Changes to the build system in SSCLI version 2.0 have resulted in a slightly more convoluted SOS installation experience. To make up for the installation pain, SOS is now supported in Visual Studio 2005. Please see the SOS on Windows section to install SOS properly using the latest Windows based debuggers.
One of the debugging options available for use with the Shared Source CLI (SSCLI) 2.0 is the SOS debugging extension. This debugging extension allows you to access facilities that help in debugging the execution environment and managed code.
You would use the SOS debugging extension if you want to debug managed applications but see the implementation details of the internal data structures used by the CLI as it runs managed code.
The file name for the SOS debugger extension is sos.dll on Windows.
Although you can use debugging tools with checked and free builds, the preferred build for debugging purposes is the debug build. This is because both the checked and free builds use some optimizations during compilation that might result in code locations in source code no longer matching the observed location in the debugger. Furthermore, key logging functionality is not available in free builds, so the ability to halt the debugger at desired locations can be impaired.
All the examples below use a debug build.
The following table describes all the functions that appear in the SOS help output and indicates whether they are supported in the SSCLI and under what platforms. Only functionality that is supported by the SSCLI is described. Some commands appear to function but have problems and are listed with the description: "Not functional in the SSCLI."
SOS command | Description |
---|---|
COMState | Not implemented in the SSCLI. |
debug | Not implemented in the SSCLI. |
DumpClass | Displays the details of a type. |
DumpDomain | List statistics for an application domain including the assemblies and modules that it contains. |
DumpEEHash | Not implemented in a functional state in either the .NET Framework or the SSCLI. |
DumpHeap | Not functional in the SSCLI. |
DumpMD | Displays the details of a MethodDesc (For more information, see Glossary). |
DumpModule | Displays the details of a module. |
DumpMT | Displays the details of a MethodTable (For more information, see Glossary). |
DumpObj | Displays the details of an object that is an internal representation of a stack or heap item. |
DumpStack | Displays the combined managed and unmanaged stack contents. |
DumpStackObjects | Displays the currently allocated stack objects. |
EEDebug | Not implemented in the SSCLI. |
EEDLLPath | Not implemented in the SSCLI. |
EEHeap | Not functional in the SSCLI. |
EEStack | Displays stack information segregated by thread. |
EEVersion | Not implemented in the SSCLI. |
FinalizeQueue | Not functional in the SSCLI. |
GCInfo | Not implemented in the SSCLI. |
GCRoot | Not functional in the SSCLI. |
IP2MD | Converts a instruction pointer address to a MethodDesc. |
Name2EE | Converts a method or type name to a MethodDesc or MethodTable, respectively. |
ObjSize | Not functional in the SSCLI. |
ProcInfo | Not implemented in the SSCLI. |
RWLock | Not implemented in the SSCLI. |
SyncBlk | Displays a table of information about the sync block. |
ThreadPool | Displays information about the threadpool table. |
Threads | Displays information about managed threads. |
Token2EE | Converts a metadata token to a memory address. |
U | Displays just-in-time (JIT)-compiled assembly code with managed code symbolic names at a specific address. |
Before attempting to use the SOS debugging extension it is important to upgrade your Windows debuggers. Go to Microsoft Debugging Tools and install the latest version of the Microsoft debugging tools for Windows. Although both Windows XP and Windows 2000 ship with the NTSD debugger, the version that ships with Windows 2000 will not work with the SOS debugging extension. After installation, you should make sure that the location where you installed the new debuggers is in your path before the NTSD debugger in the %windir%\system32 directory.
If you are using the older version of the debugger you might see the following error:
The procedure entry point SymGetTypeInfo could not be located in the dynamic link library DBGHELP.dll.
When you install the latest debuggers you will have three debuggers available that will work with the SOS extension:
The last two debuggers are simply variations on the NTSD debugger. NTST always starts in a new console window and CDB runs in the current console window. Because the CDB debugger does not ship with the operating system, by using this debugger command instead of NTSD you can always be sure of running the updated version from the debugger tools installation. If you want the same behavior as NTSD simply use the start command:
start cdb clix iserializable.exe
To understand the basics of how these debuggers work, consult the documentation installed with the Microsoft debugging tools for Windows.This will load the clix launcher into the debugger. The debugger commands shown below will be prefaced with "0:000>".
