我正在使用带有SoS扩展名的WinDbg调试来自生产服务器的hangdump。
其中一个堆栈中有一个字符串参数,我需要知道它的值。但是,它是一个相当大的字符串,当我使用DumpObj时,WinDbg将不会打印它。这是DumpObj:
0:036> !do 00000001b30d8668
Name: System.String
MethodTable: 0000064278436728
EEClass: 000006427803e520
Size: 5125300(0x4e34b4) bytes
(C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll)
String: <String is invalid or too large to print>
Fields:
MT Field Offset Type VT Attr Value Name
000006427843d998 4000096 8 System.Int32 1 instance 2562638 m_arrayLength
000006427843d998 4000097 c System.Int32 1 instance 2562637 m_stringLength
0000064278438170 4000098 10 System.Char 1 instance 3c m_firstChar
0000064278436728 4000099 20 System.String 0 shared static Empty
>> Domain:Value 0000000000163260:000000007fff0370 00000000001a6760:000000007fff0370 <<
0000064278438020 400009a 28 System.Char[] 0 shared static WhitespaceChars
>> Domain:Value 0000000000163260:000000007fff0b60 00000000001a6760:000000007fff89f0 <<
如何获取此字符串实例的值?最好转储到文件中。
答案 0 :(得分:13)
这是我写的一个脚本,用于将字符串转储到windbg中的文件。
$$ Dumps the managed strings to a file
$$ Platform x86
$$ Usage $$>a<"c:\temp\dumpstringtofolder.txt" 6544f9ac 5000 c:\temp\stringtest
$$ First argument is the string method table pointer
$$ Second argument is the Min size of the string that needs to be used filter
$$ the strings
$$ Third is the path of the file
.foreach ($string {!dumpheap -short -mt ${$arg1} -min ${$arg2}})
{
$$ MT Field Offset Type VT Attr Value Name
$$ 65452978 40000ed 4 System.Int32 1 instance 71117 m_stringLength
$$ 65451dc8 40000ee 8 System.Char 1 instance 3c m_firstChar
$$ 6544f9ac 40000ef 8 System.String 0 shared static Empty
$$ start of string is stored in the 8th offset, which can be inferred from above
$$ Size of the string which is stored in the 4th offset
r@$t0= poi(${$string}+4)*2
.writemem ${$arg3}${$string}.txt ${$string}+8 ${$string}+8+@$t0
}
这就是它的使用方法$$>a<”c:\temp\dumpstringtofolder.txt” 6544f9ac 5000 c:\temp\stringtest
转储的内容将采用Unicode格式,要查看其内容,请使用以下内容Console.WriteLine(ASCIIEncoding.Unicode.GetString(File.ReadAllBytes(@"c:\temp\stringtest03575270.txt")));
HTH
答案 1 :(得分:7)
在转储2562638个字符的文本之前我会三思而行,但是如果你真的想要,那么文本会存储在字符串实例的字段之后,所以你可以做一个du <address+offset> <end address>转储实际的文本字符串。输出看起来像这样:
00000000`132ab050 "this is an extremely long string"
00000000`132ab090 " of text, so don't even bother t"
00000000`132ab0d0 "o try to dump it to the screen -"
通过将会话输出记录到文件中,您可以轻松捕获输出并执行所需的任何后处理。
答案 2 :(得分:1)
如果您赶时间,请在WinDbg中启用日志后运行!do。在日志文件中,您将获得整个字符串。
在WinDbg菜单中,转到编辑 - &gt;打开/关闭日志文件,设置日志文件路径。
答案 3 :(得分:1)
我已修改@Naveen的脚本以在x64平台上工作。
很棒的脚本!
$$ Dumps the managed strings to a file
$$ Platform x64
$$ Usage $$>a<"c:\temp\dumpstringtofolder.txt" 00007ffa6c509808 5000 c:\temp\stringtest
$$ First argument is the string method table pointer
$$ Second argument is the Min size of the string that needs to be used filter
$$ the strings
$$ Third is the path of the file
.foreach ($string {!dumpheap -short -mt ${$arg1} -min ${$arg2}})
{
$$ MT Field Offset Type VT Attr Value Name
$$ 00007ffa6c50c158 400027b 8 System.Int32 1 instance 18 m_stringLength
$$ 00007ffa6c50a9c0 400027c c System.Char 1 instance 53 m_firstChar
$$ 00007ffa6c509808 4000280 c0 System.String 0 shared static Empty
$$ start of string is stored in the 8th offset, which can be inferred from above
$$ Size of the string which is stored in the c-th offset
r@$t0= (poi(${$string}+8) & 00000000FFFFFFFF) *2
.writemem ${$arg3}${$string}.txt (${$string}+c) (${$string}+c+@$t0)
}