. Even if this is not your code which does this, good luck with it, is not a good problem.
No comments:
Post a Comment