1. Get a fresh copy of Debugging tools for Windows: http://www.microsoft.com/whdc/devtools/debugging/default.mspx
2. Copy %_NTTREE%\sos.dll.manifest next to your preferred (or all supported) debugger. For example, if your preferred debugger is installed in c:\debuggers, the following command will do the trick:
copy %_NTTREE%\sos.dll.manifest c:\debuggers\windbg.exe.manifest
3. Start a Rotor managed program under your favourite debugger and break in to the debugger once the runtime has been initialized. For example:
windbg clix %_NTTREE%\samples\hello\helloxml.exe
0:000> g
(should automatically finish, or you can break in to the debugger
using Ctrl+Break after 5-10 seconds)
4. Load SOS by calling the command !loadby sos mscorwks
0:000> !loadby sos mscorwks
5. Verify that SOS is loaded and working by issuing the !Threads command
0:000> !Threads
ThreadCount: 2
UnstartedThread: 0
BackgroundThread: 2
PendingThread: 0
DeadThread: 0
Hosted Runtime: no
...
To get SOS working in Visual Studio 2005, the following steps must be taken to install and run SOS:
1. Add the content of %_NTTREE%\sos.dll.manifest to C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe.manifest in your favorite xml editor (copy over the whole <dependency></dependency>
2. Start a Rotor managed code program under devenv.exe and break in to the debugger once the engine has been initialized:
"c:\Program Files\Microsoft Visual Studio 8\Common7\ide\devenv.exe"
/debugexe clix %_NTTREE%\samples\howto\reflection\emit\reflectionemit.exe
F5
(wait until runtime is bootstrapped, or after 10 seconds, hit
Ctrl-Alt-Break)
3. Load SOS by opening an immediate window (Debug/Windows/Immediate) and issuing the following command:
!Load C:\sscli20\binaries.x86chk.rotor\sos.dll
"extension C:\sscli20\binaries.x86chk.rotor\sos.dll loaded"
4. Verify that SOS works by issuing the !Threads command:
!Threads
Instead of simply loading the clix application launcher directly, you can also attach to a running clix process. The benefit of this debugging technique is that the process being debugged runs in a separate console window so that its output is not intermixed with that of the debugger. You can attach to a running process with the CDB debugger by using the -pn debugger option. The following example commands and debugger output simulate the steps you might use to attach to a clix process. Commands entered by user are in bold. Some debugger output has been removed for clarity.
C:\sscli20>start clix samples\howto\reflection\emit\reflectionemit.exe C:\sscli20>cdb -pn clix.exe -logo cdb.log Microsoft (R) Windows Debugger Version 6.5.0003.7
Copyright (c) Microsoft Corporation. All rights reserved.
...
0:003> .load sos.dll 0:003> bp rotor_pal!pal_writefile (hit option 1 in seperate console window) 0:003> g 0:000> !dumpstackobjects OS Thread Id: 0x758 (0)
ESP/REG Object Name
001ae754 00cd2878 Microsoft.Win32.SafeHandles.SafeFileHandle
001ae790 00cd2878 Microsoft.Win32.SafeHandles.SafeFileHandle
001ae794 00cd5e5c System.Byte[]
001ae7a8 00cd5e5c System.Byte[]
001ae7ac 00cd2878 Microsoft.Win32.SafeHandles.SafeFileHandle
001ae7d0 00cd5e5c System.Byte[]
001ae7d4 00cd2878 Microsoft.Win32.SafeHandles.SafeFileHandle
...
The SOS debugger extension utilizes functionality within the CLI execution environment to support its debugging facilities. The CLI execution environment state has to be at a point where internal data structures are initialized for SOS to be generally useful. For example, until the default AppDomain is initialized the DumpDomain command cannot work. The error you would see if you invoke a command and the execution state was not yet ready might be something like this:
80000003 Exception in sos.dll.dumpdomain debugger extension. PC: 602ddcf2 VA: 0006cb90 R/W: 0 Parameter: 00060000
You might also see Assert error dialog boxes.
The objective is to stop at a point during execution before the managed code of interest has run but after the CLI environment has initialized. How to reach this point depends on what you are debugging and where you need to stop the debugger.
The following options will allow you to stop the debugger after the execution environment has been initialized.
