按引用类型WinDbg.foreach并获取字段值
本文关键字:获取 字段 foreach 引用类型 WinDbg | 更新日期: 2023-09-27 18:20:02
如何迭代引用类型(例如MyClass)并获取其中一个字段(值类型)的值
我使用下一个代码。
.foreach (address {!DumpHeap -type MyClass -short }) {!do ${address} (what I do next?) }
我得到对象的转储,但如何获得所有对象的字段值?
首先,您需要通过转储单个对象来找出各个字段的偏移量:
0:016> !do 00000000115bff60
Name: System.Action
MethodTable: 000007fedb35ff30
EEClass: 000007fedb111f90
Size: 64(0x40) bytes
(C:'Windows'assembly'GAC_MSIL'System.Core'3.5.0.0__b77a5c561934e089'System.Core.dll)
Fields:
MT Field Offset Type VT Attr Value Name
000007fedc267680 40000ff 8 System.Object 0 instance 00000000115bff60 _target
000007fedc266138 4000100 10 ...ection.MethodBase 0 instance 0000000000000000 _methodBase
000007fedc26a798 4000101 18 System.IntPtr 1 instance 7fedf0bf238 _methodPtr
000007fedc26a798 4000102 20 System.IntPtr 1 instance 7fedf0fa850 _methodPtrAux
000007fedc267680 400010c 28 System.Object 0 instance 0000000000000000 _invocationList
000007fedc26a798 400010d 30 System.IntPtr 1 instance 0 _invocationCount
接下来,您可以在循环中使用偏移。注意,为了避免冲突,我将-type <ClassName>更改为-mt <MethodTable>。!do按子字符串进行搜索,其中可能包含您不期望的对象。
根据字段的类型,然后可以使用d* ${address}+<offset> [L<length>]转储类型的值
0:016> .foreach (address {!DumpHeap -mt 000007fedb35ff30 -short }) {dp ${address}+0x20 L1}
00000000`114cfc48 00000000`114ce518
...
或!do poi(${address}+<offset>)来转储.NET对象
0:016> .foreach (address {!DumpHeap -mt 000007fedb35ff30 -short }) {!do poi(${address}+0x8)}
Name: PaintDotNet.Controls.UnitsComboBoxStrip
MethodTable: 000007fed94cd120
EEClass: 000007fed91b38f8
Size: 224(0xe0) bytes
(C:'Program Files'Paint.NET'PaintDotNet.exe)
Fields:
MT Field Offset Type VT Attr Value Name
000007fedc267680 400018a 8 System.Object 0 instance 0000000000000000 __identity
000007fedb6cd320 40008e0 10 ...ponentModel.ISite 0 instance 0000000000000000 site
000007fedb6fcc18 40008e1 18 ....EventHandlerList 0 instance 00000000114d0050 events
...