Question

我使用

进行了进程的内存转储

.dump /ma c:\mydump.dmp

我想弄清楚是否设置或等待特定的ManualResetEvent句柄。我试过了

0:181> !handle 2db0 f Event
Handle 0000000000002db0
  Type          Event
  Attributes    0
  GrantedAccess 0x1f0003:
         Delete,ReadControl,WriteDac,WriteOwner,Synch
         QueryState,ModifyState
  HandleCount   2
  PointerCount  524289
  Name          <none>
  Object specific information

我发现有人使用相同的命令somewhere on the internet获得了更多信息。

  ...
  Object specific information
    Event Type Auto Reset <- this was missing when I tried
    Event is Waiting      <- this was missing when I tried

任何人都知道我做错了什么？也许只有在调试实时应用程序时才可以这样做？

Answer 1

使用.dump / mah不仅仅使用/ ma

捕获ma句柄信息

0:012> .dump /mah c:\mydumpu.dmp
Creating c:\mydumpu.dmp - mini user dump
Dump successfully written
0:012> .opendump c:\mydumpu.dmp

Loading Dump File [c:\mydumpu.dmp]
User Mini Dump File with Full Memory: Only application data is available

Opened 'c:\mydumpu.dmp'
||0:0:012> !handle 0 0 event
107 handles of type Event
||0:0:012> !handle 0 f event
Handle 2c
  Type          Event
  Attributes    0
  GrantedAccess 0x1f0003:
         Delete,ReadControl,WriteDac,WriteOwner,Synch
         QueryState,ModifyState
  HandleCount   2
  PointerCount  4
  Name          <none>
  Object Specific Information
    Event Type Auto Reset
    Event is Waiting

在Windbg中，如何确定是否发出了ManualResetEvent信号？

1 个答案: