search

rodneyviana / netext

WinDbg extension for data mining managed heap. It also includes commands to list http request, wcf services, WIF tokens among others
http://blogs.msdn.microsoft.com/rodneyviana
Other
224 stars 35 forks source link

Getting "Init was performed but it could not start CLR" on windows memory dump #23

Open MarkKharitonov opened 2 weeks ago

MarkKharitonov commented 2 weeks ago

Describe the bug Unable to run any netext commands.

To Reproduce Steps to reproduce the behavior:

0:000> .chain
Extension DLL search Path:
    C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\WINXP;C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext;C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext\arcade;C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\pri;C:\Program Files (x86)\Windows Kits\10\Debuggers\x64;C:\Users\p11f70f\AppData\Local\Dbg\EngineExtensions;C:\Program Files (x86)\Windows Kits\10\Debuggers\x64;C:\Program Files\OpenSSH\;C:\Program Files\PowerShell\7;C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin;C:\Program Files\Python39\;C:\Program Files\Python39\Scripts\;C:\ProgramData\Boxstarter;C:\Program Files\Eclipse Adoptium\jdk-17.0.1.12-hotspot\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Plantronics\Spokes3G\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn\;C:\ProgramData\chocolatey\bin;C:\Program Files\PuTTY\;C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files\Microsoft SQL Server\150\DTS\Binn\;C:\Users\p11f70f\AppData\Roaming\nvm;C:\Program Files\nodejs;C:\Program Files\GitHub CLI\;C:\Program Files\Git LFS;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Git\cmd;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\PowerShell\7\;C:\Users\p11f70f\AppData\Local\Microsoft\WindowsApps;c:\dayforce\utils;C:\Users\p11f70f\.dotnet\tools;C:\Users\p11f70f\AppData\Local\Programs\Fiddler;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Users\p11f70f\AppData\Local\Programs\Azure Data Studio\bin;C:\Users\p11f70f\.terraform;c:\utils;C:\Users\p11f70f\AppData\Local\Google\Cloud SDK\google-cloud-sdk\bin;C:\Users\p11f70f\AppData\Roaming\nvm;C:\Program Files\nodejs;c:\utils\bind\;C:\WINDOWS\system32\config\systemprofile\.dotnet\tools;C:\Users\p11f70f\AppData\Local\Programs\Lens\resources\cli\bin;C:\Program Files\GitHub CLI;C:\Users\p11f70f\AppData\Local\Programs\Microsoft VS Code\bin;C:\Users\p11f70f\.dotnet\tools;C:\Program Files\Git\usr\bin;C:\Users\p11f70f\AppData\Local\GitHubDesktop\bin;C:\Users\p11f70f\AppData\Local\Microsoft\WindowsApps;;C:\Program Files\kbcli-windows-amd64;C:\Users\p11f70f\.dotnet\tools
Extension DLL chain:
    c:\utils\mex\x64\mex.dll: image 3.0.0.7172, API 2.0.0, built Wed Jul 13 17:53:52 2016
        [path: c:\utils\mex\x64\mex.dll]
    netext\NetExt.dll: image 2.1.65.5000, API 1.0.0, built Tue Aug 17 16:31:23 2021
        [path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\netext\NetExt.dll]
    c:\users\p11f70f\appdata\local\temp\symbolcache\SOS_AMD64_AMD64_4.8.4762.00.dll\66D8B382244000\SOS_AMD64_AMD64_4.8.4762.00.dll: image 4.8.4762.0, API 1.0.0, built Wed Sep  4 15:22:42 2024
        [path: c:\users\p11f70f\appdata\local\temp\symbolcache\SOS_AMD64_AMD64_4.8.4762.00.dll\66D8B382244000\SOS_AMD64_AMD64_4.8.4762.00.dll]
    c:\utils\sosex\64\sosex.dll: image 4.6.0.0, API 1.0.0, built Mon Mar 14 10:11:26 2016
        [path: c:\utils\sosex\64\sosex.dll]
    ELFBinComposition: image 10.0.22621.1778, API 0.0.0, 
        [path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext\ELFBinComposition.dll]
    dbghelp: image 10.0.22621.3233, API 10.0.6, 
        [path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbghelp.dll]
    exts: image 10.0.22621.1778, API 1.0.0, 
        [path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\WINXP\exts.dll]
    uext: image 10.0.22621.1778, API 1.0.0, 
        [path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext\uext.dll]
    ntsdexts: image 10.0.22621.1778, API 1.0.0, 
        [path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\WINXP\ntsdexts.dll]
0:000> !wk
Init was performed but it could not start CLR
Try running .cordll -l. Error: 8027025b

Expected behavior !wk should run just fine.

