I was asked to investigate why one of our web services constantly consuming more than 3Gb of memory and constantly recycled. There was nothing new deployed at that time and developers do not understand what’s going on.

After I got memory dump, that contains .NET code I execute this command first:
.cordll -ve -u -l

Then for memory related issues I usually execute this command:
!DumpHeap -stat

This will print how many instances of each object created and total size in memory these objects are consuming. Then I try to find some specific objects at the bottom of this list. General objects like strings usually hard to investigate as many objects has a lot

My previous post explained that for 32-bit process, 32-bit tool should be used, or most tools got confused. Visual Studio able to handle standard PDB files but got confused on PDB files that was custom generated. Normally I would recommend using 32-bit tool and forget about this problem. But in some cases, crash could be so rare, that it worth investigating how to get anything useful from such “bad” dump. And I will show, how to do it.

Firstly, load 32-bit WinDbg and execute following commands:
.load wow64exts.dll
!sw
!r

This will load standard wow64exts WinDbg extension, switch to 32-bit mode, even dump is 64 bit and displays 32-bit context record. From context record