POP QUIZ: SOS not loading properly

  • Article

So for this quiz, we are going to be looking at attempting to load sos.dll for the .NET Framework 2.0.

We get a dump file, and when we try to run a command on the dump file, we get an error like:

quiz1

So reading this, we see that we should run .cordll -ve -u -l.  Ok, so we run that:

quiz2

So the questions are:

  1. What is going on here?
  2. Why can’t we run sos commands on this dump?
  3. What is mscordacwks?
  4. How do we fix it?

As an additional bit of trivia, what if when you run the .cordll command you see something like:

quiz3

What does this mean and how do you fix it?

As usual, I will post the solution and the comments tomorrow.

kick it on DotNetKicks.com