获取调用堆栈中包含某个 .NET 函数的线程? [英] Get the threads which contain a certain .NET function in their call stack?

问题描述

我有一个包含 73 个线程的用户模式转储.其中一些是受管理的，其中一些是本地的.我想找到托管线程，它的调用堆栈中包含某个托管函数.

I have a user mode dump with 73 threads. Some of them are managed and some of them native. I would like to find the managed thread, which call stack contains a certain managed function.

我在调试器中加载了 SOSEX 扩展.

I have the SOSEX extension loaded in the debugger.

现在我执行 ~*e !mk 转储所有托管线程，然后手动浏览它们以查找我需要的内容 - 太长而且很烦人.

Right now I do ~*e !mk to dump all the managed threads and then browse through them manually looking for what I need - too long and tiresome.

有没有更好的方法?

推荐答案

相关命令

有 !findstack 2 查找在堆栈上具有特定模块的线程，但恕我直言，它仅适用于本机调用堆栈和仅适用于模块，不适用于方法.

Related commands

There is !findstack <module> 2 to find threads that have a specific module on the stack, but IMHO it only works well for native callstacks and for modules only, not for methods.

然后是 !uniqstack，它可能有助于缩小线程的范围，以防许多线程具有相同的调用堆栈.这也是一个本机命令.

Then there is !uniqstack which might help narrowing down the threads in case many threads have the same callstack. It's also a native command.

我在这种情况下所做的是一种丑陋的解决方法，但我还没有找到更好的方法:

What I do in such cases is an ugly workaround, but I have not found something better yet:

.shell -ci "!clrstack" find "Class.Method("

当然，您可以将其与 ~*e 结合起来为所有线程执行此操作.

Of course you can combine this with ~*e to do it for all threads.

~*e ? $tid;.shell -ci "!clrstack" find "Program.Main("

PyKd 脚本

如果你不介意安装另一个 WinDbg 扩展，我推荐 PyKd 以获得更方便和安静的解决方案.在 WinDbg 目录(或者可能是 WinDbg 的工作目录，不太确定，否则使用完整路径)中创建一个包含内容的文件 findstack.py

PyKd script

If you don't mind installing another WinDbg extension, I recommend PyKd for a more convenient and silent solution. Create a file findstack.py in WinDbg directory (or maybe the working directory of WinDbg, not so sure, otherwise use the full path) with the content

from pykd import * 
if "Class.Method(" in dbgCommand("!clrstack"):
    print(hex(expr("$tid")))

在 WinDbg 中，像这样运行脚本:

In WinDbg, run the script like this:

.load E:\path to\x86\pykd.pyd
*** Actually it's a DLL and I prefer renaming it
*** .load E:\path to\x86\pykd.dll
~*e !py findstack.py

当然你可以参数化脚本，例如喜欢

Of course you can parameterize the script, e.g. like

from pykd import *
import sys
if (len(sys.argv) < 4):
    print "find <command> <search term> <success command>."
    quit()

if sys.argv[2] in dbgCommand(sys.argv[1]):
    print(dbgCommand(sys.argv[3]))

然后用参数调用它

~*e !py find.py "!clrstack" "Program.Main(" "? $tid"

这篇关于获取调用堆栈中包含某个 .NET 函数的线程?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！