How to use WinDbg to debug .net programs
2010-08-13 17:31
543 查看
通过加载SOS模块和SOSEX,可以在windbg中调试.net程序。
代码
1.启动程序
Microsoft(R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright(c) Microsoft Corporation. All rights reserved.
CommandLine:D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe
Symbolsearch path is:srv*;http://msdl.microsoft.com/download/symbols;http://referencesource.microsoft.com/symbols
Executablesearch path is: C:\Windows\Microsoft.NET\Framework64\v2.0.50727
ModLoad:00000000`00950000 00000000`00958000 02TypeSample.exe
ModLoad:00000000`76fe0000 00000000`7718b000 ntdll.dll
ModLoad:000007fe`f8190000 000007fe`f81ff000 C:\Windows\SYSTEM32\MSCOREE.DLL
ModLoad:00000000`76ec0000 00000000`76fdf000 C:\Windows\system32\KERNEL32.dll
ModLoad:000007fe`fd0d0000 000007fe`fd13b000 C:\Windows\system32\KERNELBASE.dll
(11a4.d0c):Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00000000`77091220cc int 3
2.设置断点,在loadmscorlib时暂停
0:000>sxe ld:mscorlib
0:000>g
ModLoad:000007fe`ebfb0000 000007fe`ece8b000 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a017aa8d51322f18a40f414fa35872d\mscorlib.ni.dll
ntdll!ZwMapViewOfSection+0xa:
00000000`7703013ac3 ret
3.查看此时加载的模块,发现已经加载mscorwks和mscorlib
0:000>lm
start end module name
00000000`0095000000000000`00958000 02TypeSample (deferred)
00000000`74c3000000000000`74cf9000 MSVCR80 (deferred)
00000000`76dc000000000000`76eba000 USER32 (deferred)
00000000`76ec000000000000`76fdf000 KERNEL32 (deferred)
00000000`76fe000000000000`7718b000 ntdll (pdb symbols) C:\Program Files\Debugging Tools forWindows (x64)\sym\ntdll.pdb\CFF40300FD804691B73E12CF2A150EE02\ntdll.pdb
000007fe`ebfb0000000007fe`ece8b000 mscorlib_ni (deferred)
000007fe`eec40000000007fe`ef5ee000 mscorwks (deferred)
000007fe`f8100000000007fe`f8190000 mscoreei (deferred)
000007fe`f8190000000007fe`f81ff000 MSCOREE (deferred)
000007fe`fcf40000000007fe`fcf4f000 profapi (deferred)
000007fe`fd0d0000000007fe`fd13b000 KERNELBASE (deferred)
000007fe`fd310000000007fe`fd377000 GDI32 (deferred)
000007fe`fd650000000007fe`fd72b000 ADVAPI32 (deferred)
000007fe`fd810000000007fe`fd81e000 LPK (deferred)
000007fe`fd820000000007fe`fd891000 SHLWAPI (deferred)
000007fe`fd8a0000000007fe`fd8bf000 sechost (deferred)
000007fe`fd940000000007fe`fe6c6000 shell32 (deferred)
000007fe`fe730000000007fe`fe75e000 IMM32 (deferred)
000007fe`fea60000000007fe`feb2a000 USP10 (deferred)
000007fe`feb30000000007fe`fec39000 MSCTF (deferred)
000007fe`fed90000000007fe`fef91000 ole32 (deferred)
000007fe`fefa0000000007fe`ff0ce000 RPCRT4 (deferred)
000007fe`ff250000000007fe`ff2ef000 msvcrt (deferred)
4.加载sos模块,SOS是MS专门为managed code提供的调试模块,是native与managed之间的桥梁。sosex是对sos的扩展,得自己下载,放到windbg.exe目录即可。.loadby命令表示从mscorwks模块相同的路径寻找sos模块
0:000>.loadby sos mscorwks
0:000>.load sosex
0:000>.chain
ExtensionDLL search Path:
C:\Program Files\Debugging Tools forWindows (x64)\WINXP;C:\Program Files\Debugging Tools for Windows(x64)\winext;C:\Program Files\Debugging Tools for Windows(x64)\winext\arcade;C:\Program Files\Debugging Tools for Windows(x64)\pri;C:\Program Files\Debugging Tools for Windows (x64);C:\ProgramFiles\Debugging Tools for Windows(x64)\winext\arcade;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\ProgramFiles (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\MicrosoftWindows Performance Toolkit\;C:\Program Files (x86)\Microsoft Team FoundationServer 2008 Power Tools\;C:\Program Files (x86)\Microsoft Team FoundationServer 2008 Power Tools\Best Practices Analyzer\;C:\Program Files(x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQLServer\100\Tools\Binn\;C:\Program Files\Microsoft SQLServer\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQLServer\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\MicrosoftVisual Studio 9.0\Common7\IDE\PrivateAssemblies\;C:\Program Files(x86)\Microsoft SQL Server\100\DTS\Binn\
ExtensionDLL chain:
C:\Program Files\Debugging Tools forWindows (x64)\sosex.dll: image 4.1.0.0, API 1.0.0, built Thu May 13 11:10:082010
[path: C:\Program Files\Debugging Toolsfor Windows (x64)\sosex.dll]
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks: image2.0.50727.4927, built Thu Jun 04 11:58:39 2009
[path:C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll]
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\sos: image2.0.50727.4927, API 1.0.0, built Thu Jun 04 12:12:19 2009
[path:C:\Windows\Microsoft.NET\Framework64\v2.0.50727\sos.dll]
dbghelp: image 6.12.0002.633, API 6.1.6,built Tue Feb 02 04:15:44 2010
[path: C:\Program Files\Debugging Toolsfor Windows (x64)\dbghelp.dll]
ext: image 6.12.0002.633, API 1.0.0, builtTue Feb 02 04:15:46 2010
[path: C:\Program Files\Debugging Toolsfor Windows (x64)\winext\ext.dll]
exts: image 6.12.0002.633, API 1.0.0, builtTue Feb 02 04:15:38 2010
[path: C:\Program Files\Debugging Toolsfor Windows (x64)\WINXP\exts.dll]
uext: image 6.12.0002.633, API 1.0.0, builtTue Feb 02 04:15:36 2010
[path: C:\Program Files\Debugging Toolsfor Windows (x64)\winext\uext.dll]
ntsdexts: image 6.1.7650.0, API 1.0.0,built Tue Feb 02 04:15:18 2010
[path: C:\Program Files\Debugging Toolsfor Windows (x64)\WINXP\ntsdexts.dll]
5.在Main函数设置断点,并运行到断点
0:000>!mbmAdvanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates
Thebreakpoint could not be resolved immediately.
