CLR Exploration Series: windbg + SOS dynamic debugging and analysis managed code

CLR Exploration Series: windbg + SOS dynamic debugging and analysis hosting Code

Http://www.cnblogs.com/lbq1221119/archive/2007/12/02/980274.html

Hosting applications withProgramWhen debugging, sometimes I feel a little powerless. For example, when viewing a managed stack or computing stack, vs cannot be competent. At this time, the windbg + SOS extension debugging module provides us with a good solution.
Let's look at a piece of code:
Class Program
{
Static void main (string [] ARGs)
{
Program B = new program ();
B. Test ();
System. Console. Readline ();
}

Public void test ()
{
Int I = 67;
System. Console. writeline (char) I );
System. Console. writeline (char) 67 );
I = 1;
}
}
This is a forced type conversion in C #. Now we use windbg + SOS to analyze the computing stack and JIT code after the forced type conversion.
Load the running program in windbg, attach to this process, and then load the SOS extension debugging module:
0: 003>. Load c: \ windows \ Microsoft. NET \ framework \ v2.0.50727 \ SOS. dll
Then display the current thread:
0: 003> ~
0 ID: cf0.450 suspend: 1 Teb: 7ffdf000 unfrozen
1 ID: cf0.be8 suspend: 1 Teb: 7ffdd000 unfrozen
2 ID: cf0.168 suspend: 1 Teb: 7ffdc000 unfrozen
. 3 ID: cf0.7d0 suspend: 1 Teb: 7ffde000 unfrozen
Switch to the 0th thread:
0: 003> ~ 0 s
Eax = 0012f2e4 EBX = 00000000 ECx = 0012f400 edX = 00000008 ESI = 0012f1f4 EDI = 00250688
EIP = 7c92eb94 ESP = 0012f194 EBP = 0012f1b4 iopl = 0 NV up ei pl Zr na PE NC
Cs = 001b Ss = 0023 DS = 0023 es = 0023 FS = 003b GS = 0000 EFL = 00000246
Ntdll! Kifastsystemcallret:
7c92eb94 C3 RET
Show the address related to the test method:
0: 000>! Name2ee testconcoleapp.exe testconcoleapp. program. Test
Module: 00ab2c24 (testconcoleapp.exe)
Token: 0x06000002
Methoddesc: 00ab2ff0
Name: testconcoleapp. program. Test ()
Jitted Code address: 00d000f8
Display the Il code after this method is compiled by the C # Compiler:
0: 000>! Dumpil 00ab2ff0
Iladdr = 00402074
Il_0000: NOP
Il_0001: LDC. i4.s 67
Il_0003: stloc.0
Il_0004: ldloc.0
Il_0005: Conv. U2
Il_0006: Call system. Console: writeline
Il_000b: NOP
Il_000c: LDC. i4.s 67
Il_000e: Call system. Console: writeline
Il_0013: NOP
Il_0014: LDC. i4.1
Il_0015: stloc.0
Il_0016: Ret

Here, sandwi has been confused about the Conv. U2 command. I am also confused about this problem for a long time. I have read a lot of information and I have not found it. I am going to find the answer in the C # compiler of sscli, but I have not found a place ......
It was later confirmed that this command was a command generated by the C # compiler for type security. The function is to call an integer conversion as an unsigned int16, and then add 0 to the front and press it into the stack.
This is a language compiler action. To prove this idea, we also wrote the same VB code to prove our idea:
Module module1

Sub main ()
Dim I as integer

I = 67
System. Console. writeline (CHR (I ))
System. Console. writeline (CHR (67 ))
System. Console. Readline ()

End sub

End Module
The compiled il Code also supports the above ideas.
Here, I would like to thank Microsoft's Zhang Yi for confirming my conjecture about the causes of Conv. U2. However, zhangyi said that the Conv. U2 command in the test method was optimized in the local code generated by JIT, but I disagree with this view:
0: 000>! U 00d000f8
This command displays the local code of the test method compiled by JIT.
Jitted Code address: 00d000f8
This line. The result is as follows:
Normal JIT generated code
Testconcoleapp. program. Test ()

Push ESI
Push eax
MoV dword ptr [esp], ECx
Cmp dword ptr ds: [0ab2dd8h], 0
Je 00d0010b (skip to xor esi, ESI)
Call mscorwks! Corlaunchapplication + 0x0000b4 (7a08e179)
Xor esi, ESI
NOP
MoV ESI, 43 H
Movzx ECx, Si
Call mscorlib_ni + 0x2f8b9c (793b8b9c) (system. Console. writeline (char), mdtoken: 06000759)
NOP
MoV ECx, 43 H
Call mscorlib_ni + 0x2f8b9c (793b8b9c) (system. Console. writeline (char), mdtoken: 06000759)
NOP
MoV ESI, 1
Pop ECx
Pop ESI
RET
Here, the movzx ECx and Si commands correspond to Conv. U2 in the Il code, and add 0 in front of the corresponding int to the ECX register.

Note: I have just been in touch with the dynamic debugging and hosting code, but it is not accurate. You are welcome to correct it.