使用64位任务管理器转储的32位.NET进程dump，WinDbg如何调试

如果是如题所述的Dump文件。

当使用WinDbg Preview调试时，输入命令!threads，提示如下：

0:000> !threads
The version of SOS does not match the version of CLR you are debugging.  Please
load the matching version of SOS for the version of CLR you are debugging.
CLR Version: 4.7.3750.0
SOS Version: 4.8.4420.0
Failed to load data access DLL, 0x80004005
Verify that 1) you have a recent build of the debugger (6.2.14 or newer)
            2) the file mscordacwks.dll that matches your version of clr.dll is 
                in the version directory or on the symbol path
            3) or, if you are debugging a dump file, verify that the file 
                mscordacwks_<arch>_<arch>_<version>.dll is on your symbol path.
            4) you are debugging on supported cross platform architecture as 
                the dump file. For example, an ARM dump file must be debugged
                on an X86 or an ARM machine; an AMD64 dump file must be
                debugged on an AMD64 machine.

You can also run the debugger command .cordll to control the debugger's
load of mscordacwks.dll.  .cordll -ve -u -l will do a verbose reload.
If that succeeds, the SOS command should work on retry.

If you are debugging a minidump, you need to make sure that your executable
path is pointing to clr.dll as well.

即使去生成dump的机器上Copy了相关版本的dll(sos、clr、mscordacwks)再加载，也是不行，其实吧，就是工具用错了😂

应该使用对应32位版本的WinDbg(X86)工具调试，但是当我输入命令时提示依然不对：

0:000> !threads
SOS does not support the current target architecture.

这看起来就是SOS不对口呗，后来几经周折，在stackoverflow上找到了一个靠谱儿的答案：

 最终，需要加载一个soswow64.dll工具来协助，大家可以看下这个工具的介绍，稍微了解一下：

WOW64

将soswow64.dll放到一个文件夹下，比如C:\DLL\soswow64.dll

再来打开Windbg调试器：使用命令加载此dll

.load C:\DLL\soswow64.dll

 0:000> .load C:\DLL\soswow64.dll
Successfully hooked IDebugControl::GetExecutingProcessorType.
Failed patching DbgEng!X86MachineInfo::ConvertCanonContextToTarget, stack related commands may not work correctly.

注意以上Failed提示，部分堆栈相关命令可能无法正常工作，但问题不大，先继续！

然后，使用命令!wow64exts.sw切换到x86模式下
0:000> !wow64exts.sw
Switched to Guest (WoW) mode

Ok，万事俱备，接下来就可以正常的玩耍了：

0:000:x86> !t
ThreadCount:      26
UnstartedThread:  0
BackgroundThread: 18
PendingThread:    0
DeadThread:       7
Hosted Runtime:   no
                                                                         Lock  
       ID OSID ThreadOBJ    State GC Mode     GC Alloc Context  Domain   Count Apt Exception
   0    1 2ac8 00e55220     26020 Preemptive  03019044:00000000 00e4f428 0     STA System.Runtime.InteropServices.ExternalException 0300147c (nested exceptions)
   2    2 2900 00e646f0     2b220 Preemptive  00000000:00000000 00e4f428 0     MTA (Finalizer) 
   4    3 298c 00f296f0   102a220 Preemptive  00000000:00000000 00e4f428 0     MTA (Threadpool Worker) 
   5    7 2b58 05c99750   1020220 Preemptive  00000000:00000000 00e4f428 0     Ukn (Threadpool Worker) 
   6   10 288c 05c98208   202b220 Preemptive  00000000:00000000 00e4f428 0     MTA 
  10  127 2840 2121eb28   202b220 Preemptive  0301C630:00000000 00e4f428 0     MTA 
  11  241 2b40 2121db50   202b220 Preemptive  00000000:00000000 00e4f428 0     MTA 
  12  134 139c 2121cb78   202b220 Preemptive  02FB0D2C:00000000 00e4f428 0     MTA 
  13  144 1cd0 21221020   202b220 Preemptive  00000000:00000000 00e4f428 0     MTA 
   8  224 251c 21221ab0     20220 Preemptive  00000000:00000000 00e4f428 0     Ukn 
XXXX  196    0 1fc90578     39820 Preemptive  00000000:00000000 00e4f428 0     Ukn 
XXXX  131    0 401aa040     39820 Preemptive  00000000:00000000 00e4f428 0     Ukn 
XXXX  157    0 21356528     39820 Preemptive  00000000:00000000 00e4f428 0     Ukn 
XXXX    6    0 1f222030     39820 Preemptive  00000000:00000000 00e4f428 0     Ukn 
  14  242 27c4 1fc91008   202b220 Preemptive  0301E630:00000000 00e4f428 0     MTA 
  15  205 1d54 373a1500   202b220 Preemptive  03017400:00000000 00e4f428 0     MTA 
  16  203 2458 21354ac0   202b220 Preemptive  02E39E98:00000000 00e4f428 0     MTA 
  17  190 2b7c 21356fb8   202b220 Preemptive  0301A630:00000000 00e4f428 0     MTA 
  18  108 2e04 3739f550   202b220 Preemptive  03020630:00000000 00e4f428 0     MTA 
  19   33 1784 21223a60     2b220 Preemptive  00000000:00000000 00e4f428 0     MTA 
XXXX    5    0 21354578   8039820 Preemptive  00000000:00000000 00e4f428 0     Ukn (Threadpool Completion Port) 
XXXX  113    0 401ab560   1039820 Preemptive  00000000:00000000 00e4f428 0     Ukn (Threadpool Worker) 
XXXX   41    0 401abaa8   1039820 Preemptive  00000000:00000000 00e4f428 0     Ukn (Threadpool Worker) 
  20  175 1508 21357a48   8029220 Preemptive  00000000:00000000 00e4f428 0     MTA (Threadpool Completion Port) 
  21  118 2158 1fc91550   1029220 Preemptive  00000000:00000000 00e4f428 0     MTA (Threadpool Worker) 
  22  123 2f14 3739e578   1029220 Preemptive  00000000:00000000 00e4f428 0     MTA (Threadpool Worker) 

附soswow64.dll下载地址(源码下载不完整，无法正常编辑)：

https://github.com/poizan42/soswow64/releases

WinDbg调试，值得学习的技术，加油！
End😎