Furtherattempts will be made as modules are loaded.
0:000>!mbp Program.cs 35
0:000>!mbl
0 eu:*!ADVANCED.NET.DEBUGGING.CHAPTER2.TYPESAMPLE.ADDCOORDINATES ILOffset=0: pass=1oneshot=false thread=ANY
1 eu:Program.cs, line 35: pass=1 oneshot=false thread=ANY
0:000>bl
0:000>g
(11a4.d0c):CLR notification exception - code e0444143 (first chance)
***WARNING: Unable to verify checksum forC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a017aa8d51322f18a40f414fa35872d\mscorlib.ni.dll
(11a4.d0c):CLR notification exception - code e0444143 (first chance)
Breakpoint:Matching method Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinatesresolved, but not yet jitted. Setting JIT notification...
***WARNING: Unable to verify checksum for 02TypeSample.exe
Breakpoint:Matching method Advanced.NET.Debugging.Chapter2.TypeSample.Main resolved, butnot yet jitted. Setting JIT notification...
(11a4.d0c):CLR notification exception - code e0444143 (first chance)
Breakpoint:JIT notification received for methodAdvanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[]).
Breakpointset at Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[]).
Breakpoint0 hit
000007ff`0016014848b9d0340200ff070000 mov rcx,7FF000234D0h
6.查看此时的堆栈和变量
0:000>!mk
Thread 0:
ESP EIP
00:M00000000002cecb0 000007ff00160148Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])(+0x1 IL)(+0x28Native) [D:\BACKUP\Projects\TestProject\02TypeSample\Program.cs, @ 35,7]
01:U00000000002cecf0 000007feeef0d502 mscorwks!CallDescrWorker+0x82
02:U00000000002ced40 000007feeedc9fd3 mscorwks!CallDescrWorkerWithHandler+0xd3
03:U00000000002cede0 000007feeedda3af mscorwks!MethodDesc::CallDescr+0x24f
04:U00000000002cf030 000007feeed4dc7f mscorwks!ClassLoader::RunMain+0x22b
05:U00000000002cf290 000007feeed31c74 mscorwks!Assembly::ExecuteMainMethod+0xbc
06:U00000000002cf580 000007feeed69955mscorwks!SystemDomain::ExecuteMainMethod+0x491
07:U00000000002cfb50 000007feeee7db07 mscorwks!ExecuteEXE+0x47
08:U00000000002cfba0 000007feeed3855c mscorwks!CorExeMain+0xac
09:U00000000002cfc00 000007fef8103309 mscoreei!CorExeMain+0x41
0a:U00000000002cfc30 000007fef8195b21 MSCOREE!CorExeMain_Exported+0x57
0b:U00000000002cfc60 0000000076edf56d KERNEL32!BaseThreadInitThunk+0xd
0c:U00000000002cfc90 0000000077013281 ntdll!RtlUserThreadStart+0x1d
0:000>!mdv
Frame0x0: (Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])):
[A0]:args:0x00000000022ccc10(System.String[])
[L0]:sample:null(Advanced.NET.Debugging.Chapter2.TypeSample)
7.
0:000> !dumpdomain
--------------------------------------
System Domain:000007feefe35ef0
LowFrequencyHeap:000007feefe35f38
HighFrequencyHeap:000007feefe35fc8
StubHeap:000007feefe36058
Stage: OPEN
Name: None
--------------------------------------
Shared Domain:000007feefe36860
LowFrequencyHeap:000007feefe368a8
HighFrequencyHeap:000007feefe36938
StubHeap:000007feefe369c8
Stage: OPEN
Name: None
Assembly:000000000045c710
--------------------------------------
Domain 1:000000000014f800
LowFrequencyHeap:000000000014f848
HighFrequencyHeap:000000000014f8d8
StubHeap:000000000014f968
Stage: OPEN
SecurityDescriptor:0000000000151cf0
Name:02TypeSample.exe
Assembly:000000000045c710[C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll]
ClassLoader:000000000045c7f0
SecurityDescriptor:00000000004564c0
Module Name
000007feee671000C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Assembly: 000000000046de40[D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe]
ClassLoader:000000000046df20
SecurityDescriptor:000000000046b1a0
Module Name
000007ff00022e30D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe
默认情况下,至少有3个AppDomain,一个是System,一个是Shared,这两个是系统自动创建的,还有一个就是用户自己的程序,其中System负责创建并管理其余的AppDomain。从Domain 1中我们看到它包含两个Assembly:mscorlib.dll和02TypeSample.exe,我们关注的时我们自己的Assembly,可以得到其地址000000000046de40,它包含一个Module,地址是000007ff00022e30 。下一步我们可以继续跟踪dump出Assembly和Module
0:000>!dumpassembly 000000000046de40
ParentDomain: 000000000014f800
Name:D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe
ClassLoader:000000000046df20
SecurityDescriptor:0000000004b1ddb0
Module Name
000007ff00022e30D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe
0:000>!dumpmodule 000007ff00022e30
Name:D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe
Attributes:PEFile
Assembly:000000000046de40
LoaderHeap:0000000000000000
TypeDefToMethodTableMap:000007ff00020140
TypeRefToMethodTableMap:000007ff00020160
MethodDefToDescMap:000007ff00020220
FieldDefToDescMap:000007ff00020240
MemberRefToDescMap:000007ff00020268
FileReferencesMap:000007ff00020320
AssemblyReferencesMap:000007ff00020328
MetaDatastart address: 0000000000f9214c (1824 bytes)
从上面的输出可以看出,Domain,Assembly,Module一层层指引,Assembly作为中间层,既有指针指向Domain,又有指针指向下级的Module,虽然大部分Assembly仅含有唯一Module,但这种包含关系还是很明显的。
DumpModule还有一个参数-mt,可以查看该module包含的所有MethodTable,
0:000>!dumpmodule -mt 000007ff00022e30
Name:D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe
Attributes:PEFile
Assembly:000000000046de40
LoaderHeap:0000000000000000
TypeDefToMethodTableMap:000007ff00020140
TypeRefToMethodTableMap:000007ff00020160
MethodDefToDescMap:000007ff00020220
FieldDefToDescMap:000007ff00020240
MemberRefToDescMap:000007ff00020268
FileReferencesMap:000007ff00020320
AssemblyReferencesMap:000007ff00020328
MetaDatastart address: 0000000000f9214c (1824 bytes)
Typesdefined in this module
MT TypeDef Name
------------------------------------------------------------------------------
000007ff000234d0 0x02000002Advanced.NET.Debugging.Chapter2.TypeSample
000007ff000234600x02000003 Advanced.NET.Debugging.Chapter2.TypeSample+Coordinates
Typesreferenced in this module
MT TypeRef Name
------------------------------------------------------------------------------
000007feeeaa73700x01000001 System.Object
000007feeeaa74700x01000002 System.ValueType
可以看出,TypeSample类就定义在该module中,对应的MT地址是000007ff000234d0,继续dump
0:000> !dumpmt 000007ff000234d0
EEClass:000007ff00152230
Module:000007ff00022e30
Name:Advanced.NET.Debugging.Chapter2.TypeSample
mdToken:02000002 (D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe)
BaseSize:0x20
ComponentSize:0x0
Number ofIFaces in IFaceMap: 0
Slots inVTable: 7
该类的VTable包含7个slots,用-md选项可以得到详细的MethodDescription
0:000>!dumpmt -md 000007ff000234d0
EEClass: 000007ff00152230
Module:000007ff00022e30
Name:Advanced.NET.Debugging.Chapter2.TypeSample
mdToken:02000002 (D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe)
BaseSize:0x20
ComponentSize:0x0
Number ofIFaces in IFaceMap: 0
Slots inVTable: 7
--------------------------------------
MethodDescTable
Entry MethodDesc JIT Name
000007feee95abe0000007feee6de828 PreJITSystem.Object.ToString()
000007feee962560000007feee6de830 PreJITSystem.Object.Equals(System.Object)
000007feee95bc70000007feee6de870 PreJITSystem.Object.GetHashCode()
000007feeea0e5f0000007feee6de8a0 PreJITSystem.Object.Finalize()
000007ff0002c020000007ff00023400 NONEAdvanced.NET.Debugging.Chapter2.TypeSample..ctor(Int32, Int32, Int32)
000007ff0002c028000007ff00023410 NONEAdvanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()
000007ff00160120000007ff00023420 JITAdvanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])
得到了MethodDesc,可以看看含有什么信息
0:000>!dumpmd 000007ff00023410
MethodName: Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()
Class:000007ff00152230
MethodTable:000007ff000234d0
mdToken:06000002
Module:000007ff00022e30
IsJitted:yes
CodeAddr:000007ff00160260
同时还得到了Class地址000007ff00152230,可以dump看看该class包含那些信息:
0:000> !dumpclass 000007ff00152230
ClassName: Advanced.NET.Debugging.Chapter2.TypeSample
mdToken:0000000002000002(D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe)
ParentClass: 000007feee6721f0
Module:000007ff00022e30
MethodTable: 000007ff000234d0
VtableSlots: 4
TotalMethod Slots: 4
ClassAttributes: 100000
NumInstanceFields:1
NumStaticFields:0
MT Field Offset TypeVT Attr Value Name
000007ff00023460 4000001 8 ...ample+Coordinates 1instance coordinates
TypeSample类包含一个实例coordinates。
8.继续设断点,运行程序
0:000>!mbm Advanced.NET.Debugging.Chapter2
Thebreakpoint could not be resolved immediately.
Furtherattempts will be made as modules are loaded.
0:000>!mbp Program.cs 22
Breakpoint:Matching method Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()resolved, but not yet jitted. Setting JIT notification...
0:000>!mbl
0 e :*!ADVANCED.NET.DEBUGGING.CHAPTER2.TYPESAMPLE.ADDCOORDINATES ILOffset=0: pass=1oneshot=false thread=ANY
02TypeSample!Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()(PENDING JIT)
1 e :Program.cs, line 35: pass=1 oneshot=false thread=ANY
02TypeSample!Advanced.NET.Debugging.Chapter2.TypeSample.Main(string[])+0x1(IL)
0 e 000007ff00160148
2 eu:*!ADVANCED.NET.DEBUGGING.CHAPTER2 ILOffset=0: pass=1 oneshot=false thread=ANY
3 e :Program.cs, line 22: pass=1 oneshot=false thread=ANY
02TypeSample!.() (PENDING JIT)
0:000>g
(17b8.1f4):CLR notification exception - code e0444143 (first chance)
Breakpoint:JIT notification received for methodAdvanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates().
Breakpointset at Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates().
Breakpoint1 hit
000007ff`001602a890 nop
0:000>!mk
Thread 0:
ESP EIP
00:M00000000002eecf0 000007ff001602a8Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()(+0x0 IL)(+0x48Native) [D:\BACKUP\Projects\TestProject\02TypeSample\Program.cs, @ 21,5]
01:M00000000002eed70 000007ff00160193Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])(+0x12IL)(+0x73 Native) [D:\BACKUP\Projects\TestProject\02TypeSample\Program.cs, @36,7]
02:U00000000002eedb0 000007feef81d502 mscorwks!CallDescrWorker+0x82
03:U00000000002eee00 000007feef6d9fd3 mscorwks!CallDescrWorkerWithHandler+0xd3
04:U00000000002eeea0 000007feef6ea3af mscorwks!MethodDesc::CallDescr+0x24f
05:U00000000002ef0f0 000007feef65dc7f mscorwks!ClassLoader::RunMain+0x22b
06:U00000000002ef350 000007feef641c74 mscorwks!Assembly::ExecuteMainMethod+0xbc
07:U00000000002ef640 000007feef679955mscorwks!SystemDomain::ExecuteMainMethod+0x491
08:U00000000002efc10 000007feef78db07 mscorwks!ExecuteEXE+0x47
09:U00000000002efc60 000007feef64855c mscorwks!CorExeMain+0xac
0a:U00000000002efcc0 000007fef7683309 mscoreei!CorExeMain+0x41
0b:U00000000002efcf0 000007fef7755b21 MSCOREE!CorExeMain_Exported+0x57
0c:U00000000002efd20 0000000076ecf56d KERNEL32!BaseThreadInitThunk+0xd