You can set a breakpoint in the platform adaptation layer (PAL) on a function that will be called only by managed code. For example, if the managed code you are debugging contains Console.WriteLine statements, use the following breakpoint command.
bp rotor_pal!pal_writefile
By inspecting the managed code you are debugging you can select the correct PAL API on which to set the breakpoint.
You can use the logging infrastructure to break automatically when JIT compilation occurs. Set the following environment variable.
set COMPlus_JitHalt=<FunctionName>
The value <FunctionName> should be the name of the managed function you want to halt in, just before JIT compilation. After setting this environment variable, start the debugger and run the go command. This will execute the code until just before JIT compilation occurs in the function.
Hitting Ctrl-Break on cdb, ntsd and Windbg debuggers, and Ctrl-Alt-Break on VS2005 is a good way to break in to a running program during execution (after which the execution engine has been initialized). This mechanism is used in the SOS on Windows section.
For more example debugging sessions, see the individual SOS commands.
One common usage for the SSCLI implementation of the SOS debugging extension is to examine or debug the process of JIT-compiling managed code. To be able to do this, however, requires being able to stop in the debugger in both code that is about to be JIT-compiled and code that has been JIT-compiled. The most consistent way to do this is to use the COMPlus_ logging-environment variables to halt at the proper point in the debugger. For more details of the CLI logging infrastructure, see logging.html and the debugging overview.
The following environment variables are useful when debugging with the SOS debugging extension.
Configuration setting | Values | Comment |
---|---|---|
COMPlus_JitBreak | ClassName.MethodName | Breaks into the debugger before the methid is JIT-compiled. |
COMPlus_JitHalt | ClassName.MethodName | Breaks into the debugger just after the method is JIT-compiled |
In order to stop in the debugger just before a method is JIT-compiled, set the COMPlus_JitBreak environment variable to the desired method name.
In order to stop just after a methed has been JIT-compiled but before execution of the JIT-compiled code, set the COMPlus_JitHalt environment variable to the desired method name.
The following example demonstrates debugging the iserializable.exe sample application on Windows.
Some debugger output has been removed for clarity.
C:\sscli20\binaries.x86chk.rotor\samples\howto\reflection\emit>set COMPlus_JitBreak=Main
C:\sscli20\binaries.x86chk.rotor\samples\howto\reflection\emit> set COMPlus_JitHalt=Main C:\sscli20\binaries.x86chk.rotor\samples\howto\reflection\emit>cdb clix reflectionemit.exe Microsoft (R) Windows Debugger Version 6.5.0003.7
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: clix reflectionemit.exe
0:000> g Assert failure(PID 2112 [0x00000840], Thread: 640 [0x280]): !"JITBreak"
File: c:\sscli20\clr\src\fjit\fjitcompiler.cpp, Line: 225 Image:
C:\sscli20\binaries.x86chk.rotor\clix.exe
Assert failure(PID 2112 [0x00000840], Thread: 640 [0x280]): !"JITBreak"
File: c:\sscli20\clr\src\fjit\fjitcompiler.cpp, Line: 225 Image:
C:\sscli20\binaries.x86chk.rotor\clix.exe
...
0:000> !load sos.dll
0:000> !name2ee reflectionemit.exe ReflectionEmitSample.Main
Module: 00a42960 (reflectionemit.exe)
Token: 0x06000001
MethodDesc: 00a42d50
Name: ReflectionEmitSample.Main(System.String[])
Not JITTED yet. Use !bpmd -md 00a42d50 to break on run. 0:000> !dumpmd 00a42d50
Method Name: ReflectionEmitSample.Main(System.String[])
Class: 00a41510
MethodTable: 00a42e2c
mdToken: 06000001
Module: 00a42960
IsJitted: no
m_CodeOrIL: ffffffff
This method has not been JIT compiled, as specified by the IsJitted output. Now proceed to the JitHalt breakpoint to get to the point where the FillTree method has been JIT-compiled.
0:000> g
(840.280): Break instruction exception - code 80000003 (first chance)
eax=00a42d50 ebx=003dcf50 ecx=00cd2260 edx=794e1289 esi=00000400 edi=003dcba8
eip=0375c2b8 esp=001ae8f8 ebp=001ae904 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
0375c2b8 cc int 3
0:000> !dumpmd 00a42d50
Method Name: ReflectionEmitSample.Main(System.String[])
Class: 00a41510
MethodTable: 00a42e2c
mdToken: 06000001
Module: 00a42960
IsJitted: yes
m_CodeOrIL: 0375c2b8
Now that the method has been jitted, we can take a look at the resulting native code output.