Desktop (please complete the following information):

Additional context The other extensions work fine:

sos

0:000> !SOS_AMD64_AMD64_4.8.4762.00.Threads
ThreadCount:      137
UnstartedThread:  0
BackgroundThread: 132
PendingThread:    0
DeadThread:       5
Hosted Runtime:   no
                                                                                                        Lock  
       ID OSID ThreadOBJ           State GC Mode     GC Alloc Context                  Domain           Count Apt Exception
  19    1  71c 000001da6a88ff90    20220 Preemptive  0000000000000000:0000000000000000 000001da6a79afa0 0     Ukn 
  40    2 1ca0 000001df78c10450    2b220 Preemptive  000001DDF30BF580:000001DDF30C0DD8 000001da6a79afa0 0     MTA (Finalizer) 
  42    8  e60 000001df79ed7870  102a220 Preemptive  0000000000000000:0000000000000000 000001da6a79afa0 0     MTA (Threadpool Worker) 
  43    9 2c44 000001df79fa5420    21220 Preemptive  0000000000000000:0000000000000000 000001da6a79afa0 0     Ukn 
  44   10 2b70 000001df7ba4b060  1020220 Preemptive  0000000000000000:0000000000000000 000001da6a79afa0 0     Ukn (Threadpool Worker) 
  45   12 20bc 000001df7e11b890  1029220 Preemptive  0000000000000000:0000000000000000 000001da6a79afa0 0     MTA (Threadpool Worker) 
  47   13 1fd4 000001df7e23cd70  1029220 Preemptive  0000000000000000:0000000000000000 000001da6a79afa0 0     MTA (Threadpool Worker) 
  48   14 2cec 000001df7e23da20  3029220 Preemptive  0000000000000000:0000000000000000 000001da04c309b0 0     MTA (Threadpool Worker) 
  49   15 21c4 000001df7e240b10  1029220 Preemptive  000001DB72EC1E18:000001DB72EC32D8 000001df7b00f040 1     MTA (Threadpool Worker) 
  50   16  a44 000001df7e244420  1029220 Preemptive  0000000000000000:0000000000000000 000001da6a79afa0 0     MTA (Threadpool Worker) 
  51   17 1a0c 000001df7e24a190  1029220 Preemptive  0000000000000000:0000000000000000 000001da6a79afa0 0     MTA (Threadpool Worker) 
  52   18 2c38 000001da6a2ec830  3029220 Preemptive  0000000000000000:0000000000000000 000001df7b00f040 0     MTA (Threadpool Worker) System.IO.IOException 000001db707cba68
  53   19 2a18 000001df7e24f2e0  1029220 Preemptive  0000000000000000:0000000000000000 000001df7b00f040 6     MTA (Threadpool Worker) 
  54   20 2edc 000001df7e256040  1029220 Preemptive  0000000000000000:0000000000000000 000001df7b00f040 6     MTA (Threadpool Worker) 
  55   21 2428 000001df7e252990  1029220 Preemptive  0000000000000000:0000000000000000 000001da6a79afa0 0     MTA (Threadpool Worker) 
  56   22  8f0 000001df7e2519f0  1029220 Preemptive  0000000000000000:0000000000000000 000001da6a79afa0 0     MTA (Threadpool Worker) 
...

sosex

0:000> !mk
Thread 0:
The current thread is unmanaged.

Plus I was able to build the heap index with !bhi just fine.

And the mex extension works fine too.

So, it is only the netext extension that refuses to run.

MarkKharitonov commented 2 weeks ago

OK, I made it work by changing my routine a little bit.

Originally, I first loaded the sosex extension and ran the !bhi command. Then loaded netext and then mex. And that does not work out for netext.

Now I first load sos, then sosex and then netext without mex. Now it works.

Do not know what this means. Maybe I should not load mex or maybe sos must be loaded first. In any case, I am good.