0d:U00000000002efd50 0000000077103281 ntdll!RtlUserThreadStart+0x1d
此时断点停在了AddCoordinates方法,查看local variables
0:000>!mdv
Frame0x0: (Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()):
[A0]:this:0x00000000023acc30(Advanced.NET.Debugging.Chapter2.TypeSample)
[L0]:hashCode:0x0000000000000000(System.Int32)
[L1]:tempCoord:VALTYPE(MT=000007ff00023460, ADDR=00000000002eed20) (Coordinates)
[L2]:CS$2$0000:null(Advanced.NET.Debugging.Chapter2.TypeSample)
可以把堆栈答应出确定是停在了AddCoordinates方法:
0:000>!dumpstack
OS ThreadId: 0x1f4 (0)
Child-SP RetAddr Call Site
00000000002eecf0000007ff0016019302TypeSample!Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()+0x48
00000000002eed70000007feef81d50202TypeSample!Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])+0x73
00000000002eedb0000007feef6d9fd3 mscorwks!CallDescrWorker+0x82
00000000002eee00000007feef6ea3af mscorwks!CallDescrWorkerWithHandler+0xd3
00000000002eeea0000007feef65dc7f mscorwks!MethodDesc::CallDescr+0x24f
00000000002ef0f0000007feef641c74 mscorwks!ClassLoader::RunMain+0x22b
00000000002ef350000007feef679955 mscorwks!Assembly::ExecuteMainMethod+0xbc
00000000002ef640000007feef78db07 mscorwks!SystemDomain::ExecuteMainMethod+0x491
00000000002efc10000007feef64855c mscorwks!ExecuteEXE+0x47
00000000002efc60000007fef7683309 mscorwks!CorExeMain+0xac
00000000002efcc0000007fef7755b21 mscoreei!CorExeMain+0x41
00000000002efcf00000000076ecf56d MSCOREE!CorExeMain_Exported+0x57
00000000002efd200000000077103281 KERNEL32!BaseThreadInitThunk+0xd
00000000002efd500000000000000000 ntdll!RtlUserThreadStart+0x1d
tempCoord是ValueType的,有了MT和ADDR,就可以用dumpvc来查看当前值了:
0:000>!dumpvc 000007ff00023460 00000000002eed20
Name:Advanced.NET.Debugging.Chapter2.TypeSample+Coordinates
MethodTable000007ff00023460
EEClass:000007ff001522d8
Size:32(0x20) bytes
(D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe)
Fields:
MT Field Offset TypeVT Attr Value Name
000007feeeaaecf0 4000002 0 System.Int32 1 instance 0 x
000007feeeaaecf0 4000003 4 System.Int32 1 instance 0 y
000007feeeaaecf0 4000004 8 System.Int32 1 instance 0 z
继续设断点,运行程序
0:000>!mbp Program.cs 29
Breakpointset at Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates().
0:000>g
Breakpoint2 hit
000007ff`0016031348b850303a1200000000 mov rax,123A3050h
0:000>!dumpvc 000007ff00023460 00000000002eed20
Name:Advanced.NET.Debugging.Chapter2.TypeSample+Coordinates
MethodTable000007ff00023460
EEClass:000007ff001522d8
Size:32(0x20) bytes
(D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe)
Fields:
MT Field Offset TypeVT Attr Value Name
000007feeeaaecf0 4000002 0 System.Int32 1 instance 110 x
000007feeeaaecf0 4000003 4 System.Int32 1 instance 55 y
000007feeeaaecf0 4000004 8 System.Int32 1 instance 110 z
更详细的查看stack
0:000>!clrstack -a
OS ThreadId: 0x1f4 (0)
Child-SP RetAddr Call Site
00000000002eecf0000007ff00160193 Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()
PARAMETERS:
this = 0x00000000023acc30
LOCALS:
0x00000000002eed18 = 0x000000000378734a
0x00000000002eed20= 0x000000370000006e
0x00000000002eed30 = 0x00000000023acc30
00000000002eed70000007feef81d502Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])
PARAMETERS:
args = 0x00000000023acc10
LOCALS:
0x00000000002eed90 = 0x00000000023acc30
0:000>!mdv
Frame0x0: (Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()):
[A0]:this:0x00000000023acc30(Advanced.NET.Debugging.Chapter2.TypeSample)
[L0]:hashCode:0x000000000378734a(System.Int32)
[L1]:tempCoord:VALTYPE(MT=000007ff00023460, ADDR=00000000002eed20)(Coordinates)
[L2]:CS$2$0000:0x00000000023acc30(Advanced.NET.Debugging.Chapter2.TypeSample)
注意,0x00000000002eed20是tempCoord的地址,用dd命令查看内存
0:000>dd 0x00000000002eed20
00000000`002eed20 0000006e00000037 0000006e 00000000
00000000`002eed30 023acc30 00000000 002eede0 00000000
00000000`002eed40 00000001 0378734a 023acc50 00000000
00000000`002eed50 0000001d 00000000 00000001 00000000
00000000`002eed60 002eede0 00000000 00160193 000007ff
00000000`002eed70 023acc30 00000000 0000000a 00000000
00000000`002eed80 00000005 00000000 0000000a 00000000
00000000`002eed90 023acc30 00000000 023acc30 00000000
十六进制的6e,37,6e对应的十进制就是100,50,100,可以在内存中struct中32bit的int的存储是连续的,没有按照64位对齐,而!clrstack 命令仅打出LOCALS的地址和值,并没有更进一步的分析其数据类型,变量的值就是0x000000370000006e
下面列出了常用的命令
下篇文章我将以实例分析如何使用windbg对dump文件进行分析来查找memory leak
代码
using System; using System.Text; namespace Advanced.NET.Debugging.Chapter2 { class TypeSample { TypeSample(int x, int y, int z) { coordinates.x = x; coordinates.y = y; coordinates.z = z; } private struct Coordinates { public int x; public int y; public int z; } private Coordinates coordinates; public void AddCoordinates() { int hashCode = GetHashCode(); lock (this) { Coordinates tempCoord; tempCoord.x = coordinates.x + 100; tempCoord.y = coordinates.y + 50; tempCoord.z = coordinates.z + 100; System.Console.WriteLine("x={0}, y={1}, z={2}", tempCoord.x, tempCoord.y, tempCoord.z); } } static void Main(string[] args) { TypeSample sample = new TypeSample(10, 5, 10); sample.AddCoordinates(); } } }
1.启动程序
Microsoft(R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright(c) Microsoft Corporation. All rights reserved.
