Windbg 查看堆栈内容
Windbg view stack content
正在尝试查看应该在堆栈上的变量,但我似乎遗漏了一些东西。
Program.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace OnlyMain
{
class Program
{
static void Main(string[] args)
{
int i = 0;
i = 2;
Console.WriteLine(i);
}
}
}
0:000> .load C:\Users\Anton\Downloads\sosex_64\sosex.dll
0:000> !mbp Program.cs 15
The CLR has not yet been initialized in the process.
Breakpoint resolution will be attempted when the CLR is initialized.
0:000> g
ModLoad: 00007ffd`ef9e0000 00007ffd`efa81000 C:\Windows\System32\ADVAPI32.dll
ModLoad: 00007ffd`ed830000 00007ffd`ed8cd000 C:\Windows\System32\msvcrt.dll
ModLoad: 00007ffd`f0020000 00007ffd`f0079000 C:\Windows\System32\sechost.dll
ModLoad: 00007ffd`ed990000 00007ffd`edab5000 C:\Windows\System32\RPCRT4.dll
ModLoad: 00007ffd`e5800000 00007ffd`e589c000 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
ModLoad: 00007ffd`f0080000 00007ffd`f00d1000 C:\Windows\System32\SHLWAPI.dll
ModLoad: 00007ffd`ef6b0000 00007ffd`ef9a9000 C:\Windows\System32\combase.dll
ModLoad: 00007ffd`ed500000 00007ffd`ed5f6000 C:\Windows\System32\ucrtbase.dll
ModLoad: 00007ffd`ed010000 00007ffd`ed07a000 C:\Windows\System32\bcryptPrimitives.dll
ModLoad: 00007ffd`ef9b0000 00007ffd`ef9d7000 C:\Windows\System32\GDI32.dll
ModLoad: 00007ffd`ed370000 00007ffd`ed4f8000 C:\Windows\System32\gdi32full.dll
ModLoad: 00007ffd`ed2d0000 00007ffd`ed36a000 C:\Windows\System32\msvcp_win.dll
ModLoad: 00007ffd`efed0000 00007ffd`f001a000 C:\Windows\System32\USER32.dll
ModLoad: 00007ffd`ec6d0000 00007ffd`ec6ee000 C:\Windows\System32\win32u.dll
ModLoad: 00007ffd`ed760000 00007ffd`ed78d000 C:\Windows\System32\IMM32.DLL
ModLoad: 00007ffd`ec610000 00007ffd`ec621000 C:\Windows\System32\kernel.appcore.dll
ModLoad: 00007ffd`e7990000 00007ffd`e799a000 C:\Windows\SYSTEM32\VERSION.dll
ModLoad: 00007ffd`c8680000 00007ffd`c906c000 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
ModLoad: 00007ffd`e5700000 00007ffd`e57f7000 C:\Windows\SYSTEM32\MSVCR120_CLR0400.dll
(218c.2bf4): Unknown exception - code 04242420 (first chance)
ModLoad: 00007ffd`edaf0000 00007ffd`edaf8000 C:\Windows\System32\psapi.dll
ModLoad: 00007ffd`acc10000 00007ffd`ae198000 C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b308b9c61f65cf2dfd876031ee385ba4\mscorlib.ni.dll
*** WARNING: Unable to verify checksum for C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b308b9c61f65cf2dfd876031ee385ba4\mscorlib.ni.dll
ModLoad: 00007ffd`ef370000 00007ffd`ef4b5000 C:\Windows\System32\ole32.dll
*** WARNING: Unable to verify checksum for OnlyMain.exe
ModLoad: 00007ffd`cbc40000 00007ffd`cbd6c000 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
Breakpoint: JIT notification received for method OnlyMain.Program.Main(System.String[]) in AppDomain 000002590c97a790.
Breakpoint set at OnlyMain.Program.Main(System.String[]) in AppDomain 000002590c97a790.
Breakpoint 1 hit
00007ffd`690704ae 8b4dfc mov ecx,dword ptr [rbp-4] ss:00000090`54ffebac=00000002
0:000> !ClrStack -a
OS Thread Id: 0x2bf4 (0)
Child SP IP Call Site
0000009054ffeb80 00007ffd690704ae OnlyMain.Program.Main(System.String[]) [C:\Users\Anton\source\repos\OnlyMain\OnlyMain\Program.cs @ 15]
PARAMETERS:
args (0x0000009054ffebc0) = 0x000002590e3e2d40
LOCALS:
0x0000009054ffebac = 0x0000000000000002
0000009054ffedf0 00007ffdc8686bb3 [GCFrame: 0000009054ffedf0]
0:000> !DumpObj /d 0000000000000002
<Note: this object has an invalid CLASS field>
Invalid object
如何查看变量 i 的值及其位置?