0:000> !u 0375c2b8
Normal JIT generated code
ReflectionEmitSample.Main(System.String[])
Begin 0375c2b8, size 353
>>> 0375c2b8 cc int 3
0375c2b9 55 push ebp
0375c2ba 8bec mov ebp,esp
0375c2bc 56 push esi
0375c2bd 33f6 xor esi,esi
0375c2bf 56 push esi
0375c2c0 51 push ecx
0375c2c1 52 push edx
0375c2c2 b90b000000 mov ecx,0xb
(This example produces too much output to list.)
Note: This section has not been updated for version 2.0. The SOS commands for the most part are the same, however there may be differences in output compared with the examples.
The following SOS debugger extension commands are supported by the SSCLI implementation of SOS.
This command dumps EEClass information.
!DumpClass EEClassAddress
Name | Description | Obtained from |
---|---|---|
EEClassAddress | Address value of EEClass item. |
|
The following example shows a debug session on the reflection invoke sample on Windows.
Some debugger output has been removed for clarity.
D:\sscli\build\v1.x86chk.rotor\samples\howto\reflection\invoke>cdb clix reflectioninvoke.exe
Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved.
0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> !name2ee reflectioninvoke.exe TestClass -------------------------------------- MethodTable: 007b537c EEClass: 071210ec Name: TestClass 0:000> !dumpclass 071210ec Class Name : TestClass[reflectioninvoke.exe] mdToken : 02000003 (d:\sscli\build\v1.x86chk.rotor\samples\howto\reflection\invoke\reflectioninvoke.exe) Parent Class : 02c27ef4 ClassLoader : 00095370 Method Table : 007b537c Vtable Slots : 4 Total Method Slots : d Class Attributes : 100001 : Flags : 3100023 NumInstanceFields: 3 NumStaticFields: 0 ThreadStaticOffset: 0 ThreadStaticsSize: 0 ContextStaticOffset: 0 ContextStaticsSize: 0 FieldDesc*: 007b51c8 MT Field Offset Type Attr Value Name 007b537c 4000001 4 CLASS instance Name 007b537c 4000002 8 CLASS instance values 007b537c 4000003 c System.Int32 instance methodCalled 0:000>
Item | Description |
---|---|
Class Name | Name of the class that is being dumped. |
mdToken | Metadata token. |
Parent Class | Class from which the current class is derived. The address value can be used with the DumpClass command. |
ClassLoader | ClassLoader for the class. |
Method Table | Method Table for class. This address value can be used with the DumpMT command. |
Vtable Slots | Number of vtable methods in hexadecimal. The vtable includes derived methods. |
Total Method Slots | Total number of methods in hexadecimal. The vtable includes derived methods. |
Class Attributes |
|
Flags | Bitmasked DWORD for assigning class attribute values. |
NumInstanceFields | Number of non static or shared member variables. |
NumStaticFields | Number of static or shared member variables. |
FieldDesc | Pointer to fielddata printed in the Fields table. |
The following table contains more details on the MT column of the output.
MT column item | Description |
---|---|
MT | Method table the particular field comes from. You can use DumpMT to find out which class this field is defined in, such as the current class or those classes that the current class derives from. |
Field | mdToken (mdtFieldDef) for the particular
field. Note: You cannot use Token2EE on the field as Token2EE only supports mdtMethodDef, mdtTypeDef and mdtTypeRef. |
Type | Type of field. This can be one of
the following types:
|
Attr | Field attribute. Might be one of the
following:
For shared static, you will also get an extra line for each domain except the system domain and the shared domain as shown below: 0da689e4 4000bc8 8 CLASS shared static EventError >> Domain:Value 00150718:NotInit 001a57b8:050c7510 << "Domain:" is followed by all available domains and whether
the variable is initialized in the specific domain. NotInit, FailInit
or UnInit2 appears if the static is not initialized in the specific domain.
Use DumpDomain on the domain address to display information about the
domain. |
Value | Can be empty if it is an instance field, or static if it is an uninitialized shared variable. If a shared/static variable is initialized the value is shown here. |
Name | Name of field (member variable). |
This command lists assemblies and modules in a domain.
