使用 WinDbg 从委托中获取方法名称 [英] Get method name from delegate with WinDbg

问题描述

我有以下委托对象转储:

I have the following dump of delegate object:

Name: MyEventHandler  
MethodTable: 132648fc  
EEClass: 1319e2b4  
Size: 32(0x20) bytes  
Fields:  
     MT    Field   Offset                 Type VT     Attr    Value Name  
790fd0f0  40000ff        4        System.Object  0 instance 014037a4 _target  
7910ebc8  4000100        8 ...ection.MethodBase  0 instance 00000000 _methodBase  
791016bc  4000101        c        System.IntPtr  1 instance 2ef38748 _methodPtr  
791016bc  4000102       10        System.IntPtr  1 instance        0 _methodPtrAux  
790fd0f0  400010c       14        System.Object  0 instance 00000000 _invocationList  
791016bc  400010d       18        System.IntPtr  1 instance        0 _invocationCount  

如何获取委托指向的方法名称?

How can I get the name of the method, pointed by the delegate?

推荐答案

根据我的经验，hakan 提供的建议不起作用.这就是我所做的.

In my experience the suggestion offered by hakan doesn't work. Here's what I do.

输出显示附加的处理程序是_target 指向的对象的成员.通过转储，您将获得它的方法表.

The output shows that the attached handler is a member of the object pointed to by _target. By dumping that you'll get it's method table.

我构建了一个类似的例子来说明:

I have constructed a similar example, to illustrate:

0:000> !do 02844de4 
Name: System.EventHandler
MethodTable: 0067afa4
EEClass: 0052ef88
Size: 32(0x20) bytes
 (C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll)
Fields:
      MT    Field   Offset                 Type VT     Attr    Value Name
002e6d58  40000ff        4        System.Object  0 instance 02842d20 _target
0058df70  4000100        8 ...ection.MethodBase  0 instance 00000000 _methodBase
0058743c  4000101        c        System.IntPtr  1 instance   2cc060 _methodPtr
0058743c  4000102       10        System.IntPtr  1 instance        0 _methodPtrAux
002e6d58  400010c       14        System.Object  0 instance 00000000 _invocationList
0058743c  400010d       18        System.IntPtr  1 instance        0 _invocationCount

在这种情况下，我将查看 02842d20 处的对象.

In this case, I'll look at the object at 02842d20.

0:000> !do 02842d20 
Name: app.Foo
MethodTable: 002c30bc
EEClass: 002c13d4
Size: 12(0xc) bytes
 (C:\workspaces\TestBench\app\bin\x86\Debug\app.exe)
Fields:
None

所以目标类型是app.Foo.让我们转储这种类型的方法.

So the target type is app.Foo. Let's dump the methods for this type.

0:000> !dumpmt -md 002c30bc
EEClass: 002c13d4
Module: 002c2c5c
Name: app.Foo
mdToken: 02000002  (C:\workspaces\TestBench\app\bin\x86\Debug\app.exe)
BaseSize: 0xc
ComponentSize: 0x0
Number of IFaces in IFaceMap: 0
Slots in VTable: 6
--------------------------------------
MethodDesc Table
   Entry MethodDesc      JIT Name
002ec015   002e6cbc     NONE System.Object.ToString()
002ec019   002e6cc4     NONE System.Object.Equals(System.Object)
002ec029   002e6cf4     NONE System.Object.GetHashCode()
005f4930   002e6d1c      JIT System.Object.Finalize()
005f8238   002c30b4      JIT app.Foo..ctor()
005f8270   002c30a8      JIT app.Foo.Bar(System.Object, System.EventArgs)

将MethodDesc 表的值与_methodPtr 的原始值进行比较.没有明显的匹配.

Compare the values of the MethodDesc table with the original value of _methodPtr. No apparent match.

_methodPtr 指向一段代码，它要么对相关函数的地址执行 jmp 操作，要么调用修复例程，所以下一步是使用 !u 命令对 _methodPtr 的值.如果我们看到一个 jmp 指令，我们就有了地址，并通过在它上面使用 !u，我们得到了方法.

_methodPtr points to a piece of code which either does a jmp to the address of the function in question or calls a fix-up routine, so the next step is to use the !u command on the value of _methodPtr. If we see a jmp instruction, we have the address and by using !u on that, we get the method.

另一方面，如果我们看到对clr!PrecodeFixupThunk的调用，我们可以通过转储_methodPtr指向的内存来获得MethodDesc代码>像这样

If, on the other hand, we see a call to clr!PrecodeFixupThunk we can get the MethodDesc by dumping the memory pointed to by _methodPtr like this

0:000> dd 2cc060 
002cc060  7e5d65e8 00005e6e 002c30a8 00000000
002cc070  00000000 00000000 00000000 00000000
002cc080  00000000 00000000 00000000 00000000

我们看到一些看起来像方法表条目的东西作为第三个 DWORD.通过将值002c30a8与上面的方法表进行比较，我们看到该方法的名称是app.Foo.Bar.

we see something that looks like a method table entry in as the third DWORD. By comparing the value 002c30a8 with the method table above, we see that the name of the method is app.Foo.Bar.

由于这是一个构造的例子，我知道我已经找到了这个案例中我正在寻找的方法.

Since this is a constructed example, I know that I have found the method, I was looking for in this case.

实际上，上面的示例可能会更复杂一些，因为字段的使用取决于事件的实际使用情况.但是，根据我的经验，上述方法适用于一般的发布者/订阅者场景.

Actually it may be bit more complicated that the above example shows, as the fields are used differently depending on the actual usage of the event. However, in my experience the approach above will work in the general publisher/subscriber scenario.

有关实现细节的更多详细信息，请查看共享源 CLI 的文件 comdelegate.cpp.

For more details on the implementation details check out the file comdelegate.cpp of the shared source CLI.

这篇关于使用 WinDbg 从委托中获取方法名称的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！