Debugging WinDbg x64:无法调试崩溃转储-加载数据访问DLL失败_Debugging_Windbg_Dump

Debugging WinDbg x64:无法调试崩溃转储-加载数据访问DLL失败

debugging windbg

Debugging WinDbg x64:无法调试崩溃转储-加载数据访问DLL失败,debugging,windbg,dump,Debugging,Windbg,Dump,我将WinDbg连接到一个正在运行的进程，并使该进程崩溃（我有一个关于该案例的单独问题）。程序崩溃后，WinDbg停止并允许我调试程序。我用命令“.dump/ma”进行了一次坠机转储以便进一步调查该程序被编译为“任意CPU”，我使用WinDbg x64进行转储。现在，我再次在同一台计算机上打开WinDbg x64并打开崩溃转储。它是这样说的： Loading Dump File [C:\crashdump.dmp] User Mini Dump File with Full Memory: O

我将WinDbg连接到一个正在运行的进程，并使该进程崩溃（我有一个关于该案例的单独问题）。程序崩溃后，WinDbg停止并允许我调试程序。我用命令“.dump/ma”进行了一次坠机转储以便进一步调查

该程序被编译为“任意CPU”，我使用WinDbg x64进行转储。现在，我再次在同一台计算机上打开WinDbg x64并打开崩溃转储。它是这样说的：

Loading Dump File [C:\crashdump.dmp]
User Mini Dump File with Full Memory: Only application data is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Mon Aug 15 10:24:57.000 2011 (UTC + 1:00)
System Uptime: 17 days 0:54:39.021
Process Uptime: 12 days 14:01:31.000
................................................................
...............................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1be0.b78): Access violation - code c0000005 (first/second chance not available)
*** WARNING: symbols timestamp is wrong 0x4dd2333e 0x4da4281c for clr.dll
clr!WKS::gc_heap::find_first_object+0x92:
000007fe`ea129a1d f70100000080    test    dword ptr [rcx],80000000h ds:00000000`00003d80=????????

然后，我尝试通过“.load SOS clr”加载SOS，但出现以下错误：

The call to LoadLibrary(sos clr) failed, Win32 error 0n2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.

尝试使用“.loadby sos clr”，它可以正常工作。现在我想看到带有“！clrstack”的堆栈，并坚持在这里：

Failed to load data access DLL, 0x80004005
Verify that 1) you have a recent build of the debugger (6.2.14 or newer)
            2) the file mscordacwks.dll that matches your version of clr.dll is 
                in the version directory
            3) or, if you are debugging a dump file, verify that the file 
                mscordacwks_<arch>_<arch>_<version>.dll is on your symbol path.
            4) you are debugging on the same architecture as the dump file.
                For example, an IA64 dump file must be debugged on an IA64
                machine.

You can also run the debugger command .cordll to control the debugger's
load of mscordacwks.dll.  .cordll -ve -u -l will do a verbose reload.
If that succeeds, the SOS command should work on retry.

If you are debugging a minidump, you need to make sure that your executable
path is pointing to clr.dll as well.

