WinDbg .foreach通过引用类型和获取字段值

时间:2014-08-30 20:59:06

标签: c# windbg

如何迭代引用类型(例如MyClass)并获取其中一个字段的值(值类型)

我使用下一个代码。

.foreach (address  {!DumpHeap -type MyClass -short }) {!do ${address} (what I do next?) }

我获取了对象的转储,但是如何获取所有对象的字段值?

1 个答案:

答案 0 :(得分:6)

首先,您需要通过转储单个对象来找出各个字段的偏移量:

0:016> !do 00000000115bff60 
Name: System.Action
MethodTable: 000007fedb35ff30
EEClass: 000007fedb111f90
Size: 64(0x40) bytes
 (C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll)
Fields:
              MT    Field   Offset                 Type VT     Attr            Value Name
000007fedc267680  40000ff        8        System.Object  0 instance 00000000115bff60 _target
000007fedc266138  4000100       10 ...ection.MethodBase  0 instance 0000000000000000 _methodBase
000007fedc26a798  4000101       18        System.IntPtr  1 instance      7fedf0bf238 _methodPtr
000007fedc26a798  4000102       20        System.IntPtr  1 instance      7fedf0fa850 _methodPtrAux
000007fedc267680  400010c       28        System.Object  0 instance 0000000000000000 _invocationList
000007fedc26a798  400010d       30        System.IntPtr  1 instance                0 _invocationCount

接下来,您可以在循环中使用偏移量。请注意,我将-type <ClassName>更改为-mt <MethodTable>以避免冲突。 !do按子字符串搜索,其中可能包含您不期望的对象。

根据字段的类型,您可以使用d* ${address}+<offset> [L<length>]转储值类型

0:016> .foreach (address  {!DumpHeap -mt 000007fedb35ff30 -short }) {dp ${address}+0x20 L1}
00000000`114cfc48  00000000`114ce518
...

!do poi(${address}+<offset>)转储.NET对象

0:016> .foreach (address  {!DumpHeap -mt 000007fedb35ff30 -short }) {!do poi(${address}+0x8)}
Name: PaintDotNet.Controls.UnitsComboBoxStrip
MethodTable: 000007fed94cd120
EEClass: 000007fed91b38f8
Size: 224(0xe0) bytes
 (C:\Program Files\Paint.NET\PaintDotNet.exe)
Fields:
              MT    Field   Offset                 Type VT     Attr            Value Name
000007fedc267680  400018a        8        System.Object  0 instance 0000000000000000 __identity
000007fedb6cd320  40008e0       10 ...ponentModel.ISite  0 instance 0000000000000000 site
000007fedb6fcc18  40008e1       18 ....EventHandlerList  0 instance 00000000114d0050 events
...