CommandLine:D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe
Symbolsearch path is:srv*;http://msdl.microsoft.com/download/symbols;http://referencesource.microsoft.com/symbols
Executablesearch path is: C:\Windows\Microsoft.NET\Framework64\v2.0.50727
ModLoad:00000000`00950000 00000000`00958000 02TypeSample.exe
ModLoad:00000000`76fe0000 00000000`7718b000 ntdll.dll
ModLoad:000007fe`f8190000 000007fe`f81ff000 C:\Windows\SYSTEM32\MSCOREE.DLL
ModLoad:00000000`76ec0000 00000000`76fdf000 C:\Windows\system32\KERNEL32.dll
ModLoad:000007fe`fd0d0000 000007fe`fd13b000 C:\Windows\system32\KERNELBASE.dll
(11a4.d0c):Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00000000`77091220cc int 3
2.设置断点,在loadmscorlib时暂停
0:000>sxe ld:mscorlib
0:000>g
ModLoad:000007fe`ebfb0000 000007fe`ece8b000 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a017aa8d51322f18a40f414fa35872d\mscorlib.ni.dll
ntdll!ZwMapViewOfSection+0xa:
00000000`7703013ac3 ret
3.查看此时加载的模块,发现已经加载mscorwks和mscorlib
0:000>lm
start end module name
00000000`0095000000000000`00958000 02TypeSample (deferred)
00000000`74c3000000000000`74cf9000 MSVCR80 (deferred)
00000000`76dc000000000000`76eba000 USER32 (deferred)
00000000`76ec000000000000`76fdf000 KERNEL32 (deferred)
00000000`76fe000000000000`7718b000 ntdll (pdb symbols) C:\Program Files\Debugging Tools forWindows (x64)\sym\ntdll.pdb\CFF40300FD804691B73E12CF2A150EE02\ntdll.pdb
000007fe`ebfb0000000007fe`ece8b000 mscorlib_ni (deferred)
000007fe`eec40000000007fe`ef5ee000 mscorwks (deferred)
000007fe`f8100000000007fe`f8190000 mscoreei (deferred)
000007fe`f8190000000007fe`f81ff000 MSCOREE (deferred)
000007fe`fcf40000000007fe`fcf4f000 profapi (deferred)
000007fe`fd0d0000000007fe`fd13b000 KERNELBASE (deferred)
000007fe`fd310000000007fe`fd377000 GDI32 (deferred)
000007fe`fd650000000007fe`fd72b000 ADVAPI32 (deferred)
000007fe`fd810000000007fe`fd81e000 LPK (deferred)
000007fe`fd820000000007fe`fd891000 SHLWAPI (deferred)
000007fe`fd8a0000000007fe`fd8bf000 sechost (deferred)
000007fe`fd940000000007fe`fe6c6000 shell32 (deferred)
000007fe`fe730000000007fe`fe75e000 IMM32 (deferred)
000007fe`fea60000000007fe`feb2a000 USP10 (deferred)
000007fe`feb30000000007fe`fec39000 MSCTF (deferred)
000007fe`fed90000000007fe`fef91000 ole32 (deferred)
000007fe`fefa0000000007fe`ff0ce000 RPCRT4 (deferred)
000007fe`ff250000000007fe`ff2ef000 msvcrt (deferred)
4.加载sos模块,SOS是MS专门为managed code提供的调试模块,是native与managed之间的桥梁。sosex是对sos的扩展,得自己下载,放到windbg.exe目录即可。.loadby命令表示从mscorwks模块相同的路径寻找sos模块
0:000>.loadby sos mscorwks
0:000>.load sosex
0:000>.chain
ExtensionDLL search Path:
C:\Program Files\Debugging Tools forWindows (x64)\WINXP;C:\Program Files\Debugging Tools for Windows(x64)\winext;C:\Program Files\Debugging Tools for Windows(x64)\winext\arcade;C:\Program Files\Debugging Tools for Windows(x64)\pri;C:\Program Files\Debugging Tools for Windows (x64);C:\ProgramFiles\Debugging Tools for Windows(x64)\winext\arcade;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\ProgramFiles (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\MicrosoftWindows Performance Toolkit\;C:\Program Files (x86)\Microsoft Team FoundationServer 2008 Power Tools\;C:\Program Files (x86)\Microsoft Team FoundationServer 2008 Power Tools\Best Practices Analyzer\;C:\Program Files(x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQLServer\100\Tools\Binn\;C:\Program Files\Microsoft SQLServer\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQLServer\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\MicrosoftVisual Studio 9.0\Common7\IDE\PrivateAssemblies\;C:\Program Files(x86)\Microsoft SQL Server\100\DTS\Binn\
ExtensionDLL chain:
C:\Program Files\Debugging Tools forWindows (x64)\sosex.dll: image 4.1.0.0, API 1.0.0, built Thu May 13 11:10:082010
[path: C:\Program Files\Debugging Toolsfor Windows (x64)\sosex.dll]
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks: image2.0.50727.4927, built Thu Jun 04 11:58:39 2009
[path:C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll]
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\sos: image2.0.50727.4927, API 1.0.0, built Thu Jun 04 12:12:19 2009
[path:C:\Windows\Microsoft.NET\Framework64\v2.0.50727\sos.dll]
dbghelp: image 6.12.0002.633, API 6.1.6,built Tue Feb 02 04:15:44 2010
[path: C:\Program Files\Debugging Toolsfor Windows (x64)\dbghelp.dll]
ext: image 6.12.0002.633, API 1.0.0, builtTue Feb 02 04:15:46 2010
[path: C:\Program Files\Debugging Toolsfor Windows (x64)\winext\ext.dll]
exts: image 6.12.0002.633, API 1.0.0, builtTue Feb 02 04:15:38 2010
[path: C:\Program Files\Debugging Toolsfor Windows (x64)\WINXP\exts.dll]
uext: image 6.12.0002.633, API 1.0.0, builtTue Feb 02 04:15:36 2010
[path: C:\Program Files\Debugging Toolsfor Windows (x64)\winext\uext.dll]
ntsdexts: image 6.1.7650.0, API 1.0.0,built Tue Feb 02 04:15:18 2010
[path: C:\Program Files\Debugging Toolsfor Windows (x64)\WINXP\ntsdexts.dll]
5.在Main函数设置断点,并运行到断点
0:000>!mbmAdvanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates
Thebreakpoint could not be resolved immediately.
Furtherattempts will be made as modules are loaded.
0:000>!mbp Program.cs 35
0:000>!mbl
0 eu:*!ADVANCED.NET.DEBUGGING.CHAPTER2.TYPESAMPLE.ADDCOORDINATES ILOffset=0: pass=1oneshot=false thread=ANY
1 eu:Program.cs, line 35: pass=1 oneshot=false thread=ANY
0:000>bl
0:000>g
(11a4.d0c):CLR notification exception - code e0444143 (first chance)
***WARNING: Unable to verify checksum forC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a017aa8d51322f18a40f414fa35872d\mscorlib.ni.dll
(11a4.d0c):CLR notification exception - code e0444143 (first chance)
Breakpoint:Matching method Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinatesresolved, but not yet jitted. Setting JIT notification...
***WARNING: Unable to verify checksum for 02TypeSample.exe
Breakpoint:Matching method Advanced.NET.Debugging.Chapter2.TypeSample.Main resolved, butnot yet jitted. Setting JIT notification...
(11a4.d0c):CLR notification exception - code e0444143 (first chance)
Breakpoint:JIT notification received for methodAdvanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[]).
