none
windbg] how to save unknown module from appdomain RRS feed

  • Question

  • here is result

    0:019> !dumpdomain
    --------------------------------------
    System Domain: 7a3d6bd8
    LowFrequencyHeap: 7a3d6bfc
    HighFrequencyHeap: 7a3d6c48
    StubHeap: 7a3d6c94
    Stage: OPEN
    Name: None
    --------------------------------------
    Shared Domain: 7a3d6528
    LowFrequencyHeap: 7a3d654c
    HighFrequencyHeap: 7a3d6598
    StubHeap: 7a3d65e4
    Stage: OPEN
    Name: None
    Assembly: 001723f0
    --------------------------------------
    Domain 1: 00158948
    LowFrequencyHeap: 0015896c
    HighFrequencyHeap: 001589b8
    StubHeap: 00158a04
    Stage: OPEN
    SecurityDescriptor: 00155160
    Name: Test_Exe.exe
    Assembly: 001723f0 [C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll]
    ClassLoader: 00172460
    SecurityDescriptor: 0015eed8
      Module Name
    790c1000 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    00a22354 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
    00a22010 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

    Assembly: 0018b680 [C:\Documents and Settings\Owner\Desktop\Test_Exe.exe]
    ClassLoader: 0018e820
    SecurityDescriptor: 0018bbb8
      Module Name
    00a02c5c C:\Documents and Settings\Owner\Desktop\Test_Exe.exe

    Assembly: 00190f78 [C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll]
    ClassLoader: 00194268
    SecurityDescriptor: 0018e798
      Module Name
    7a441000 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

    Assembly: 001972c8 [C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll]
    ClassLoader: 00194168
    SecurityDescriptor: 00193f60
      Module Name
    7afd1000 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

    Assembly: 00196e00 [C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll]
    ClassLoader: 00196e70
    SecurityDescriptor: 00196cf0
      Module Name
    7ade1000 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

    Assembly: 0019a190 [C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll]
    ClassLoader: 0019a318
    SecurityDescriptor: 0019b9a8
      Module Name
    5e431000 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

    Assembly: 0019b2e0 [C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll]
    ClassLoader: 0019f380
    SecurityDescriptor: 0019b258
      Module Name
    637a1000 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

    Assembly: 001a0a40 []
    ClassLoader: 001ad3e8
    SecurityDescriptor: 001b1800
      Module Name
    03575a14 Unknown Module

    Assembly: 001bab88 [C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll]
    ClassLoader: 001a65a0
    SecurityDescriptor: 001a7aa0
      Module Name
    67771000 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

    Live user mode: <Local>

    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.

    command line: '"C:\Program Files\Debugging Tools for Windows (x86)\windbg.exe" '  Debugger Process 0x550 
    dbgeng:  image 6.11.0001.404, built Wed Feb 25 19:55:43 2009
            [path: C:\Program Files\Debugging Tools for Windows (x86)\dbgeng.dll]
    dbghelp: image 6.11.0001.404, built Wed Feb 25 19:55:30 2009
            [path: C:\Program Files\Debugging Tools for Windows (x86)\dbghelp.dll]
            DIA version: 11212
    Extension DLL search Path:
        C:\Program Files\Debugging Tools for Windows (x86)\WINXP;C:\Program Files\Debugging Tools for Windows (x86)\winext;C:\Program Files\Debugging Tools for Windows (x86)\winext\arcade;C:\Program Files\Debugging Tools for Windows (x86)\pri;C:\Program Files\Debugging Tools for Windows (x86);C:\Program Files\Debugging Tools for Windows (x86)\winext\arcade;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\
    Extension DLL chain:
        C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sos: image 2.0.50727.3655, API 1.0.0, built Tue Oct 22 16:03:23 2013
            [path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sos.dll]
        dbghelp: image 6.11.0001.404, API 6.1.6, built Wed Feb 25 19:55:30 2009
            [path: C:\Program Files\Debugging Tools for Windows (x86)\dbghelp.dll]
        ext: image 6.11.0001.404, API 1.0.0, built Wed Feb 25 19:55:30 2009
            [path: C:\Program Files\Debugging Tools for Windows (x86)\winext\ext.dll]
        exts: image 6.11.0001.404, API 1.0.0, built Wed Feb 25 19:55:24 2009
            [path: C:\Program Files\Debugging Tools for Windows (x86)\WINXP\exts.dll]
        uext: image 6.11.0001.404, API 1.0.0, built Wed Feb 25 19:55:26 2009
            [path: C:\Program Files\Debugging Tools for Windows (x86)\winext\uext.dll]
        ntsdexts: image 6.1.7015.0, API 1.0.0, built Wed Feb 25 19:54:43 2009
            [path: C:\Program Files\Debugging Tools for Windows (x86)\WINXP\ntsdexts.dll]
    0:019> !dumpmodule 03575a14
    Name: Unknown Module
    Attributes: PEFile 
    Assembly: 001a0a40
    LoaderHeap: 00000000
    TypeDefToMethodTableMap: 0359518c
    TypeRefToMethodTableMap: 035957e0
    MethodDefToDescMap: 03595970
    FieldDefToDescMap: 03596068
    MemberRefToDescMap: 0359614c
    FileReferencesMap: 035963e4
    AssemblyReferencesMap: 035963e8
    0:019> !analyze
    *******************************************************************************
    *                                                                             *
    *                        Exception Analysis                                   *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    ***** OS symbols are WRONG. Please fix symbols to do analysis.

    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: ntdll!_PEB                                    ***
    ***                                                                   ***
    *************************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    *********************************************************************
    * Symbols can not be loaded because symbol path is not initialized. *
    *                                                                   *
    * The Symbol Path can be set by:                                    *
    *   using the _NT_SYMBOL_PATH environment variable.                 *
    *   using the -y <symbol_path> argument when starting the debugger. *
    *   using .sympath and .sympath+                                    *
    *********************************************************************
    *** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\system32\xpsp2res.dll
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\gdiplus.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\uxtheme.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\comctl32.dll - 
    *** WARNING: Unable to verify checksum for C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\aa86b1a0c9a5bd2a973bef106c0461f9\Microsoft.VisualBasic.ni.dll
    *** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\aa86b1a0c9a5bd2a973bef106c0461f9\Microsoft.VisualBasic.ni.dll
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\LPK.DLL - 
    *** WARNING: Unable to verify checksum for C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
    *** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - 
    *** WARNING: Unable to verify checksum for C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fd639d8d8def70deaf3b26cd073577f3\System.Runtime.Remoting.ni.dll
    *** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fd639d8d8def70deaf3b26cd073577f3\System.Runtime.Remoting.ni.dll
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\rsaenh.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\MSCTF.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\USP10.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\msctfime.ime - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\IMM32.DLL - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\psapi.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\WINTRUST.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\IMAGEHLP.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\CRYPT32.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\MSASN1.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\msvcrt.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\GDI32.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\SHLWAPI.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\Secur32.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952\MSVCR80.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\mscoree,dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - 
    *** WARNING: Unable to verify checksum for C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
    *** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
    *** WARNING: Unable to verify checksum for C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
    *** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
    *** WARNING: Unable to verify checksum for C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
    *** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\shell32.dll - 
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll - 
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: IMAGE_NT_HEADERS32                            ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: kernel32!pNlsUserInfo                         ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: kernel32!pNlsUserInfo                         ***
    ***                                                                   ***
    *************************************************************************
    Probably caused by : ion.dll ( ion+4bb001e )

    Followup: MachineOwner
    ---------

    how can i save 

    0:019> !dumpmodule 03575a14
    Name: Unknown Module
    Attributes: PEFile 
    Assembly: 001a0a40
    LoaderHeap: 00000000
    TypeDefToMethodTableMap: 0359518c
    TypeRefToMethodTableMap: 035957e0
    MethodDefToDescMap: 03595970
    FieldDefToDescMap: 03596068
    MemberRefToDescMap: 0359614c
    FileReferencesMap: 035963e4
    AssemblyReferencesMap: 035963e8

    • Moved by Carl Cai Monday, May 19, 2014 2:11 AM More related
    Sunday, May 18, 2014 6:19 AM

All replies

  • Hi,

    I have moved this thread to the forum which is more dedicated for issues related to Windbg to get better supports.

    Thanks for your understanding.

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, May 19, 2014 2:13 AM