Home - Aria-Akbariyeh/Docs GitHub Wiki

How to investigate memory dumps.

  1. Open the Dump file in WinDbg.

  2. Load SOS extension:

For CLR below 4.0: .loadby sos mscorwks

For CLR 4.0: .loadby sos clr

For dumps taken from other machines, you may try the following:

.cordll -u -l -ve

Note: this command will make an attempt to load matching version from local machine but it may fail. If it failed, you'll need to make to have and load sos.dll and mscordacwks.dll from the machine where memory snapshot was collected. You'll need to load it using .load command.

  1. Download SOSEX extension and load it:

.load c:\sosex