Breakpointset at Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[]).
Breakpoint0 hit
000007ff`0016014848b9d0340200ff070000 mov rcx,7FF000234D0h
6.查看此时的堆栈和变量
0:000>!mk
Thread 0:
ESP EIP
00:M00000000002cecb0 000007ff00160148Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])(+0x1 IL)(+0x28Native) [D:\BACKUP\Projects\TestProject\02TypeSample\Program.cs, @ 35,7]
01:U00000000002cecf0 000007feeef0d502 mscorwks!CallDescrWorker+0x82
02:U00000000002ced40 000007feeedc9fd3 mscorwks!CallDescrWorkerWithHandler+0xd3
03:U00000000002cede0 000007feeedda3af mscorwks!MethodDesc::CallDescr+0x24f
04:U00000000002cf030 000007feeed4dc7f mscorwks!ClassLoader::RunMain+0x22b
05:U00000000002cf290 000007feeed31c74 mscorwks!Assembly::ExecuteMainMethod+0xbc
06:U00000000002cf580 000007feeed69955mscorwks!SystemDomain::ExecuteMainMethod+0x491
07:U00000000002cfb50 000007feeee7db07 mscorwks!ExecuteEXE+0x47
08:U00000000002cfba0 000007feeed3855c mscorwks!CorExeMain+0xac
09:U00000000002cfc00 000007fef8103309 mscoreei!CorExeMain+0x41
0a:U00000000002cfc30 000007fef8195b21 MSCOREE!CorExeMain_Exported+0x57
0b:U00000000002cfc60 0000000076edf56d KERNEL32!BaseThreadInitThunk+0xd
0c:U00000000002cfc90 0000000077013281 ntdll!RtlUserThreadStart+0x1d
0:000>!mdv
Frame0x0: (Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])):
[A0]:args:0x00000000022ccc10(System.String[])
[L0]:sample:null(Advanced.NET.Debugging.Chapter2.TypeSample)
7.
0:000> !dumpdomain
--------------------------------------
System Domain:000007feefe35ef0
LowFrequencyHeap:000007feefe35f38
HighFrequencyHeap:000007feefe35fc8
StubHeap:000007feefe36058
Stage: OPEN
Name: None
--------------------------------------
Shared Domain:000007feefe36860
LowFrequencyHeap:000007feefe368a8
HighFrequencyHeap:000007feefe36938
StubHeap:000007feefe369c8
Stage: OPEN
Name: None
Assembly:000000000045c710
--------------------------------------
Domain 1:000000000014f800
LowFrequencyHeap:000000000014f848
HighFrequencyHeap:000000000014f8d8
StubHeap:000000000014f968
Stage: OPEN
SecurityDescriptor:0000000000151cf0
Name:02TypeSample.exe
Assembly:000000000045c710[C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll]
ClassLoader:000000000045c7f0
SecurityDescriptor:00000000004564c0
Module Name
000007feee671000C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
Assembly: 000000000046de40[D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe]
ClassLoader:000000000046df20
SecurityDescriptor:000000000046b1a0
Module Name
000007ff00022e30D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe
默认情况下,至少有3个AppDomain,一个是System,一个是Shared,这两个是系统自动创建的,还有一个就是用户自己的程序,其中System负责创建并管理其余的AppDomain。从Domain 1中我们看到它包含两个Assembly:mscorlib.dll和02TypeSample.exe,我们关注的时我们自己的Assembly,可以得到其地址000000000046de40,它包含一个Module,地址是000007ff00022e30 。下一步我们可以继续跟踪dump出Assembly和Module
0:000>!dumpassembly 000000000046de40
ParentDomain: 000000000014f800
Name:D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe
ClassLoader:000000000046df20
SecurityDescriptor:0000000004b1ddb0
Module Name
000007ff00022e30D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe
0:000>!dumpmodule 000007ff00022e30
Name:D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe
Attributes:PEFile
Assembly:000000000046de40
LoaderHeap:0000000000000000
TypeDefToMethodTableMap:000007ff00020140
TypeRefToMethodTableMap:000007ff00020160
MethodDefToDescMap:000007ff00020220
FieldDefToDescMap:000007ff00020240
MemberRefToDescMap:000007ff00020268
FileReferencesMap:000007ff00020320
AssemblyReferencesMap:000007ff00020328
MetaDatastart address: 0000000000f9214c (1824 bytes)
从上面的输出可以看出,Domain,Assembly,Module一层层指引,Assembly作为中间层,既有指针指向Domain,又有指针指向下级的Module,虽然大部分Assembly仅含有唯一Module,但这种包含关系还是很明显的。
DumpModule还有一个参数-mt,可以查看该module包含的所有MethodTable,
0:000>!dumpmodule -mt 000007ff00022e30
Name:D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe
Attributes:PEFile
Assembly:000000000046de40
LoaderHeap:0000000000000000
TypeDefToMethodTableMap:000007ff00020140
TypeRefToMethodTableMap:000007ff00020160
MethodDefToDescMap:000007ff00020220
FieldDefToDescMap:000007ff00020240
MemberRefToDescMap:000007ff00020268
FileReferencesMap:000007ff00020320
AssemblyReferencesMap:000007ff00020328
MetaDatastart address: 0000000000f9214c (1824 bytes)
Typesdefined in this module
MT TypeDef Name
------------------------------------------------------------------------------
000007ff000234d0 0x02000002Advanced.NET.Debugging.Chapter2.TypeSample
000007ff000234600x02000003 Advanced.NET.Debugging.Chapter2.TypeSample+Coordinates
Typesreferenced in this module
MT TypeRef Name
------------------------------------------------------------------------------
000007feeeaa73700x01000001 System.Object
000007feeeaa74700x01000002 System.ValueType
可以看出,TypeSample类就定义在该module中,对应的MT地址是000007ff000234d0,继续dump
0:000> !dumpmt 000007ff000234d0
EEClass:000007ff00152230
Module:000007ff00022e30
Name:Advanced.NET.Debugging.Chapter2.TypeSample
mdToken:02000002 (D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe)
BaseSize:0x20
ComponentSize:0x0
Number ofIFaces in IFaceMap: 0
Slots inVTable: 7
该类的VTable包含7个slots,用-md选项可以得到详细的MethodDescription
0:000>!dumpmt -md 000007ff000234d0
EEClass: 000007ff00152230
Module:000007ff00022e30
Name:Advanced.NET.Debugging.Chapter2.TypeSample
mdToken:02000002 (D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe)
BaseSize:0x20
ComponentSize:0x0
Number ofIFaces in IFaceMap: 0
Slots inVTable: 7
--------------------------------------
MethodDescTable
Entry MethodDesc JIT Name
000007feee95abe0000007feee6de828 PreJITSystem.Object.ToString()
000007feee962560000007feee6de830 PreJITSystem.Object.Equals(System.Object)
000007feee95bc70000007feee6de870 PreJITSystem.Object.GetHashCode()
000007feeea0e5f0000007feee6de8a0 PreJITSystem.Object.Finalize()
000007ff0002c020000007ff00023400 NONEAdvanced.NET.Debugging.Chapter2.TypeSample..ctor(Int32, Int32, Int32)
000007ff0002c028000007ff00023410 NONEAdvanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()
000007ff00160120000007ff00023420 JITAdvanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])
得到了MethodDesc,可以看看含有什么信息
0:000>!dumpmd 000007ff00023410
MethodName: Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()
Class:000007ff00152230
MethodTable:000007ff000234d0
mdToken:06000002
Module:000007ff00022e30
IsJitted:yes
CodeAddr:000007ff00160260
同时还得到了Class地址000007ff00152230,可以dump看看该class包含那些信息:
0:000> !dumpclass 000007ff00152230
ClassName: Advanced.NET.Debugging.Chapter2.TypeSample
mdToken:0000000002000002(D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe)
ParentClass: 000007feee6721f0
Module:000007ff00022e30
MethodTable: 000007ff000234d0
VtableSlots: 4
TotalMethod Slots: 4
ClassAttributes: 100000
NumInstanceFields:1
NumStaticFields:0
MT Field Offset TypeVT Attr Value Name
000007ff00023460 4000001 8 ...ample+Coordinates 1instance coordinates
TypeSample类包含一个实例coordinates。
8.继续设断点,运行程序
0:000>!mbm Advanced.NET.Debugging.Chapter2
Thebreakpoint could not be resolved immediately.
