So for this quiz, we are going to be looking at attempting to load sos.dll for the .NET Framework 2.0.

We get a dump file, and when we try to run a command on the dump file, we get an error like:


So reading this, we see that we should run .cordll -ve -u -l.  Ok, so we run that:


So the questions are:

  1. What is going on here?
  2. Why can’t we run sos commands on this dump?
  3. What is mscordacwks?
  4. How do we fix it?

As an additional bit of trivia, what if when you run the .cordll command you see something like:


What does this mean and how do you fix it?

As usual, I will post the solution and the comments tomorrow.

kick it on