我想你错过了这部分输出
LOCALS:
0x0000009054ffebac = 0x0000000000000002
表示在某个地址有一个局部变量,它的值为2。不像
PARAMETERS:
args (0x0000009054ffebc0) = 0x000002590e3e2d40
您看不到局部变量的名称i。
另请注意Stack in C# is implementation specific。变量可能不在堆栈上(在 C++ 中是堆栈),但它可能在 CPU 寄存器中。
正在尝试查看应该在堆栈上的变量,但我似乎遗漏了一些东西。
Program.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace OnlyMain
{
class Program
{
static void Main(string[] args)
{
int i = 0;
i = 2;
Console.WriteLine(i);
}
}
}
0:000> .load C:\Users\Anton\Downloads\sosex_64\sosex.dll 0:000> !mbp Program.cs 15
The CLR has not yet been initialized in the process.
Breakpoint resolution will be attempted when the CLR is initialized.
0:000> g
ModLoad: 00007ffd`ef9e0000 00007ffd`efa81000 C:\Windows\System32\ADVAPI32.dll
ModLoad: 00007ffd`ed830000 00007ffd`ed8cd000 C:\Windows\System32\msvcrt.dll
ModLoad: 00007ffd`f0020000 00007ffd`f0079000 C:\Windows\System32\sechost.dll
ModLoad: 00007ffd`ed990000 00007ffd`edab5000 C:\Windows\System32\RPCRT4.dll
ModLoad: 00007ffd`e5800000 00007ffd`e589c000 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
ModLoad: 00007ffd`f0080000 00007ffd`f00d1000 C:\Windows\System32\SHLWAPI.dll
ModLoad: 00007ffd`ef6b0000 00007ffd`ef9a9000 C:\Windows\System32\combase.dll
ModLoad: 00007ffd`ed500000 00007ffd`ed5f6000 C:\Windows\System32\ucrtbase.dll
ModLoad: 00007ffd`ed010000 00007ffd`ed07a000 C:\Windows\System32\bcryptPrimitives.dll
ModLoad: 00007ffd`ef9b0000 00007ffd`ef9d7000 C:\Windows\System32\GDI32.dll
ModLoad: 00007ffd`ed370000 00007ffd`ed4f8000 C:\Windows\System32\gdi32full.dll
ModLoad: 00007ffd`ed2d0000 00007ffd`ed36a000 C:\Windows\System32\msvcp_win.dll
ModLoad: 00007ffd`efed0000 00007ffd`f001a000 C:\Windows\System32\USER32.dll
ModLoad: 00007ffd`ec6d0000 00007ffd`ec6ee000 C:\Windows\System32\win32u.dll
ModLoad: 00007ffd`ed760000 00007ffd`ed78d000 C:\Windows\System32\IMM32.DLL
ModLoad: 00007ffd`ec610000 00007ffd`ec621000 C:\Windows\System32\kernel.appcore.dll
ModLoad: 00007ffd`e7990000 00007ffd`e799a000 C:\Windows\SYSTEM32\VERSION.dll
ModLoad: 00007ffd`c8680000 00007ffd`c906c000 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
ModLoad: 00007ffd`e5700000 00007ffd`e57f7000 C:\Windows\SYSTEM32\MSVCR120_CLR0400.dll
(218c.2bf4): Unknown exception - code 04242420 (first chance)
ModLoad: 00007ffd`edaf0000 00007ffd`edaf8000 C:\Windows\System32\psapi.dll
ModLoad: 00007ffd`acc10000 00007ffd`ae198000 C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b308b9c61f65cf2dfd876031ee385ba4\mscorlib.ni.dll
*** WARNING: Unable to verify checksum for C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b308b9c61f65cf2dfd876031ee385ba4\mscorlib.ni.dll
ModLoad: 00007ffd`ef370000 00007ffd`ef4b5000 C:\Windows\System32\ole32.dll
*** WARNING: Unable to verify checksum for OnlyMain.exe
ModLoad: 00007ffd`cbc40000 00007ffd`cbd6c000 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
Breakpoint: JIT notification received for method OnlyMain.Program.Main(System.String[]) in AppDomain 000002590c97a790.
Breakpoint set at OnlyMain.Program.Main(System.String[]) in AppDomain 000002590c97a790.
Breakpoint 1 hit
00007ffd`690704ae 8b4dfc mov ecx,dword ptr [rbp-4] ss:00000090`54ffebac=00000002
0:000> !ClrStack -a
OS Thread Id: 0x2bf4 (0)
Child SP IP Call Site
0000009054ffeb80 00007ffd690704ae OnlyMain.Program.Main(System.String[]) [C:\Users\Anton\source\repos\OnlyMain\OnlyMain\Program.cs @ 15]
PARAMETERS:
args (0x0000009054ffebc0) = 0x000002590e3e2d40
LOCALS:
0x0000009054ffebac = 0x0000000000000002
0000009054ffedf0 00007ffdc8686bb3 [GCFrame: 0000009054ffedf0]
0:000> !DumpObj /d 0000000000000002
<Note: this object has an invalid CLASS field>
Invalid object
如何查看变量 i 的值及其位置?
我想你错过了这部分输出
LOCALS:
0x0000009054ffebac = 0x0000000000000002
表示在某个地址有一个局部变量,它的值为2。不像
PARAMETERS:
args (0x0000009054ffebc0) = 0x000002590e3e2d40
您看不到局部变量的名称i。
另请注意Stack in C# is implementation specific。变量可能不在堆栈上(在 C++ 中是堆栈),但它可能在 CPU 寄存器中。