Furtherattempts will be made as modules are loaded.
0:000>!mbp Program.cs 22
Breakpoint:Matching method Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()resolved, but not yet jitted. Setting JIT notification...
0:000>!mbl
0 e :*!ADVANCED.NET.DEBUGGING.CHAPTER2.TYPESAMPLE.ADDCOORDINATES ILOffset=0: pass=1oneshot=false thread=ANY
02TypeSample!Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()(PENDING JIT)
1 e :Program.cs, line 35: pass=1 oneshot=false thread=ANY
02TypeSample!Advanced.NET.Debugging.Chapter2.TypeSample.Main(string[])+0x1(IL)
0 e 000007ff00160148
2 eu:*!ADVANCED.NET.DEBUGGING.CHAPTER2 ILOffset=0: pass=1 oneshot=false thread=ANY
3 e :Program.cs, line 22: pass=1 oneshot=false thread=ANY
02TypeSample!.() (PENDING JIT)
0:000>g
(17b8.1f4):CLR notification exception - code e0444143 (first chance)
Breakpoint:JIT notification received for methodAdvanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates().
Breakpointset at Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates().
Breakpoint1 hit
000007ff`001602a890 nop
0:000>!mk
Thread 0:
ESP EIP
00:M00000000002eecf0 000007ff001602a8Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()(+0x0 IL)(+0x48Native) [D:\BACKUP\Projects\TestProject\02TypeSample\Program.cs, @ 21,5]
01:M00000000002eed70 000007ff00160193Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])(+0x12IL)(+0x73 Native) [D:\BACKUP\Projects\TestProject\02TypeSample\Program.cs, @36,7]
02:U00000000002eedb0 000007feef81d502 mscorwks!CallDescrWorker+0x82
03:U00000000002eee00 000007feef6d9fd3 mscorwks!CallDescrWorkerWithHandler+0xd3
04:U00000000002eeea0 000007feef6ea3af mscorwks!MethodDesc::CallDescr+0x24f
05:U00000000002ef0f0 000007feef65dc7f mscorwks!ClassLoader::RunMain+0x22b
06:U00000000002ef350 000007feef641c74 mscorwks!Assembly::ExecuteMainMethod+0xbc
07:U00000000002ef640 000007feef679955mscorwks!SystemDomain::ExecuteMainMethod+0x491
08:U00000000002efc10 000007feef78db07 mscorwks!ExecuteEXE+0x47
09:U00000000002efc60 000007feef64855c mscorwks!CorExeMain+0xac
0a:U00000000002efcc0 000007fef7683309 mscoreei!CorExeMain+0x41
0b:U00000000002efcf0 000007fef7755b21 MSCOREE!CorExeMain_Exported+0x57
0c:U00000000002efd20 0000000076ecf56d KERNEL32!BaseThreadInitThunk+0xd
0d:U00000000002efd50 0000000077103281 ntdll!RtlUserThreadStart+0x1d
此时断点停在了AddCoordinates方法,查看local variables
0:000>!mdv
Frame0x0: (Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()):
[A0]:this:0x00000000023acc30(Advanced.NET.Debugging.Chapter2.TypeSample)
[L0]:hashCode:0x0000000000000000(System.Int32)
[L1]:tempCoord:VALTYPE(MT=000007ff00023460, ADDR=00000000002eed20) (Coordinates)
[L2]:CS$2$0000:null(Advanced.NET.Debugging.Chapter2.TypeSample)
可以把堆栈答应出确定是停在了AddCoordinates方法:
0:000>!dumpstack
OS ThreadId: 0x1f4 (0)
Child-SP RetAddr Call Site
00000000002eecf0000007ff0016019302TypeSample!Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()+0x48
00000000002eed70000007feef81d50202TypeSample!Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])+0x73
00000000002eedb0000007feef6d9fd3 mscorwks!CallDescrWorker+0x82
00000000002eee00000007feef6ea3af mscorwks!CallDescrWorkerWithHandler+0xd3
00000000002eeea0000007feef65dc7f mscorwks!MethodDesc::CallDescr+0x24f
00000000002ef0f0000007feef641c74 mscorwks!ClassLoader::RunMain+0x22b
00000000002ef350000007feef679955 mscorwks!Assembly::ExecuteMainMethod+0xbc
00000000002ef640000007feef78db07 mscorwks!SystemDomain::ExecuteMainMethod+0x491
00000000002efc10000007feef64855c mscorwks!ExecuteEXE+0x47
00000000002efc60000007fef7683309 mscorwks!CorExeMain+0xac
00000000002efcc0000007fef7755b21 mscoreei!CorExeMain+0x41
00000000002efcf00000000076ecf56d MSCOREE!CorExeMain_Exported+0x57
00000000002efd200000000077103281 KERNEL32!BaseThreadInitThunk+0xd
00000000002efd500000000000000000 ntdll!RtlUserThreadStart+0x1d
tempCoord是ValueType的,有了MT和ADDR,就可以用dumpvc来查看当前值了:
0:000>!dumpvc 000007ff00023460 00000000002eed20
Name:Advanced.NET.Debugging.Chapter2.TypeSample+Coordinates
MethodTable000007ff00023460
EEClass:000007ff001522d8
Size:32(0x20) bytes
(D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe)
Fields:
MT Field Offset TypeVT Attr Value Name
000007feeeaaecf0 4000002 0 System.Int32 1 instance 0 x
000007feeeaaecf0 4000003 4 System.Int32 1 instance 0 y
000007feeeaaecf0 4000004 8 System.Int32 1 instance 0 z
继续设断点,运行程序
0:000>!mbp Program.cs 29
Breakpointset at Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates().