Shows the addresses of the heaps for the current domain and all assemblies loaded within the domain.
!DumpDomain [DomainAddress]
Parameter | Description |
---|---|
DomainAddress | You can get the domain address of the thread
from !Threads.
If you don't provide an address all current domains will be dumped. |
The following example demonstrates debugging the hello.exe sample on Windows.
Some console output has been removed for clarity.
CommandLine: clix hello.exe ntdll!DbgBreakPoint: 77f97704 cc int 3 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit eax=0006d9a4 ebx=0008a218 ecx=0006d99b edx=00000007 esi=0006d980 edi=0006d9d0 eip=79b03890 esp=0006d968 ebp=0006d9d0 iopl=0 nv up ei pl nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000213 rotor_pal!PAL_WriteFile: 79b03890 55 push ebp 0:000> !dumpdomain -------------------------------------- System Domain: 797bbb90 LowFrequencyHeap: 797bbc24 HighFrequencyHeap: 797bbc80 StubHeap: 797bbcdc Name: Assembly: 0008dff0 ClassLoader: 0008e0b8 Module Name 0008e528 d:\rotor\build\v1.x86chk.rotor\mscorlib.dll -------------------------------------- Shared Domain: 797bc5e8 LowFrequencyHeap: 797bc67c HighFrequencyHeap: 797bc6d8 StubHeap: 797bc734 Assembly: 0008dff0 ClassLoader: 0008e0b8 Module Name 0008e528 d:\rotor\build\v1.x86chk.rotor\mscorlib.dll -------------------------------------- Domain 1: 846d8 LowFrequencyHeap: 0008476c HighFrequencyHeap: 000847c8 StubHeap: 00084824 Name: iserializable.exe Assembly: 00094af0 ClassLoader: 00094f08 Module Name 00096f18 d:\rotor\build\v1.x86chk.rotor\samples\howto\serialization\iserializabl e.exe Assembly: 0009a670 ClassLoader: 0009a738 Module Name 0009a8d0 d:\rotor\build\v1.x86chk.rotor\assembly\gac\system.runtime.serializatio n.formatters.soap\1.0.3300.0__b03f5f7f11d50a3a\system.runtime.serialization.form atters.soap.dll 0:000>
This command dumps method description information.
!DumpMD MethodDescriptor
Parameter | Description |
---|---|
MethodDescriptor | Method descriptor address of method for which information is to be dumped. |
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 0:000> !name2ee iserializable.exe SimpleGraph.Main -------------------------------------- MethodDesc: 7b50b8 Name: [DEFAULT] Void SimpleGraph.Main(SZArray String) ----------------------- 0:000> !dumpmd 7b50b8 Method Name : [DEFAULT] Void SimpleGraph.Main(SZArray String) Class : 714108c MethodTable 7b5128 mdToken: 06000001 Flags : 10 Method VA : 06ca0304 0:000>
Column | Description |
---|---|
Method Name | Method name including
parameters. The [hasThis] statement indicates that the method requires an
instance of the class to be called. The calling convention can be one of the
following values:
|
MethodTable | Method table containing the method descriptor. Use DumpMT to get more information about the method table. |
Module | Module containing the method descriptor. Use DumpModule to get more information about the module. |
mdToken | Metadata token for the method descriptor. |
Flags | Flags associated with the method descriptor. Bit-masked DWORD. |
Method VA
IL RVA |
If Method VA is displayed, it indicates that the location in native code to which the method has been JIT-compiled. You can use a U on this address to display the assembly code. If IL RVA is displayed, this means the method has not yet been JIT-compiled. |
A method descriptor address can be obtained from using DumpStack, DumpMT, Name2EE or IP2MD.
This command dumps module information.
