The soswow64's discuss from poizan42

analyze -v does not work properly

It complains that: MANAGED_BITNESS_MISMATCH: Managed code needs matching platform for proper analysis. Use 'x64' debugger.

And does not show any "managed" information about the exception

No issues with library, just a suggestion

Hi, had tried your library and it works fine in WinDbg x86. :)
Just one question - If I build x64 binary, it will work in WinDBG x64?
So my suggestion is to maybe just put download of compiled soswow64 library for download as I'm not sure how many .NET developers know how to compile with C++.
Best Regards,

!clrstack command does not work.

Many sos commands worked, but !clrstack command does not work.

Compiled x86 ver under .NET Framework 3.5 with VS2008.

Run app(x86) in Windows 10 (x64, ver.1803)
Open the taskmgr(x64) and create dump file.
Open dump file using Windbg(x86, ver.6.11.0001.404)
Run the following commands:

User Mini Dump File with Full Memory: Only application data is available

Executable search path is: 
Windows 7 Version 17134 MP (4 procs) Free x64
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Fri May 31 10:20:32.000 2019 (GMT+9)
System Uptime: 15 days 6:17:10.492
Process Uptime: 0 days 0:03:13.000
................................................................
wow64cpu!TurboDispatchJumpAddressEnd+0x544:
00000000`77371e4c c3              ret

0:000> lmvm mscorwks
start             end                 module name
00000000`6d010000 00000000`6d5c0000   mscorwks   (deferred)             
    Image path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    Image name: mscorwks.dll
    Timestamp:        Thu Mar 28 13:23:02 2019 (5C9C4C26)
    CheckSum:         005AF486
    ImageSize:        005B0000
    File version:     2.0.50727.8941
    Product version:  2.0.50727.8941
    File flags:       0 (Mask 3F)
    File OS:          4 Unknown Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® .NET Framework
    InternalName:     mscorwks.dll
    OriginalFilename: mscorwks.dll
    ProductVersion:   2.0.50727.8941
    FileVersion:      2.0.50727.8941 (WinRelRS4.050727-8900)
    FileDescription:  Microsoft .NET Runtime Common Language Runtime - WorkStation
    LegalCopyright:   © Microsoft Corporation.  All rights reserved.
    Comments:         Flavor=Retail

0:000> .exepath D:\analysis\x86\2.0.50727.8941
Executable image search path is: D:\analysis\x86\2.0.50727.8941
Expanded Executable image search path is: d:\analysis\x86\2.0.50727.8941

0:000> .cordll -ve -u -l
CLR DLL status: No load attempts

0:000> !wow64exts.sw
Switched to 32bit mode

0:000:x86> .loadby sos mscorwks

0:000:x86> .load D:\analysis\tools\soswow64\soswow64.dll
Successfully hooked IDebugControl::GetExecutingProcessorType.
Successfully patched DbgEng!X86MachineInfo::ConvertCanonContextToTarget.

0:000:x86> !threads
ThreadCount: 2
UnstartedThread: 0
BackgroundThread: 1
PendingThread: 0
DeadThread: 0
Hosted Runtime: no
                                      PreEmptive   GC Alloc           Lock
       ID OSID ThreadOBJ    State     GC       Context       Domain   Count APT Exception
   0    1 3378 0000000000e30308      6020 Enabled  000000000305e2bc:000000000305e798 0000000000e2b258     0 STA
   5    2 31bc 0000000000e3d6e0      b220 Enabled  0000000000000000:0000000000000000 0000000000e2b258     0 MTA (Finalizer)