卡住了。当进程在WinDgb下运行时，我可以暂停执行，加载SOS 并成功执行“！clrstack”命令

有什么想法吗？多谢各位

更新-按照第二个答案中提供的步骤操作，仍然不起作用。

1）我的符号路径：SRV*c:\symbols*http://msdl.microsoft.com/download/symbols;srv*

2）已加载CLR:4.0.30319。237：

0:027> lm v clr
Unknown option 'r'
start             end                 module name
00000000`77b60000 00000000`77d09000   ntdll      (pdb symbols)          c:\symbols\ntdll.pdb\6192BFDB9F04442995FFCB0BE95172E12\ntdll.pdb
    Loaded symbol image file: ntdll.dll
    Image path: C:\Windows\System32\ntdll.dll
    Image name: ntdll.dll
    Timestamp:        Sat Nov 20 13:11:21 2010 (4CE7C8F9)
    CheckSum:         001B55EA
    ImageSize:        001A9000
    File version:     6.1.7601.17514
    Product version:  6.1.7601.17514
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntdll.dll
    OriginalFilename: ntdll.dll
    ProductVersion:   6.1.7601.17514
    FileVersion:      6.1.7601.17514 (win7sp1_rtm.101119-1850)
    FileDescription:  NT Layer DLL
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
000007fe`e9fb0000 000007fe`ea915000   clr      # (pdb symbols)          c:\symbols\clr.pdb\1A7EA01DA29549DAB2B0BD012A6C5BA12\clr.pdb
    Loaded symbol image file: clr.dll
    Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
    Image name: clr.dll
    Timestamp:        Tue May 17 09:35:10 2011 (4DD2333E)
    CheckSum:         00967144
    ImageSize:        00965000
    File version:     4.0.30319.237
    Product version:  4.0.30319.237
    File flags:       8 (Mask 3F) Private
    File OS:          4 Unknown Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® .NET Framework
    InternalName:     clr.dll
    OriginalFilename: clr.dll
    ProductVersion:   4.0.30319.235
    FileVersion:      4.0.30319.235 (RTMGDR.030319-2300)
    PrivateBuild:     DDBLD240
    FileDescription:  Microsoft .NET Runtime Common Language Runtime - WorkStation
    LegalCopyright:   © Microsoft Corporation.  All rights reserved.
    Comments:         Flavor=Retail

3） “C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll”的版本为4.0.30319。239

4）我发现，当我将转储加载到WinDbg时，它会从web加载正确的“mscordacwks.dll”，因此在文件夹“C:\symbols\mscordacwks\u AMD64\u AMD64\u 4.0.30319.237.dll\4dd233e965000”中，我有文件“mscordacwks\u AMD64\u AMD64\u 4.0.30319.237.dll”

(五)

(六)

7）

0:027>！clrstack
SYMSRV:C:\Program Files\Debugging Tools for Windows（x64）\sym\mscordacwks\u AMD64\u AMD64\u 4.0.30319.237.dll\4dd233e965000\mscordacwks\u AMD64\u AMD64\u 4.0.30319.237.dll未找到
SYMSRV:mscordacwks_AMD64_AMD64_4.0.30319.237.dll来自http://msdl.microsoft.com/download/symbols: 502892字节-已复制
DBGHELP:C:\Program Files\Debugging Tools for Windows（x64）\sym\mscordacwks\u AMD64\u AMD64\u 4.0.30319.237.dll\4dd233e965000\mscordacwks\u AMD64\u AMD64\u 4.0.30319.237.dll缓存到C:\Program Files\u Debugging Tools for Windows（x64）\sym\mscordacwks\u AMD64\u AMD64\u 4.0.30319.237.dll\mscordacwks\u AMD64\u AMD64.237.dll
DBGHELP:C:\Program Files\Debugging Tools for Windows（x64）\sym\mscordacwks\u AMD64\u AMD64\u 4.0.30319.237.dll\4DD233F317b000\mscordacwks\u AMD64\u AMD64\u 4.0.30319.237.dll-确定
无法加载数据访问DLL，0x80004005
验证1）您是否拥有调试器的最新版本（6.2.14或更新版本）
2） 与您的clr.dll版本匹配的文件mscordacwks.dll是
在版本目录中
3） 或者，如果正在调试转储文件，请验证该文件
mscordacwks______.dll位于符号路径上。
4） 您正在与转储文件相同的体系结构上进行调试。
例如，必须在IA64上调试IA64转储文件
机器。
您还可以运行调试器命令.cordl来控制调试器的
加载mscordacwks.dll。Cordell-ve-u-l将执行详细的重新加载。
如果成功，SOS命令应在重试时工作。
如果您正在调试小型转储，则需要确保您的可执行文件
路径也指向clr.dll。

听起来像是您自定义安装了windbg，但没有选择所需的所有扩展。Win32错误n2通常是这个问题的标志。

我在调试站点的小型转储时经常遇到这个问题。我不确定你的情况是怎么发生的。通常，当获取转储时加载的CLR版本在调试计算机上不可用时，会发生这种情况。在你的例子中，它们是同一台机器，所以它应该都能正常工作。我相信会有其他人能够确切地解释为什么不是这样

同时，以下是我如何处理我的站点转储。Windbg正在寻找mscordacwks.dll的“正确版本”。所以我们给它那个版本，告诉它在哪里可以找到它

首先-如果我通过删除mscordacwks.dll欺骗了所有这一切，windbg将关闭并从Microsoft symbol服务器加载它，因此请确保您的符号设置正确，以便从Microsoft symbol服务器下载符号，然后再试一次

