通过!DumpHeap输出迭代读取存储在偏移值 [英] Iterating through !DumpHeap output to read value at memory offset
问题描述
我试图想出一个WinDbg的命令行前pression,是以的输出!DumpHeap
命令,并为每个地址,读取一个64地址之后,从偏移量 0×08
比特值。我认为这是可能的(不知道这件事),但我尽了一切努力,到目前为止失败,一些错误。
I'm trying to come up with a WinDbg command line expression that takes the output of the !DumpHeap
command and for each address, reads a 64-bit value from offset 0x08
after the address. I think this is possible (not sure about it) but every attempt I made so far fails with some error.
我搜索了很多,但最WinDbg的文章显示简单的例子,我可以尝试,但我的尝试失败。
I searched a lot but most WinDbg articles show simple examples which I can try but my attempts fail.
我有一个ASP.NET工作进程的进程转储。这个过程也有一定记忆的增长,但有没有明确的犯罪者,所以我想列出一个数字,在内存中多次出现的对象。我使用sos.dll为托管调试WinDbg的扩展。
I have a process dump of an ASP.NET worker process. The process has some memory growth but there's no clear offender so I'm trying to list a number of objects that appear many times in memory. I'm using sos.dll for the managed debugging WinDbg extensions.
下面就是我要做的。
.foreach(myaddress {!dumpheap -short -mt 000007fe998adea8})
{r @$t0=poi(myaddress+0x8);!do @$t0;.echo ************* myaddress}
的注意,那上面的命令必须在同一行 - 我只加在这里更好的可读性换行的
有关上述行,WinDbg中打印此错误:在'myaddress + 0x8中无法解析错误);!做@ $ T0; .echo *********** ** 00000001003cb870
。
For the above line, WinDbg prints this error: Couldn't resolve error at 'myaddress+0x8);!do @$t0;.echo ************* 00000001003cb870'
.
我试图通过 DumpHeap
返回的所有地址重复 - 每一个地址应该进入 myaddress
变量。然后,对于每个地址,我试图将 $ T0
用户寄存器myaddress + 0x8中从读值
。在!做
(!DumpObject
)的命令,然后将在该地址抛售的对象。
I'm trying to iterate through all addresses returned by !DumpHeap
- each address should go into the myaddress
variable. Then, for each address, I'm trying to set the $t0
user register to the value read from myaddress+0x8
. The !do
(!DumpObject
) command would then dump the object at that address.
如果我只运行(再次,在WinDbg中一行的):
.foreach(myaddress {!dumpheap -short -mt 000007fe998adea8})
{!do myaddress;.echo ************* myaddress}
我得到的对象转储的名单,但是,这是比我需要更高的一个层次。我想更深入地一级和转储我通过迭代这些顶级对象的特定成员。
I get a list of object dumps but this is one level higher than what I need. I want to drill down one level deeper and dump a particular member of these top-level objects that I'm iterating through.
这是可能的还是我在错误的轨道与此?
Is this possible or am I on the wrong track with this?
推荐答案
在进一步的搜索,我发现我用错的语法。据问题和的 MSDN ,变量名必须用空格包围或者必须在 $ {...}
工作。我使用了 $ {}
圈地之后,我的脚本开始工作。
After further searching, I found that I was using the wrong syntax. According to question and to MSDN, variable names must be surrounded by spaces or must be enclosed in ${...}
to work. After I used the ${}
enclosure, my script started working.
有关备查,这里是如何运行脚本(保持在一行在WinDbg中的):
For future reference, here's how to run the script (keep it on one line in WinDbg):
.foreach(myaddress {!dumpheap -short -mt 000007fe998adea8})
{r @$t0=poi(${myaddress}+0x8);!do @$t0;.echo ************* myaddress}
这篇关于通过!DumpHeap输出迭代读取存储在偏移值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!