How can I extract DLL file from memory dump?

Question

I have a memory dump (unmanaged process) . How can I extract (using windbg) one of the dlls loaded into the process ? I mean actually saving the dll file into the disk

Answer 1

You can use the sos.dll inside windbg directory.

First, load the sos.dll in windbg:

.load clr10\sos.dll

Then use !sam OR !SaveAllModule to extract the modules on specific disk location:

!sam c:\notepad