Just a short explanation of how to take process dump using CDB.

First you need to get Debugging Tools for Windows. To get Debugging Tools as a standalone tool set you can just download Windows SDK and during installation select Debugging Tools for Windows:

Once Debugging tools for Windows are downloaded and installed you can find cdb.exe in the following location – C:\Program Files (x86)\Windows Kits\10\Debuggers\x64 (note that number highlighted in bold may vary depending on SDK version installed – in my case it is 10, and you obviously have cdb.exe for different platforms – x86/x64 etc. – just navigate to appropriate subfolder of Debuggers folder).

To take dump launch CMD in elevated mode, switch directory to CDB location and execute cdb -p <PROCESS PID> to take crash dump (remember that PID information can be found in Task Manager or retrieved with PowerShell using Get-Process “%ProcessName%” | select -expand id):

At this stage CDB is attached to process and closing this CMD window will terminate process you are attached to. Once CDB is loaded type in the following commands:

..loadby sos clr

!Thread

You will receive “No export Thread found” error – it can be ignored, and some more commands needs to be executed. First run !StopOnException -create System.StackOverflowException it may not work from the first attempt, just re-run it once again until you see confirmation that breakpoint was created:

Once breakpoint is set type gn and wait for process crash:

When process crashed the following commands have to be executed:

.logopen C:\dumps\k2hostserver.log

!ClrStack

.logclose

.dump /ma /u C:\dumps\process.dmp

gn

gn

….

Repeat typing gn until you get “there is no debugee” message. Your dump will be written in the location you specified above (C:\dumps\process.dmp).

Please follow and like us:

0