!DumpModule ModuleAddress
Parameter | Description |
---|---|
ModuleAddress | Can be obtained from DumpMT or DumpDomain. |
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> !dumpdomain -------------------------------------- System Domain: 798abe90 LowFrequencyHeap: 798abf24 HighFrequencyHeap: 798abf80 StubHeap: 798abfdc Name: Assembly: 0008e1b8 ClassLoader: 0008e280 Module Name 0008e6f0 d:\sscli\build\v1.x86chk.rotor\mscorlib.dll -------------------------------------- Shared Domain: 798ac8e8 LowFrequencyHeap: 798ac97c HighFrequencyHeap: 798ac9d8 StubHeap: 798aca34 Assembly: 000470dc -------------------------------------- Domain 1: 84900 LowFrequencyHeap: 00084994 HighFrequencyHeap: 000849f0 StubHeap: 00084a4c Name: iserializable.exe Assembly: 000950d8 ClassLoader: 00094ca8 Module Name 00095688 d:\sscli\build\v1.x86chk.rotor\samples\howto\serialization\iserializable.exe Assembly: 00099608 ClassLoader: 0009a978 Module Name 0009aaa8 d:\rotor\build\v1.x86chk.rotor\assembly\gac\system.runtime.serialization.formatters.soap \1.0.3300.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll 0:000> !dumpmodule 00095688 Name d:\sscli\build\v1.x86chk.rotor\samples\howto\serialization\iserializable.exe dwFlags 00000080 Attribute PEFile Assembly 000950d8 LoaderHeap* 0009574c TypeDefToMethodTableMap* 07150010 TypeRefToMethodTableMap* 0715001c MethodDefToDescMap* 07150080 FieldDefToDescMap* 071500bc MemberRefToDescMap* 071500cc FileReferencesMap* 07150168 AssemblyReferencesMap* 0715016c 0:000>
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> !name2ee iserializable.exe SimpleGraph -------------------------------------- MethodTable: 007b5128 EEClass: 06ef108c Name: SimpleGraph 0:000> !dumpmt 007b5128 EEClass : 06ef108c Module : 00095688 Name: SimpleGraph mdToken: 02000002 (d:\sscli\build\v1.x86chk.rotor\samples\howto\serialization\iserializable.exe) MethodTable Flags : 80000 Number of IFaces in IFaceMap : 0 Interface Map : 007b5178 Slots in VTable : 7 0:000> !dumpmodule 00095688 Name d:\sscli\build\v1.x86chk.rotor\samples\howto\serialization\iserializable.exe dwFlags 00000080 Attribute PEFile Assembly 000950d8 LoaderHeap* 0009574c TypeDefToMethodTableMap* 06f00010 TypeRefToMethodTableMap* 06f0001c MethodDefToDescMap* 06f00080 FieldDefToDescMap* 06f000bc MemberRefToDescMap* 06f000cc FileReferencesMap* 06f00168 AssemblyReferencesMap* 06f0016c 0:000>
Column | Description |
---|---|
Name | Physical location of the module . |
dwFlags | Bitmasked DWORD for assigning attribute values |
Attributes | Lists the attributes that are set in
dwFlags.
Can be any of the following values:
|
Assembly | Address of the assembly containing the module. |
LoaderHeap | The LoaderHeap used to store the table lookups described below. |
TypeDefToMethodTableMap | Starting location of all type
definitions (mdTypeDep) for the module.
Method tables for the type definitions are stored within the TypeDefToMethodTableMap and TypeRefToMethodTableMap addresses and can be dumped out using the DumpMT command. For example: 0:000> !dumpmodule 00095688 Name d:\sscli\build\v1.x86chk.rotor\samples\howto\serialization\iserializable.exe dwFlags 00000080 Attribute PEFile Assembly 000950d8 LoaderHeap* 0009574c TypeDefToMethodTableMap* 07150010 TypeRefToMethodTableMap* 0715001c MethodDefToDescMap* 07150080 FieldDefToDescMap* 071500bc MemberRefToDescMap* 071500cc FileReferencesMap* 07150168 AssemblyReferencesMap* 0715016c 0:000> dd 07150010 0715001c 07150010 00000000 00000000 007b5128 00000000 0:000> !dumpmt 007b5128 EEClass : 0714108c Module : 00095688 Name: SimpleGraph mdToken: 02000002 (d:\sscli\build\v1.x86chk.rotor\samples\howto\serialization\iserializable.exe) MethodTable Flags : 80000 Number of IFaces in IFaceMap : 0 Interface Map : 007b5178 Slots in VTable : 7 0:000> In this example, you can see that the SimpleGraph class in the
iserializable module. |
TypeRefToMethodTableMap | Starting location of all type
references (mdTypeRef) for the module.
