WinDbg 从符号中获取所有函数的地址 [英] WinDbg get addresses of all functions from symbols

问题描述

执行命令 x ShittyProject!* 我得到这样的输出

Executing command x ShittyProject!* I am getting such output

<MSIL:00250014         > ShittyProject!Main (void)
<MSIL:00250098         > ShittyProject!.ctor (void)
<MSIL:00250037         > ShittyProject!.ctor (void)
<MSIL:002500ed         > ShittyProject!get_Default (void)
<MSIL:002500a1         > ShittyProject!get_ResourceManager (void)
<MSIL:002500f8         > ShittyProject!.cctor (void)
<MSIL:0025002a         > ShittyProject!Foo (void)
<MSIL:0025006e         > ShittyProject!InitializeComponent (void)
<MSIL:00250000         > ShittyProject!InitializeComponent (void)
<MSIL:002500da         > ShittyProject!get_Culture (void)
<MSIL:002500e5         > ShittyProject!set_Culture (void)

如果我理解正确的 MSIL:* 它只是 pdb 文件中的函数地址?是否有可能以某种方式获取函数的地址以在其上放置断点?

If I understand correct MSIL:* it is only adress of function in pdb file? Is it possible somehow to get addresses of the function to place breakpoints on them?

推荐答案

托管代码不同于本机代码.要以本机方式"(bp)设置断点，您需要等到该方法被 JIT 编译，然后使用该方法的本机地址.

Managed code is different from native code. To set breakpoints the "native way" (bp), you would need to wait until the method is JIT-compiled and then use the native address of the method.

通常情况下，人们不会这样做，而是使用 .NET 特定的等效项.有 SOS(Microsoft 文档) !bpmd 或 SOSEX(可能不再维护)!mbm.

Normally, one would not do that, but use .NET specific equivalents instead. There is SOS (Microsoft docs) !bpmd or SOSEX (probably no longer maintained) !mbm.

给定代码

using System;

namespace JittyProject
{
    class Program
    {
        static void Main()
        {
            Console.WriteLine("You want to stop before this shows up.");
            Console.ReadLine();
        }
    }
}

您想在初始断点处停止并告诉它等待 .NET 加载完毕，例如

You want to stop at the initial breakpoint and tell it to wait until .NET is loaded, e.g.

0:000> sxe ld clr
0:000> g

加载 .NET 运行时后，您可以加载 .NET 特定调试命令的 SOS 扩展.

Once the .NET runtime is loaded, you can load the SOS extension for .NET specific debugging commands.

0:000> .loadby sos clr

和 SOSEX 扩展:

And the SOSEX extension:

0:000> .load c:\wherever\SOSEX.dll

然后添加断点:

0:000> !mbm JittyProject.Program.Main

使用常规的 g，您最终会遇到断点:

Using the regular g, you'll eventually hit the breakpoint:

0:000> g
ModLoad: 76650000 766e2000   C:\Windows\SysWOW64\OLEAUT32.dll
Breakpoint: JIT notification received for method JittyProject.Program.Main() in AppDomain 00960db0.
Breakpoint set at JittyProject.Program.Main() in AppDomain 00960db0.
Breakpoint 2 hit

0:000> !clrstack
OS Thread Id: 0x3ff8 (0)
Child SP       IP Call Site
003eeda0 77601ffc [PrestubMethodFrame: 003eeda0] JittyProject.Program.Main() [C:\...\JittyProject\Program.cs @ 8]
003eef74 77601ffc [GCFrame: 003eef74] 

这篇关于WinDbg 从符号中获取所有函数的地址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！