inspect field on all instances in memory dump

2020-06-17 15:23发布

问题:

I have a memory dump that I'm using to troubleshoot a client issue. This is a .NET (C#) application. The problem with my application is that too many instances of a particular class are being created. There are 6300 instances of this class when there should be something like 20. I want to loop through all of those instances and call the name field of each of those instances. Is there any easy way to do this in WinDbg/SOS?

I know I can use !dumpheap -type {typename} to find all the instances of that class, but I'm not sure how I can expand them all and view the field I am interested in.

回答1:

You can do this with .foreach command within Windbg.

Here is a simple example

using System;
using System.Collections.Generic;
using System.Linq;
namespace Test
{
    class Program
    {
        static List<Program> list = new List<Program>();
        int i;
        string test;
        Foo f;
        static void Main(string[] args)
        {
            for (int i = 0; i < 10; i++)
            {
                list.Add(new Program() { i = i, test = "Test" + i.ToString(), f = new Foo(i) });
            }
            Console.Read();
        }
    }
    class Foo
    {
        int j;
        public Foo(int i)
        {
            j = i;
        }
    }
}

The !dumpheap has a short option which would just return the object address. In the instance i am debugging MT for Program is 00293858

!dumpheap -mt 00293858 -short

Here is a code to dump all the objects .foreach ($obj {!dumpheap -mt 00293858 -short}) {!do $obj} using the foreach construct. The $obj would get assigned with the address of the object. And here is the sample output from the foreach loop

Name:        Test.Program
MethodTable: 00293858
EEClass:     00291440
Size:        20(0x14) bytes
File:        c:\users\nsrinivasan\documents\visual studio 2010\Projects\Test\Test\bin\Debug\Test.exe
Fields:
      MT    Field   Offset                 Type VT     Attr    Value Name
5c2e2978  4000002        c         System.Int32  1 instance        3 i
5c2df9ac  4000003        4        System.String  0 instance 0217c144 test
00293bfc  4000004        8             Test.Foo  0 instance 0217c15c f
002938b4  4000001        4 ...t.Program, Test]]  0   static 0217b97c list
Name:        Test.Program
MethodTable: 00293858
EEClass:     00291440
Size:        20(0x14) bytes
File:        c:\users\nsrinivasan\documents\visual studio 2010\Projects\Test\Test\bin\Debug\Test.exe
Fields:
      MT    Field   Offset                 Type VT     Attr    Value Name
5c2e2978  4000002        c         System.Int32  1 instance        4 i
5c2df9ac  4000003        4        System.String  0 instance 0217c18c test
00293bfc  4000004        8             Test.Foo  0 instance 0217c1a4 f
002938b4  4000001        4 ...t.Program, Test]]  0   static 0217b97c list

Now that we have this , the next step is to get the field "test" within each instance of program and here is the code to do that

 .foreach ($obj {!dumpheap -mt 00293858 -short}) {!do poi(${$obj}+0x4)} 

I am using poi command within the foreach loop. From the above result we can make out the test variable is in the 4 offset and that's the reason for using poi(${$obj}+0x4) And here is the sample output from the above foreach

0:004> .foreach ($obj {!dumpheap -mt 00293858       -short}) {!do poi(${$obj}+0x4)}
Name:        System.String
MethodTable: 5c2df9ac
EEClass:     5c018bb0
Size:        24(0x18) bytes
File:        C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
String:      Test0
Fields:
      MT    Field   Offset                 Type VT     Attr    Value Name
5c2e2978  40000ed        4         System.Int32  1 instance        5 m_stringLength
5c2e1dc8  40000ee        8          System.Char  1 instance       54 m_firstChar
5c2df9ac  40000ef        8        System.String  0   shared   static Empty
    >> Domain:Value  002f76c0:02171228 <<
Name:        System.String
MethodTable: 5c2df9ac
EEClass:     5c018bb0
Size:        24(0x18) bytes
File:        C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
String:      Test1
Fields:
      MT    Field   Offset                 Type VT     Attr    Value Name
5c2e2978  40000ed        4         System.Int32  1 instance        5 m_stringLength
5c2e1dc8  40000ee        8          System.Char  1 instance       54 m_firstChar
5c2df9ac  40000ef        8        System.String  0   shared   static Empty
    >> Domain:Value  002f76c0:02171228 <<

And here is for getting each Foo instance within the Program class

.foreach ($obj {!dumpheap -mt 00293858  -short}) {!do poi(${$obj}+0x8)}

The Foo is in the 8th offset and here is sample the output for the above foreach

Name:        Test.Foo
MethodTable: 00293bfc
EEClass:     0029194c
Size:        12(0xc) bytes
File:        c:\users\nsrinivasan\documents\visual studio 2010\Projects\Test\Test\bin\Debug\Test.exe
Fields:
      MT    Field   Offset                 Type VT     Attr    Value Name
5c2e2978  4000005        4         System.Int32  1 instance        0 j
Name:        Test.Foo
MethodTable: 00293bfc
EEClass:     0029194c
Size:        12(0xc) bytes
File:        c:\users\nsrinivasan\documents\visual studio 2010\Projects\Test\Test\bin\Debug\Test.exe
Fields:
      MT    Field   Offset                 Type VT     Attr    Value Name
5c2e2978  4000005        4         System.Int32  1 instance        1 j

EDIT:- Also here is a post from Tess on dumping session contents

HTH