Use windbg to debug. Net code

Debugging is often required for software developed with. NET programming. Generally, you can use vs for debugging. But sometimes you will find that you have not installed vs, or some problems are difficult to see with vs, so you can choose windbg. The following lists some frequently used commands.

1. There are two ways to mount the program to be debugged:

1. Use windbg to directly open the executable program (CTRL + E)

At this time, windbg does not load mscorwks. dll, and SOS. dll cannot be loaded. Use commands

Sxe ld: mscorwks // The command is that after mscorwks is loaded again, windbg will be disconnected, so that there is a chance to load SOS.

 

2. Use windbg to directly mount the program to be debugged (F6)

Run the lmm mscorwks command to check whether mscorwks is loaded.

 

Then load SOS. dll in the following command format:

. Load <full path to SOS. dll> // Use this command to specify the SOS matching. net.

. Loadby SOS mscorwks // Use this command to determine and load SOS Based on the loaded mscorwks.

You can use. Chain to view the loaded SOS

 

Note: Use method 1 to directly run the program and use it after loading SOS! It seems that the method of setting the breakpoint to the main is not good. I tried it anyway. I don't know if other people are doing the same. below is what I entered, but it seems that if I run it directly, it won't stop.

0: 000>! Bpmd certexport. program. Main
Adding pending breakpoints...

 

In this case, I generally use the following method:

BP mscorwks! Assembly: getentrypoint. The returned result is methoddesc pointer of entrypoint.

0: 000> BP mscorwks! Assembly: getentrypoint // 1. set breakpoints
0: 000> G
Breakpoint 1 hit
Eax = 0014f57c EBX = 00000000 ECx = 002d7e18 edX = 0000000d ESI = 00000200 EDI = 00000000
EIP = 706fe154 ESP = 0014f55c EBP = 0014f7b0 iopl = 0 NV up ei pl Zr na PE NC
Cs = 001b Ss = 0023 DS = 0023 es = 0023 FS = 003b GS = 0000 EFL = 00000246
Mscorwks! Assembly: getentrypoint:
706fe154 682c020000 push 22ch

0: 000> Gu // 2. After this function is executed, it returns the MD corresponding to entrypoint.
Eax = 00242ff4 EBX = 00000000 ECx = 706fe241 edX = 80000001 ESI = 00000200 EDI = 00000000
EIP = 706b0b48 ESP = 0014f560 EBP = 0014f7b0 iopl = 0 NV up ei pl Zr na PE NC
Cs = 001b Ss = 0023 DS = 0023 es = 0023 FS = 003b GS = 0000 EFL = 00000246
Mscorwks! Assembly: executemainmethod + 0x89:
706b0b48 8bf0 mov ESI, eax

 

0: 000> r eax // 3. What is stored in eax is the MD corresponding to entrypoint. Here is the main method.
Eax = 00242ff4 // you can use the command! Bpmd-MD 00242ff4 breakpoint at the main method.

 

The following shows if 00242ff4 corresponds to the methoddesc pointer of the main function.

0: 000>! Name2ee certexport. Program
Module: 00242c5c (certexport.exe)
Token: 0x02000002
Method: 00243008
Eeclass: 002413a0
Name: certexport. Program

0: 000>! Dumpmt-MD 00243008
Eeclass: 002413a0
Module: 00242c5c
Name: certexport. Program
Mdtoken: 02000002 (E: \ study_prj \ certexport \ bin \ debug \ certexport.exe)
Basesize: 0xc
Componentsize: 0x0
Number of ifaces in ifacemap: 0
Slots in vtable: 6
--------------------------------------
Methoddesc table
Entry methoddesc JIT name
6fa06a90 6f881248 prejit system. Object. tostring ()
6fa06ab0 6f881250 prejit system. Object. Equals (system. Object)
6fa06b20 6f881280 prejit system. Object. gethashcode ()
6fa774c0 6f8812a4 prejit system. Object. Finalize ()
0024c015 00243000 none certexport. program .. ctor ()
0024c011 00242ff4 none certexport. program. Main (system. String [])

Ii. Common commands

1. Set breakpoints

! Bpmd
Usage :! Bpmd-MD <methoddesc pointer>
Usage :! Bpmd <Module name> <managed Function Name>

For example:

To be continued ........