现在-假设这不起作用，检查哪个版本是“正确的版本”。用“lm v clr”列出模块信息，并检查实际加载的clr版本。我的是4.0.30319.239。好的-现在找到该版本的mscordacwks.dll。假设它可以在计算机上的正常.NET framework安装中找到（C:\Windows\Microsoft.NET\Framework64\v4.0.30319）。请检查版本是否完全匹配（右键单击、属性等）！把它放在一个安全的地方（我使用D:\Symbols\\ U图像）。按照windbg为您提供的有关重命名文件的说明进行操作。mscordacwks_.dll将是mscordacwks_AMD64_AMD64_4.0.30319.239.dll

现在设置您的可执行映像路径（“.exepath D:\Symbols\\u Images”），以便windbg知道您将其放置在何处

现在，您已经获得了“正确版本的mscordacwks”，并将其重命名，以便Windbg知道它在寻找什么，并告诉它您将它放在了哪里

如果仍然不起作用，请尝试“.cordell-ve-u-l”和“！sym noise”打开Cordell加载和符号服务器的详细日志记录，然后尝试！再重复一遍。也许这两个命令的输出会准确地告诉您它要加载什么，您可以找出它为什么不加载…

您要调试的是32位的进程吗？任务管理器进程列表说了什么？如果是32位进程，则需要使用32位windbg。否则，我不明白为什么

。加载sos clr

会失败

附言：（windbg noob警报），所以如果这听起来很蹩脚，我道歉。只是想帮点忙。

我花了一天的时间调试了一些我们遇到这种情况的案例。与崩溃发生在同一个盒子上的SOS+CLR无法在WinDbg中加载，“lm v”报告了两个不同的版本

0:027> lm v clr
Unknown option 'r'
start             end                 module name
00000000`77b60000 00000000`77d09000   ntdll      (pdb symbols)          c:\symbols\ntdll.pdb\6192BFDB9F04442995FFCB0BE95172E12\ntdll.pdb
    Loaded symbol image file: ntdll.dll
    Image path: C:\Windows\System32\ntdll.dll
    Image name: ntdll.dll
    Timestamp:        Sat Nov 20 13:11:21 2010 (4CE7C8F9)
    CheckSum:         001B55EA
    ImageSize:        001A9000
    File version:     6.1.7601.17514
    Product version:  6.1.7601.17514
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntdll.dll
    OriginalFilename: ntdll.dll
    ProductVersion:   6.1.7601.17514
    FileVersion:      6.1.7601.17514 (win7sp1_rtm.101119-1850)
    FileDescription:  NT Layer DLL
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
000007fe`e9fb0000 000007fe`ea915000   clr      # (pdb symbols)          c:\symbols\clr.pdb\1A7EA01DA29549DAB2B0BD012A6C5BA12\clr.pdb
    Loaded symbol image file: clr.dll
    Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
    Image name: clr.dll
    Timestamp:        Tue May 17 09:35:10 2011 (4DD2333E)
    CheckSum:         00967144
    ImageSize:        00965000
    File version:     4.0.30319.237
    Product version:  4.0.30319.237
    File flags:       8 (Mask 3F) Private
    File OS:          4 Unknown Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® .NET Framework
    InternalName:     clr.dll
    OriginalFilename: clr.dll
    ProductVersion:   4.0.30319.235
    FileVersion:      4.0.30319.235 (RTMGDR.030319-2300)
    PrivateBuild:     DDBLD240
    FileDescription:  Microsoft .NET Runtime Common Language Runtime - WorkStation
    LegalCopyright:   © Microsoft Corporation.  All rights reserved.
    Comments:         Flavor=Retail

0:027> .cordll -ve -u -l
CLR DLL status: No load attempts

0:027> !sym noisy
noisy mode - symbol prompts on
0:027> .restart

Loading Dump File [C:\crashdump.dmp]
User Mini Dump File with Full Memory: Only application data is available

DBGHELP: Symbol Search Path: srv*;srv*c:\symbols*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: cache*;SRV*http://msdl.microsoft.com/download/symbols;srv*c:\symbols*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: cache*;SRV*http://msdl.microsoft.com/download/symbols;srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Mon Aug 15 10:24:57.000 2011 (UTC + 1:00)
System Uptime: 17 days 0:54:39.021
Process Uptime: 12 days 14:01:31.000
................................................................
...............................................................
DBGHELP: ntdll - public symbols  
         C:\Program Files\Debugging Tools for Windows (x64)\sym\ntdll.pdb\6192BFDB9F04442995FFCB0BE95172E12\ntdll.pdb
DBGHELP: Symbol Search Path: cache*;SRV*http://msdl.microsoft.com/download/symbols;srv*c:\symbols*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: cache*;SRV*http://msdl.microsoft.com/download/symbols;srv*c:\symbols*http://msdl.microsoft.com/download/symbols
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1be0.b78): Access violation - code c0000005 (first/second chance not available)
*** WARNING: symbols timestamp is wrong 0x4dd2333e 0x4da4281c for clr.dll
DBGHELP: clr - public symbols  
         C:\Program Files\Debugging Tools for Windows (x64)\sym\clr.pdb\1A7EA01DA29549DAB2B0BD012A6C5BA12\clr.pdb
clr!WKS::gc_heap::find_first_object+0x92:
000007fe`ea129a1d f70100000080    test    dword ptr [rcx],80000000h ds:00000000`00003d80=????????

0:027> !clrstack
SYMSRV:  C:\Program Files\Debugging Tools for Windows (x64)\sym\mscordacwks_AMD64_AMD64_4.0.30319.237.dll\4DD2333E965000\mscordacwks_AMD64_AMD64_4.0.30319.237.dll not found
SYMSRV:  mscordacwks_AMD64_AMD64_4.0.30319.237.dll from http://msdl.microsoft.com/download/symbols: 502892 bytes - copied         
DBGHELP: C:\Program Files\Debugging Tools for Windows (x64)\sym\mscordacwks_AMD64_AMD64_4.0.30319.237.dll\4DD2333E965000\mscordacwks_AMD64_AMD64_4.0.30319.237.dll cached to C:\Program Files\Debugging Tools for Windows (x64)\sym\mscordacwks_AMD64_AMD64_4.0.30319.237.dll\4DD233F317b000\mscordacwks_AMD64_AMD64_4.0.30319.237.dll
DBGHELP: C:\Program Files\Debugging Tools for Windows (x64)\sym\mscordacwks_AMD64_AMD64_4.0.30319.237.dll\4DD233F317b000\mscordacwks_AMD64_AMD64_4.0.30319.237.dll - OK
Failed to load data access DLL, 0x80004005
Verify that 1) you have a recent build of the debugger (6.2.14 or newer)
            2) the file mscordacwks.dll that matches your version of clr.dll is 
                in the version directory
            3) or, if you are debugging a dump file, verify that the file 
                mscordacwks_<arch>_<arch>_<version>.dll is on your symbol path.
            4) you are debugging on the same architecture as the dump file.
                For example, an IA64 dump file must be debugged on an IA64
                machine.

You can also run the debugger command .cordll to control the debugger's
load of mscordacwks.dll.  .cordll -ve -u -l will do a verbose reload.
If that succeeds, the SOS command should work on retry.

If you are debugging a minidump, you need to make sure that your executable
path is pointing to clr.dll as well.