0:000:x86> !dso
OS Thread Id: 0x3378 (0)
ESP/REG  Object   Name
ebx      0000000003013ef8 System.Windows.Forms.Application+ThreadContext
esi      000000000305c3f4 System.Windows.Forms.Application+ComponentManager+ComponentHashtableEntry
edi      000000000305e298 System.Collections.Hashtable+HashtableEnumerator
0000000000b5f0b4 000000000305d1b0 System.Windows.Forms.NativeMethods+MSG[]
0000000000b5f0b8 0000000003013ef8 System.Windows.Forms.Application+ThreadContext
0000000000b5f0c0 000000000305c3ac System.Windows.Forms.Application+ComponentManager
0000000000b5f108 000000000305726c System.Windows.Forms.ApplicationContext
0000000000b5f110 000000000305726c System.Windows.Forms.ApplicationContext
0000000000b5f138 0000000003013ef8 System.Windows.Forms.Application+ThreadContext
0000000000b5f160 000000000305726c System.Windows.Forms.ApplicationContext
0000000000b5f164 0000000003013ef8 System.Windows.Forms.Application+ThreadContext
0000000000b5f174 000000000305726c System.Windows.Forms.ApplicationContext
0000000000b5f190 00000000030134c4 WindowsFormsApplication6.Form1
0000000000b5f194 000000000305726c System.Windows.Forms.ApplicationContext
0000000000b5f198 0000000003013ef8 System.Windows.Forms.Application+ThreadContext
0000000000b5f1a4 000000000305726c System.Windows.Forms.ApplicationContext
0000000000b5f1bc 00000000030134c4 WindowsFormsApplication6.Form1

0:000:x86> !clrstack
OS Thread Id: 0x3378 (0)
Failed to start stack walk: 80070057

0:000:x86> kb
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
00b5f114 6b1f9c77 00000000 ffffffff 00000000 win32u!NtUserWaitMessage+0xc
00b5f16c 6b1f9ac1 0305726c 1e650002 00000000 System_Windows_Forms_ni+0x209c77
00b5f19c 6b1b6911 0305726c 00b5f1ec 00e30308 System_Windows_Forms_ni+0x209ac1
00b5f1c0 6d011b6c 007b2d4c 00000001 00b5f250 System_Windows_Forms_ni+0x1c6911
00b5f1d0 6d02854b 00b5f2a0 00000000 00b5f270 mscorwks+0x1b6c
00b5f250 6d0305eb 00b5f2a0 00000000 00b5f270 mscorwks+0x1854b
00b5f394 6d03061e 00dac020 00b5f460 00b5f42c mscorwks+0x205eb
00b5f3b0 6d03063c 00dac020 00b5f460 00b5f42c mscorwks+0x2061e
00b5f3c8 6d0f084d 00b5f42c 20818181 00000000 mscorwks+0x2063c
00b5f52c 6d0f076d 00da302c 00000001 00b5f568 mscorwks!GetPrivateContextsPerfCounters+0x345c2
00b5f794 6d0f0c8a 00000000 208188c9 00000001 mscorwks!GetPrivateContextsPerfCounters+0x344e2
00b5fc64 6d0f0e74 007b0000 00000000 20818819 mscorwks!GetPrivateContextsPerfCounters+0x349ff
00b5fcb4 6d0f0da4 007b0000 20818851 00000000 mscorwks!CorExeMain+0x168
00b5fcfc 7070d93b 74f50efa 71344e10 7070d8c0 mscorwks!CorExeMain+0x98
00b5fd3c 7133e8b9 71344e10 70700000 41d0f1e0 mscoreei!CorExeMain+0x7b
00b5fd50 71344e18 71344e10 74758494 00956000 mscoree!DllUnregisterServer+0x169
00b5fd6c 774641c8 00956000 96fc377c 00000000 mscoree!CorExeMain+0x8
00b5fdb4 77464198 ffffffff 7747f325 00000000 ntdll_77400000!RtlAreBitsSet+0x88
00b5fdc4 00000000 71344e10 00956000 00000000 ntdll_77400000!RtlAreBitsSet+0x58

Could you help me solve my problem?

Failed patching DbgEng!X86MachineInfo

.load soswow64
Successfully hooked IDebugControl::GetExecutingProcessorType.
Failed patching DbgEng!X86MachineInfo::ConvertCanonContextToTarget, stack related commands may not work correctly.

WinDbg 10.0.19041.685
dbgeng.zip

Can't run on Windows 7

Compiled under VS 2013, but could not load into Windbg(x86)

.load soswow64
The call to LoadLibrary(soswow64.dll) failed, Win32 error 0n126
"The specified module could not be found."

ProcessMonitor showed that it tried to load 'api-ms-win-core-libraryloader-l1-2-0.dll' that doesn't exist on Win 7.
Changing linker input project properties from mincore.lib (required for VerQueryValue) to version.lib fixed the issue

poizan42 / soswow64 Goto Github PK

soswow64's Issues

analyze -v does not work properly

No issues with library, just a suggestion

!clrstack command does not work.

Failed patching DbgEng!X86MachineInfo

Can't run on Windows 7

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs