WINDBG Debugging. NET Programs

Source: Internet
Author: User
Tags print object

WinDbg supports the following three types of commands:

· General commands to debug a process

· Point command to control the debugger

· Extension commands, you can add custom commands called WinDbg, which are typically provided by extension DLLs

PDB file

PDB files are program database files that are generated by the linker. Private PDB files contain private and public symbols, source code lines, types, local and global variable information. Public PDB files do not contain types, local variables, and source code line information, and contain only debugging information for members.

Dump file

With the Dump tool, you can get snapshot information for the process. A mini-dump contains all the threads of the current process, thread stack information, and loaded module information. A full-dump includes more information, such as heap information.

Debugging with WinDbg

1. Start WinDbg

To use the WinDbg (x86) mode 32-bit program, debug the 64-bit program with WinDbg (x64).

2. Use Help

You can use the!help command at any time to get help and see how the command is used.

3. Set Symbolfile Path, specify the symbol library, we can see the detailed type information

Srv*c:\symbols*http://msdl.microsoft.com/download/symbols

WinDbg will download the Microsoft symbol library to the specified local directory, the above settings can be implemented using the following command:

. symfixc:\symbols, this command indicates that you want to connect to a Microsoft server to download the debug symbol file and the symbol file will be downloaded to the C:\Symbols directory.

You can also use the. sympath command to display the current symbol path settings.

4. Reload Symbols

If you enter a symbol path after debugging, you need to reload the symbol with a command

. reload

5. Load Debug Extensions

The debug extension defines a number of commands to debug. NET programs. It is very difficult to debug. NET programs by using the commands of the modal unmanaged code. The following command loads the SOS module for debugging. NET programs.

A. For. Net Runtime 2.0

. Loadby SOS Mscorwks

B. For. Net Runtime 4.0

. Loadby SOS CLR

SOS is a DLL that defines a lot of debug commands for. NET assembly, SOS.dll different versions for different runtime. If you use the. Load command, you need to specify the full path for SOS.dll. If you use the. Loadby command, it means that you want to find SOS in the same directory as Mscorwks.dll and Clr.dll. For. NET programs, Mscorwks.dll (2.0) and Clr.dll (4.0) are basically loaded.

6. View Threads

A. Include managed threads and unmanaged threads

~

B. Viewing managed threads

!threads

C. Displays information about the managed thread pool, including the number of work requests in the queue, the number of completion port threads, and the number of timers.

! ThreadPool

D. Toggle thread (middle number indicates thread number)

~0s

E. View line stacks, which provides only stack traces for managed code.

!clrstack [-A] [-l] [-p] [-n]

The-P option displays the parameters of the managed function.

The-l option displays information about the local variables in the frame. If sosdebugging extension failed to retrieve the local name, the output format of the local name <local address>= <value>.

The-A (all) option is a shortcut that represents a combination of-L and-P.

The-n option suppresses the display of source file names and line numbers.

On x64 and IA-64-based platforms, the SOS Debug extension does not display transition frames.

F. View line stacks, only normal display of unmanaged parts

K

G. Displaying full information about thread stacks, including managed and unmanaged parts

!dumpstack [-ee] [-n] [top stack [bottom stack]]

The-ee option causes the DumpStack command to display only managed functions. Use the top and bottom parameters to limit the stack frames displayed on the x86 platform.

The-n option suppresses the display of source file names and line numbers. If the debugger has specified an option

Show all thread stack information

H. Run the DumpStack command on all threads in a process

! Eestack [-short] [-ee]

Pass the-EE option directly to the DumpStack command. The-short parameter restricts the output to the following types of threads:

· The thread that has acquired the lock.

· The thread that has stopped running to allow garbage collection.

· The thread that is currently in managed code.

I. displaying stacks for all threads

~*e!clrstack

J. Displaying all managed objects found within the bounds of the current stack

!dumpstackobjects [-verify] [Top stack [bottom stack]] or!DSO

7. View all object information in the heap, including type information, number, size, etc.

!dumpheap–stat

A. Specify the object type, if you want the result to be accurate, you need to use the full name, the type name is case sensitive

!dumpheap-type Flowthrottle–stat

B. The first column of the above command output is the MT (method table) information that represents the address of the type object. We can use this information to explicitly specify the information in the heap of objects of interest to us.

!DUMPHEAP-MT 000007feee769c00-stat

Note that if you do not specify-stat, output information for each object, using-stat, you will see the statistics.

C. Use the following command to output object addresses only

!DUMPHEAP-MT 000007feee769c00-short

D. The-short option restricts the output to just the address of each object. This makes it easy for you to pipe the output from the command to another debugger command for automation.

E. The-min option ignores objects that are smaller than the size specified by the size parameter (in bytes). The-max option ignores objects that are larger than the size specified by the size parameter (in bytes).

8. Displays information about the process memory used by the internal common language runtime data structures.

Eeheap [-gc][-loader]

The-GC and-loader options limit the output of this command to the garbage collector or the loader data structure. Information about the garbage collector lists the scope of each segment in the managed heap. If the pointer falls within a range of segments given by-GC, the pointer is an object pointer.

9. Print object information and specify any valid object address to view the contents of the object

!dumpobj <address> or!do<address>

The output object information has address information for each property, so you can continue to use the!do command to print the object information that the property points to.

!dumpobj–nofields<address> or!do <address>

The Nofields option indicates that the object field information is not output and is useful when the object is of type string.

10. Displays information about the value class field at the specified address.

Dumpvc<methodtable address> <Address>

The MethodTable parameter enables the DUMPVC command to interpret the field correctly. The value class does not use a method table as its first field.

11. Output multiple Object information

. foreach (Myobj{!dumpheap-mt 008f4104-short}) {!do ${myobj}}

The above command indicates that for all objects of type 008f4104 in the heap, the!do command is called sequentially.

12. Print array Information

!dumparray [-start<startindex>] [-length <length>] [-details] [-nofields] <arrayobject address> or! Da

· The-start option specifies the starting index of the starting display element.

· The-length option specifies the number of elements to display.

· The-details option displays the details of the element using the DumpObj and DUMPVC formats.

· The-nofields option prevents the display of arrays. This option is available only after you have specified the-detail option.

The following command displays the array contents at address 00ad28d0. The display starts with the second element, displaying five elements in a row.

!dumparray-start2-length 5-detail 00ad28d0

13. Output App Domain Information

!dumpdomain

Enumerates each assembly object that is loaded within the specified AppDomain object address. If no arguments are supplied when the DumpDomain command is called, all AppDomain objects in the process are listed.

14. Output assembly Information

!dumpassembly

15. Printing Method Table

!DUMPMT [-md]<methodtable address>

Displays information about the method table at the specified address. Specifying the-MD option displays a list of all methods defined along with the object. Each managed object contains a method table pointer.

16. Print the EEClass structure, where you can see the type static variable information

!dumpclass<eeclass address>

Displays information about the EECLASS structure associated with the type. The dumpclass command displays static field values, but does not display non-static field values. Get the address of the EECLASS structure using the DUMPMT, DUMPOBJ,NAME2EE, or TOKEN2EE commands.

17. Show exceptions

A. Causes the debugger to stop when a specified exception is thrown, but continues to run when another exception is thrown.

! stoponexception [-derived] [-create |-create2]<exception> <pseudo-register number>

The-derived option captures the specified exception and each exception derived from the specified exception.

B. Displaying the last exception on the currently active thread

! printexception [-nested] [-lines] [<exception objectaddress>] or! PE

Displays the fields of any object derived from the exception class at the specified address and formats the fields. If you do not specify an address, the printexception command displays the last exception that is thrown on the current thread.

The-nested option displays detailed information about the nested exception object.

The-lines option displays the source information, if available.

C. Displaying the last exception that occurred on all threads

~*e!pe

18. Debugging GC-related information

A. Displays information about the reference (or root) of the object at the specified address.

! GCRoot [-nostacks] <object address>

The GCRoot command examines the entire managed heap and handle tables to find handles and handles on the stack in other objects. Then, a pointer to the object is searched on each stack, and the finalizer queue is also searched. This command cannot determine whether the stack root is valid or discarded. Use the clrstack and U commands to disassemble the frame that the local or parameter value belongs to to determine whether the stack root is still in use.

The-nostacks option restricts the search to the garbage collector handle and the Freachable object.

B. Displays all objects that have been registered for finalization.

! Finalizequeue [-detail] | [-allready] [-short]

The-detail option displays additional information about any syncblocks that need to be cleaned and additional information about any runtimecallablewrappers (RCW) that is waiting to be cleaned. Both of these data structures are cached and scavenged by the finalizer thread at run time.

The-allready option displays all objects that are ready to be terminated, whether they have been flagged for garbage collection or will be flagged by the next garbage collection. The object in the prepare to terminate list is a terminating object that is no longer the root. This option can be resource intensive because it verifies that all objects in the queue are still root objects.

The-short option restricts the output to the address of each object. If used with-allready, all objects that have finalizers that are no longer rooted are enumerated. If used alone, all objects in the finalization and prepare for finalization queues are listed.

19. Set Breakpoints

!bpmdsystem.windows.forms.dllsystem.windows.forms.messagebox.show

The first parameter is the DLL file name, and the second is the full method name.

20. View a list of all breakpoints

Bl

21. Release the current breakpoint so that the program continues to run. WinDbg will automatically stop when the program runs to a breakpoint.

G

22. The common language runtime version is displayed.

!eeversion

23. Clear the screen information, the command also you a clean screen

. cls

24. Exit the current debugging

Q

WinDbg supports the following three types of commands:

· General commands to debug a process

· Point command to control the debugger

· Extension commands, you can add custom commands called WinDbg, which are typically provided by extension DLLs

PDB file

PDB files are program database files that are generated by the linker. Private PDB files contain private and public symbols, source code lines, types, local and global variable information. Public PDB files do not contain types, local variables, and source code line information, and contain only debugging information for members.

Dump file

With the Dump tool, you can get snapshot information for the process. A mini-dump contains all the threads of the current process, thread stack information, and loaded module information. A full-dump includes more information, such as heap information.

Debugging with WinDbg

1. Start WinDbg

To use the WinDbg (x86) mode 32-bit program, debug the 64-bit program with WinDbg (x64).

2. Use Help

You can use the!help command at any time to get help and see how the command is used.

3. Set Symbolfile Path, specify the symbol library, we can see the detailed type information

Srv*c:\symbols*http://msdl.microsoft.com/download/symbols

WinDbg will download the Microsoft symbol library to the specified local directory, the above settings can be implemented using the following command:

. symfixc:\symbols, this command indicates that you want to connect to a Microsoft server to download the debug symbol file and the symbol file will be downloaded to the C:\Symbols directory.

You can also use the. sympath command to display the current symbol path settings.

4. Reload Symbols

If you enter a symbol path after debugging, you need to reload the symbol with a command

. reload

5. Load Debug Extensions

The debug extension defines a number of commands to debug. NET programs. It is very difficult to debug. NET programs by using the commands of the modal unmanaged code. The following command loads the SOS module for debugging. NET programs.

A. For. Net Runtime 2.0

. Loadby SOS Mscorwks

B. For. Net Runtime 4.0

. Loadby SOS CLR

SOS is a DLL that defines a lot of debug commands for. NET assembly, SOS.dll different versions for different runtime. If you use the. Load command, you need to specify the full path for SOS.dll. If you use the. Loadby command, it means that you want to find SOS in the same directory as Mscorwks.dll and Clr.dll. For. NET programs, Mscorwks.dll (2.0) and Clr.dll (4.0) are basically loaded.

6. View Threads

A. Include managed threads and unmanaged threads

~

B. Viewing managed threads

!threads

C. Displays information about the managed thread pool, including the number of work requests in the queue, the number of completion port threads, and the number of timers.

! ThreadPool

D. Toggle thread (middle number indicates thread number)

~0s

E. View line stacks, which provides only stack traces for managed code.

!clrstack [-A] [-l] [-p] [-n]

The-P option displays the parameters of the managed function.

The-l option displays information about the local variables in the frame. If sosdebugging extension failed to retrieve the local name, the output format of the local name <local address>= <value>.

The-A (all) option is a shortcut that represents a combination of-L and-P.

The-n option suppresses the display of source file names and line numbers.

On x64 and IA-64-based platforms, the SOS Debug extension does not display transition frames.

F. View line stacks, only normal display of unmanaged parts

K

G. Displaying full information about thread stacks, including managed and unmanaged parts

!dumpstack [-ee] [-n] [top stack [bottom stack]]

The-ee option causes the DumpStack command to display only managed functions. Use the top and bottom parameters to limit the stack frames displayed on the x86 platform.

The-n option suppresses the display of source file names and line numbers. If the debugger has specified an option

Show all thread stack information

H. Run the DumpStack command on all threads in a process

! Eestack [-short] [-ee]

Pass the-EE option directly to the DumpStack command. The-short parameter restricts the output to the following types of threads:

· The thread that has acquired the lock.

· The thread that has stopped running to allow garbage collection.

· The thread that is currently in managed code.

I. displaying stacks for all threads

~*e!clrstack

J. Displaying all managed objects found within the bounds of the current stack

!dumpstackobjects [-verify] [Top stack [bottom stack]] or!DSO

7. View all object information in the heap, including type information, number, size, etc.

!dumpheap–stat

A. Specify the object type, if you want the result to be accurate, you need to use the full name, the type name is case sensitive

!dumpheap-type Flowthrottle–stat

B. The first column of the above command output is the MT (method table) information that represents the address of the type object. We can use this information to explicitly specify the information in the heap of objects of interest to us.

!DUMPHEAP-MT 000007feee769c00-stat

Note that if you do not specify-stat, output information for each object, using-stat, you will see the statistics.

C. Use the following command to output object addresses only

!DUMPHEAP-MT 000007feee769c00-short

D. The-short option restricts the output to just the address of each object. This makes it easy for you to pipe the output from the command to another debugger command for automation.

E. The-min option ignores objects that are smaller than the size specified by the size parameter (in bytes). The-max option ignores objects that are larger than the size specified by the size parameter (in bytes).

8. Displays information about the process memory used by the internal common language runtime data structures.

Eeheap [-gc][-loader]

The-GC and-loader options limit the output of this command to the garbage collector or the loader data structure. Information about the garbage collector lists the scope of each segment in the managed heap. If the pointer falls within a range of segments given by-GC, the pointer is an object pointer.

9. Print object information and specify any valid object address to view the contents of the object

!dumpobj <address> or!do<address>

The output object information has address information for each property, so you can continue to use the!do command to print the object information that the property points to.

!dumpobj–nofields<address> or!do <address>

The Nofields option indicates that the object field information is not output and is useful when the object is of type string.

10. Displays information about the value class field at the specified address.

Dumpvc<methodtable address> <Address>

The MethodTable parameter enables the DUMPVC command to interpret the field correctly. The value class does not use a method table as its first field.

11. Output multiple Object information

. foreach (Myobj{!dumpheap-mt 008f4104-short}) {!do ${myobj}}

The above command indicates that for all objects of type 008f4104 in the heap, the!do command is called sequentially.

12. Print array Information

!dumparray [-start<startindex>] [-length <length>] [-details] [-nofields] <arrayobject address> or! Da

· The-start option specifies the starting index of the starting display element.

· The-length option specifies the number of elements to display.

· The-details option displays the details of the element using the DumpObj and DUMPVC formats.

· The-nofields option prevents the display of arrays. This option is available only after you have specified the-detail option.

The following command displays the array contents at address 00ad28d0. The display starts with the second element, displaying five elements in a row.

!dumparray-start2-length 5-detail 00ad28d0

13. Output App Domain Information

!dumpdomain

Enumerates each assembly object that is loaded within the specified AppDomain object address. If no arguments are supplied when the DumpDomain command is called, all AppDomain objects in the process are listed.

14. Output assembly Information

!dumpassembly

15. Printing Method Table

!DUMPMT [-md]<methodtable address>

Displays information about the method table at the specified address. Specifying the-MD option displays a list of all methods defined along with the object. Each managed object contains a method table pointer.

16. Print the EEClass structure, where you can see the type static variable information

!dumpclass<eeclass address>

Displays information about the EECLASS structure associated with the type. The dumpclass command displays static field values, but does not display non-static field values. Get the address of the EECLASS structure using the DUMPMT, DUMPOBJ,NAME2EE, or TOKEN2EE commands.

17. Show exceptions

A. Causes the debugger to stop when a specified exception is thrown, but continues to run when another exception is thrown.

! stoponexception [-derived] [-create |-create2]<exception> <pseudo-register number>

The-derived option captures the specified exception and each exception derived from the specified exception.

B. Displaying the last exception on the currently active thread

! printexception [-nested] [-lines] [<exception objectaddress>] or! PE

Displays the fields of any object derived from the exception class at the specified address and formats the fields. If you do not specify an address, the printexception command displays the last exception that is thrown on the current thread.

The-nested option displays detailed information about the nested exception object.

The-lines option displays the source information, if available.

C. Displaying the last exception that occurred on all threads

~*e!pe

18. Debugging GC-related information

A. Displays information about the reference (or root) of the object at the specified address.

! GCRoot [-nostacks] <object address>

The GCRoot command examines the entire managed heap and handle tables to find handles and handles on the stack in other objects. Then, a pointer to the object is searched on each stack, and the finalizer queue is also searched. This command cannot determine whether the stack root is valid or discarded. Use the clrstack and U commands to disassemble the frame that the local or parameter value belongs to to determine whether the stack root is still in use.

The-nostacks option restricts the search to the garbage collector handle and the Freachable object.

B. Displays all objects that have been registered for finalization.

! Finalizequeue [-detail] | [-allready] [-short]

The-detail option displays additional information about any syncblocks that need to be cleaned and additional information about any runtimecallablewrappers (RCW) that is waiting to be cleaned. Both of these data structures are cached and scavenged by the finalizer thread at run time.

The-allready option displays all objects that are ready to be terminated, whether they have been flagged for garbage collection or will be flagged by the next garbage collection. The object in the prepare to terminate list is a terminating object that is no longer the root. This option can be resource intensive because it verifies that all objects in the queue are still root objects.

The-short option restricts the output to the address of each object. If used with-allready, all objects that have finalizers that are no longer rooted are enumerated. If used alone, all objects in the finalization and prepare for finalization queues are listed.

19. Set Breakpoints

!bpmdsystem.windows.forms.dllsystem.windows.forms.messagebox.show

The first parameter is the DLL file name, and the second is the full method name.

20. View a list of all breakpoints

Bl

21. Release the current breakpoint so that the program continues to run. WinDbg will automatically stop when the program runs to a breakpoint.

G

22. The common language runtime version is displayed.

!eeversion

23. Clear the screen information, the command also you a clean screen

. cls

24. Exit the current debugging

Q

WINDBG Debugging. NET Programs

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.