windows 如何在 WinDbg 中遍历本机对象?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1638532/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to walk a native object in WinDbg?
提问by noctonura
I am investigating what is taking up lots of memory in my app. Using the !DumpObj command, I can get around the managed objects. But how do I do the equivalent for native objects? For example, this .NET object has a pointer to native code. I am stuck here... how do I do the equivalent of !DumpObj from here? I have all the source and symbols.
我正在调查是什么占用了我的应用程序中的大量内存。使用 !DumpObj 命令,我可以绕过托管对象。但是我如何为本地对象做等效的事情?例如,这个 .NET 对象有一个指向本机代码的指针。我被困在这里......我如何从这里做相当于 !DumpObj 的事情?我有所有的来源和符号。
0:006> !DumpObj 0000000006222a50
Name: Beriliun.GS.Internal.Signer
MethodTable: 000007ff00658548
EEClass: 000007ff00734170
Size: 24(0x18) bytes
(d:\GS\bin\debug\LIBXT.dll)
Fields:
MT Field Offset Type VT Attr Value Name
000007fef02f8448 4000647 8 PTR 0 instance 000000002d7621e0 pSigner
0:006> !DumpObj 000000002d7621e0
<Note: this object has an invalid CLASS field>
Invalid object
回答by Dima Stopel
dt module!typedef addr
dt 模块!typedef addr
e.g., dt MyModule!MyClass 0x12345678
例如,dt MyModule!MyClass 0x12345678
回答by steve
You can dump the object by running the following command:
您可以通过运行以下命令来转储对象:
!object address.
In addition also the object header can be dumped. The object header is always located at 18h bytes prior to the object in memory. It can be dumped with the following command
此外还可以转储对象标头。对象头始终位于内存中对象之前的 18h 字节处。可以使用以下命令转储
!dt nt!_object_header address-18h
To figure out the the type you might want in addition to also dump the object type. This can be achieved with the following command.
除了转储对象类型之外,还要找出您可能想要的类型。这可以通过以下命令来实现。
!dt nt!_object_type address-of-type
The address of the type is printed as part of the dump of the object header. The corresponding field name is Type.
类型的地址作为对象头转储的一部分打印。对应的字段名称为 Type。
