A Mutable Log

Post-mortem debugging of .NET applications using WinDbg

Debugging is a skill you usually learn under pressure, when things are going awry with an application or service just gone live. It is never a pleasure to encounter such bugs because, although they happen quite frequently in your production environment, they are particularly hard to reproduce in your test environment.

For managed applications, you can learn a new skill that will save you some face, called post-mortem debugging. WinDbg is a splendid tool that is often used to debug running processes, but can also be used to analyze process crash dumps.

Dump process memory

Process memory can be dumped quite easily.

You need to have enough disk space because dmp files can be rather big.

There are more ways documented elsewhere, but the above should suffice for most purposes.

WinDbg commands

Once you have the crash dump file, you can open it with WinDbg, and examine it with several useful commands


WinDbg is most useful for debugging managed application using the following extensions

SOS extension

The SOS extension has several useful commands, particularly

SOSEX extension

The SOSEX extension has the following commands that are particularly useful

Psscor2 extension

The Psscor2 extension has one particularly useful command, among several others, that can come in handy when troubleshooting network related issues

This short post is meant to whet your appetite for post-mortem debugging and to point you in the right direction.