0:011> lm vM *clr.dll start end module name 000007fe`f2f50000 000007fe`f38b0000 clr # (pdb symbols) c:\symbols\clr.pdb\EDFF900AC9B94C1D9B32696A7759891A2\clr.pdb Loaded symbol image file: clr.dll Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll Image name: clr.dll Timestamp: Sun Apr 21 03:36:04 2013 (5173C114) CheckSum: 0095F379 ImageSize: 00960000 File version: 4.0.30319.18052 Product version: 4.0.30319.18052 File flags: 8 (Mask 3F) Private File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® .NET Framework InternalName: clr.dll OriginalFilename: clr.dll ProductVersion: 4.0.30319.18047 FileVersion: 4.0.30319.18047 built by: FX45RTMGDR PrivateBuild: DDBLD320 FileDescription: Microsoft .NET Runtime Common Language Runtime - WorkStation LegalCopyright: © Microsoft Corporation. All rights reserved. Comments: Flavor=Retail MINIDUMP_MODULE : (pack:8 size:112) +0x000 .BaseOfImage UInt64 : 8791579230208 (0x7FEF2F50000) +0x008 .SizeOfImage UInt32 : 9830400 (0x960000) +0x00C .CheckSum UInt32 : 9827193 (0x95F379) +0x010 .TimeDateStamp UInt32 : 1366540564 (0x5173C114) +0x014 .ModuleNameRva UInt32 : 107828 (0x1A534) +0x018 .VersionInfo tagVS_FIXEDFILEINFO : (pack:8 size:52) +0x000 .dwSignature UInt32 : 4277077181 (0xFEEF04BD) +0x004 .dwStrucVersion UInt32 : 65536 (0x10000) +0x008 .dwFileVersionMS UInt32 : 262144 (0x40000) +0x00C .dwFileVersionLS UInt32 : 1987004036 (0x766F4684) 7fef2f50000 515530ce Mar 28 23:12:30 2013 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll 0:011> db 000007fe`f2f50000 000007fe`f2f50000 4d 5a 90 00 03 00 00 00-04 00 00 00 ff ff 00 00 MZ.............. 000007fe`f2f50010 b8 00 00 00 00 00 00 00-40 00 00 00 00 00 00 00 ........@....... 000007fe`f2f50020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 000007fe`f2f50030 00 00 00 00 00 00 00 00-00 00 00 00 18 01 00 00 ................ 000007fe`f2f50040 0e 1f ba 0e 00 b4 09 cd-21 b8 01 4c cd 21 54 68 ........!..L.!Th 000007fe`f2f50050 69 73 20 70 72 6f 67 72-61 6d 20 63 61 6e 6e 6f is program canno 000007fe`f2f50060 74 20 62 65 20 72 75 6e-20 69 6e 20 44 4f 53 20 t be run in DOS 000007fe`f2f50070 6d 6f 64 65 2e 0d 0d 0a-24 00 00 00 00 00 00 00 mode....$....... 0:011> db 000007fe`f2f50080 39 e4 28 ed 7d 85 46 be-7d 85 46 be 7d 85 46 be 9.(.}.F.}.F.}.F. 000007fe`f2f50090 81 f2 f8 be 79 85 46 be-81 f2 fa be 74 85 46 be ....y.F.....t.F. 000007fe`f2f500a0 74 fd c5 be 73 85 46 be-74 fd c2 be c9 85 46 be t...s.F.t.....F. 000007fe`f2f500b0 ee 41 8d be 7f 85 46 be-e3 25 81 be 7c 85 46 be .A....F..%..|.F. 000007fe`f2f500c0 ee 41 88 be 6b 85 46 be-ee 41 89 be 78 85 46 be .A..k.F..A..x.F. 000007fe`f2f500d0 ee 41 8b be 64 85 46 be-7d 85 47 be ca 87 46 be .A..d.F.}.G...F. 000007fe`f2f500e0 81 f2 ff be 76 85 46 be-ee 41 9e be 70 87 46 be ....v.F..A..p.F. 000007fe`f2f500f0 ee 41 8c be 7c 85 46 be-ee 41 8f be 7c 85 46 be .A..|.F..A..|.F. 0:011> 000007fe`f2f50100 ee 41 8a be 7c 85 46 be-52 69 63 68 7d 85 46 be .A..|.F.Rich}.F. 000007fe`f2f50110 00 00 00 00 00 00 00 00-50 45 00 00 64 86 06 00 ........PE..d... 000007fe`f2f50120 ce 30 55 51 00 00 00 00-00 00 00 00 f0 00 22 20 .0UQ.........." 000007fe`f2f50130 0b 02 0b 00 00 90 69 00-00 c2 2b 00 00 00 00 00 ......i...+..... 000007fe`f2f50140 40 51 13 00 00 10 00 00-00 00 f5 f2 fe 07 00 00 @Q.............. 000007fe`f2f50150 00 10 00 00 00 02 00 00-06 00 00 00 0a 00 00 00 ................ 000007fe`f2f50160 06 00 00 00 00 00 00 00-00 e0 95 00 00 04 00 00 ................ 000007fe`f2f50170 80 5f 96 00 02 00 60 01-00 00 10 00 00 00 00 00 ._....`.........