0:000>g
Breakpoint2 hit
000007ff`0016031348b850303a1200000000 mov rax,123A3050h
0:000>!dumpvc 000007ff00023460 00000000002eed20
Name:Advanced.NET.Debugging.Chapter2.TypeSample+Coordinates
MethodTable000007ff00023460
EEClass:000007ff001522d8
Size:32(0x20) bytes
(D:\BACKUP\Projects\TestProject\02TypeSample\bin\Debug\02TypeSample.exe)
Fields:
MT Field Offset TypeVT Attr Value Name
000007feeeaaecf0 4000002 0 System.Int32 1 instance 110 x
000007feeeaaecf0 4000003 4 System.Int32 1 instance 55 y
000007feeeaaecf0 4000004 8 System.Int32 1 instance 110 z
更详细的查看stack
0:000>!clrstack -a
OS ThreadId: 0x1f4 (0)
Child-SP RetAddr Call Site
00000000002eecf0000007ff00160193 Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()
PARAMETERS:
this = 0x00000000023acc30
LOCALS:
0x00000000002eed18 = 0x000000000378734a
0x00000000002eed20= 0x000000370000006e
0x00000000002eed30 = 0x00000000023acc30
00000000002eed70000007feef81d502Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])
PARAMETERS:
args = 0x00000000023acc10
LOCALS:
0x00000000002eed90 = 0x00000000023acc30
0:000>!mdv
Frame0x0: (Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()):
[A0]:this:0x00000000023acc30(Advanced.NET.Debugging.Chapter2.TypeSample)
[L0]:hashCode:0x000000000378734a(System.Int32)
[L1]:tempCoord:VALTYPE(MT=000007ff00023460, ADDR=00000000002eed20)(Coordinates)
[L2]:CS$2$0000:0x00000000023acc30(Advanced.NET.Debugging.Chapter2.TypeSample)
注意,0x00000000002eed20是tempCoord的地址,用dd命令查看内存
0:000>dd 0x00000000002eed20
00000000`002eed20 0000006e00000037 0000006e 00000000
00000000`002eed30 023acc30 00000000 002eede0 00000000
00000000`002eed40 00000001 0378734a 023acc50 00000000
00000000`002eed50 0000001d 00000000 00000001 00000000
00000000`002eed60 002eede0 00000000 00160193 000007ff
00000000`002eed70 023acc30 00000000 0000000a 00000000
00000000`002eed80 00000005 00000000 0000000a 00000000
00000000`002eed90 023acc30 00000000 023acc30 00000000
十六进制的6e,37,6e对应的十进制就是100,50,100,可以在内存中struct中32bit的int的存储是连续的,没有按照64位对齐,而!clrstack 命令仅打出LOCALS的地址和值,并没有更进一步的分析其数据类型,变量的值就是0x000000370000006e
下面列出了常用的命令
Command | Description | |
!help | ||
.time | how you relevant info about the time, as well as system uptime, process uptime and the amount of time spent in kernel & user mode | |
!threadpool | find out exactly what the CPU-usage was at the time the dump was taken; the number of work requests in the queue, completion port threads and timers | |
!runaway | list all running threads and their CPU-usage | |
!threads | list all managed threads in the application | |
~<ThreadId>s | Switch to s specific thread | |
!clrstack | List the callback for the current thread. -p will show parameters and local variables | |
!PrintException | Print exception | |
sxe clr | When this exception occurs, the target immediately breaks into the debugger before any other error handlers are activated. This kind of handling is called first chance handling. | |
!dumpstackobjects(!dso) | List all managed objects referenced to by the current stack | |
!objsize | Get the total size of the object | |
!dumpvc | Dump the value type variable |
Common | ||
!sym | The !sym extension controls noisy symbol loading and symbol prompts. | |
.symfix | The .symfix command automatically sets the symbol path to point to the Microsoft symbol store. If there is no args, the symbols will store in .\sym | .symfix c:\temp |
.sympath | The .sympath command changes the default path of the host debugger for symbol search. | |
.coredll | The .cordll command controls managed code debugging and the Microsoft .NET common language runtime (CLR). | .cordll -ve -u -l |
.reload | Reload module | |
lm | List module | |
sx | Set exception Sxe(Enable), sxd(disabled),sxn,sxi | Sxe ld:mscorlib |
SOSEX | ||
!mbm | Request a break-point on method | !mbm Program.Main |
!mbp | Set break-point on source file | !mbp my.cs 151 |
!mbl | List break-point of managed code | |
!mk | List call stack of managed code | |
!mdv | Display the args and local variable of current method |
相关文章推荐
- How to use WinDbg to debug native programs
- How to use Console.WriteLine in ASP.Net (C#) during debug?
- How to use WinDBG to debug
- How to use Console.WriteLine in ASP.Net (C#) during debug?
- How to debug ASP.Net program without the privilege of administrator
- How to use pycharm to debug scrapy projects
- How to use jquery or ajax to update razor partial view in c#/asp.net for a MVC project
- How to Use the Visual Studio .NET Application Center Test
- Kernel Korner - Why and How to Use Netlink Socket
- How to set an IIS Application or AppPool to use ASP.NET 3.5 rather than 2.0
- How to debug Web Services or .Net Remoting Components hosted in IIS in Windows 2003 Server
- How to use windbg to detect memory leak
- An example on how to use jQuery and Ajax.NET Professional together
- How to Debug Programs on Remote Server using GDBServer Example
- How to use HTML-5 data-* attributes in ASP.NET MVC
- How to set an IIS Application or AppPool to use ASP.NET 3.5 rather than 2.0
- How to Use Hive-based Registry IN WINCE.NET
- 如何使用RDebug - How to use RDebug
- How to debug unusual component with WinDbg
- How to Debug Programs on Remote Server using GDBServer Example