如何在WinDbg扩展中基于转储文件内存创建对象？ [英] How can I create objects based on dump file memory in a WinDbg extension?

查看：239 发布时间：2016/10/22 18:51:36 c++ object windbg minidump memory-dump

本文介绍了如何在WinDbg扩展中基于转储文件内存创建对象？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我在一个大型应用程序上工作，并经常使用WinDbg来根据客户的DMP文件诊断问题。我为WinDbg写了几个小的扩展，已经证明非常有用的从DMP文件中提取信息位。在我的扩展代码中，我发现自己解除引用c ++类对象以相同的方式，一遍又一遍，手。例如：

I work on a large application, and frequently use WinDbg to diagnose issues based on a DMP file from a customer. I have written a few small extensions for WinDbg that have proved very useful for pulling bits of information out of DMP files. In my extension code I find myself dereferencing c++ class objects in the same way, over and over, by hand. For example:

Address = GetExpression("somemodule!somesymbol");
ReadMemory(Address, &addressOfPtr, sizeof(addressOfPtr), &cb);

// get the actual address
ReadMemory(addressOfObj, &addressOfObj, sizeof(addressOfObj), &cb);

ULONG offset;
ULONG addressOfField;

GetFieldOffset("somemodule!somesymbolclass", "somefield", &offset);
ReadMemory(addressOfObj+offset, &addressOfField, sizeof(addressOfField), &cb);

这很好，但是我写了更多的扩展，更大的功能在我们的应用程序DMP文件），我渴望一个更好的解决方案。我可以访问我们自己的应用程序的源，当然，所以我认为应该有一种方法来复制一个对象从DMP文件，并使用该内存创建一个实际的对象在调试器扩展，我可以调用函数on（通过链接在我们的应用程序的dll）。这可以节省我用手把东西从DMP中拉出来的麻烦。

That works well, but as I have written more extensions, with greater functionality (and accessing more complicated objects in our applications DMP files), I have longed for a better solution. I have access to the source of our own application of course, so I figure there should be a way to copy an object out of a DMP file and use that memory to create an actual object in the debugger extension that I can call functions on (by linking in dlls from our application). This would save me the trouble of pulling things out of the DMP by hand.

这是可能吗？我试过很明显的事情，如在扩展中创建一个新的对象，然后用一个大的ReadMemory直接从DMP文件覆盖它。这似乎把数据放在正确的领域，但是当我试图调用一个函数的时候吓坏了。我想我缺少的东西...也许c ++拉一些vtable funky-ness，我不知道？我的代码看起来类似于：

Is this even possible? I tried obvious things like creating a new object in the extension, then overwriting it with a big ReadMemory directly from the DMP file. This seemed to put the data in the right fields, but freaked out when I tried to call a function. I figure I am missing something...maybe c++ pulls some vtable funky-ness that I don't know about? My code looks similar to this:

SomeClass* thisClass = SomeClass::New();
ReadMemory(addressOfObj, &(*thisClass), sizeof(*thisClass), &cb);

FOLLOWUP：看起来像POSSIBLY从EngExtCpp ExtRemoteTyped是我想要的？有没有人成功地使用这个？我需要google上传一些示例代码，但没有太多运气。

FOLLOWUP: It looks like POSSIBLY ExtRemoteTyped from EngExtCpp is what I want? Has anyone successfully used this? I need to google up some example code, but am not having much luck.

FOLLOWUP 2：我正在寻找两种不同的调查路线。

1）我正在寻找ExtRemoteTyped，但它似乎这个类只是一个帮助器的ReadMemory / GetFieldOffset调用。是的，它将有助于加速ALOT，但是没有真正帮助，当它涉及到从DMP文件中重新创建一个对象。虽然文档很薄，所以我可能会误解一些东西。
2）我也在试图使用ReadMemory覆盖在我的扩展中创建的对象与DMP文件的数据。然而，不是像上面使用sizeof（* thisClass），我想我只选择数据元素，并保持vtables不变。

FOLLOWUP 2: I am pursuing two different routes of investigation on this.
1) I am looking into ExtRemoteTyped, but it appears this class is really just a helper for the ReadMemory/GetFieldOffset calls. Yes, it would help speed things up ALOT, but doesn't really help when it comes to recreating an object from a DMP file. Although documentation is slim, so I might be misunderstanding something. 2) I am also looking into trying to use ReadMemory to overwrite an object created in my extension with data from the DMP file. However, rather than using sizeof(*thisClass) as above, I was thinking I would only pick out the data elements, and leave the vtables untouched.

如何在WinDbg扩展中基于转储文件内存创建对象？ [英] How can I create objects based on dump file memory in a WinDbg extension?

问题描述

推荐答案

相关文章

C/C++开发最新文章

热门教程

热门工具

登录关闭

如何在WinDbg扩展中基于转储文件内存创建对象？ [英] How can I create objects based on dump file memory in a WinDbg extension?

问题描述

推荐答案

相关文章

C/C++开发最新文章

热门教程

热门工具

登录 关闭

登录关闭