Method tables for the type references are stored within the TypeRefToMethodTableMap and MethodDefToDescMap addresses and can be dumped out using the DumpMT command. For example: 0:000> !dumpmodule 00095688 Name d:\sscli\build\v1.x86chk.rotor\samples\howto\serialization\iserializable.exe dwFlags 00000080 Attribute PEFile Assembly 000950d8 LoaderHeap* 0009574c TypeDefToMethodTableMap* 07150010 TypeRefToMethodTableMap* 0715001c MethodDefToDescMap* 07150080 FieldDefToDescMap* 071500bc MemberRefToDescMap* 071500cc FileReferencesMap* 07150168 AssemblyReferencesMap* 0715016c 0:000> dd 0715001c 7150064 0715001c 00000000 003e22b0 02c55ba8 00000000 0715002c 00000000 00000000 071195f8 07118110 0715003c 0711a6d0 00000000 00000000 00000000 0715004c 007b5d24 07113180 00000000 00000000 0715005c 00000000 00000000 00000000 0:000> !dumpmt 003e22b0 EEClass : 02c27ef4 Module : 0008e6f0 Name: System.Object mdToken: 02000002 (d:\sscli\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2080000 Number of IFaces in IFaceMap : 0 Interface Map : 003e231c Slots in VTable : 14 0:000> !dumpmt 02c55ba8 EEClass : 02c28468 Module : 0008e6f0 Name: System.Runtime.Serialization.ISerializable mdToken: 02000013 (d:\sscli\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2080000 Number of IFaces in IFaceMap : 0 Interface Map : 02c55be0 Slots in VTable : 1 0:000> !dumpmt 071195f8 EEClass : 02c2c48c Module : 0008e6f0 Name: System.IO.TextWriter mdToken: 0200022a (d:\sscli\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2040000 Number of IFaces in IFaceMap : 1 Interface Map : 0711970c Slots in VTable : 55 0:000> !dumpmt 07118110 EEClass : 02c2c42c Module : 0008e6f0 Name: System.Console mdToken: 02000054 (d:\sscli\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2000000 Number of IFaces in IFaceMap : 0 Interface Map : 07118250 Slots in VTable : 64 0:000> !dumpmt 0711a6d0 EEClass : 02c2c4ec Module : 0008e6f0 Name: System.IO.File mdToken: 0200023e (d:\rotor\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2080000 Number of IFaces in IFaceMap : 0 Interface Map : 0711a784 Slots in VTable : 32 0:000> !dumpmt 007b5d24 EEClass : 071436e4 Module : 0009aaa8 Name: System.Runtime.Serialization.Formatters.Soap.SoapFormatter mdToken: 02000003 (d:\sscli\build\v1.x86chk.rotor\assembly\gac\system.runtime.s erialization.formatters.soap\1.0.3300.0__b03f5f7f11d50a3a\system.runtime.seriali zation.formatters.soap.dll) MethodTable Flags : c0000 Number of IFaces in IFaceMap : 2 Interface Map : 007b5db0 Slots in VTable : 22 0:000> !dumpmt 07113180 EEClass : 02c2be54 Module : 0008e6f0 Name: System.IO.Stream mdToken: 0200022e (d:\rotor\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2040000 Number of IFaces in IFaceMap : 1 Interface Map : 07113230 Slots in VTable : 30 0:000> In this example the following external types are uses in the iserializable module:
|
MethodDefToDescMap | Starting location of all method
definitions (mdMethodDef) for the module.
Method descriptors for the method definitions are stored within the MethodDefToDescMap and FieldDefToDescMap addresses and can be dumped out using the DumpMD command. For example: 0:000> !dumpmodule 00095688 Name d:\sscli\build\v1.x86chk.rotor\samples\howto\serialization\iserializable.exe dwFlags 00000080 Attribute PEFile Assembly 000950d8 LoaderHeap* 0009574c TypeDefToMethodTableMap* 07150010 TypeRefToMethodTableMap* 0715001c MethodDefToDescMap* 07150080 FieldDefToDescMap* 071500bc MemberRefToDescMap* 071500cc FileReferencesMap* 07150168 AssemblyReferencesMap* 0715016c 0:000> dd 07150080 71500B0 07150080 00000000 007b50b8 007b50e0 007b5108 07150090 007b5258 007b5280 007b53f8 007b52a8 071500a0 007b52d0 007b52f8 007b5320 007b5348 071500b0 007b5370 0:000> !dumpmd 007b50b8 Method Name : [DEFAULT] Void SimpleGraph.Main(SZArray String) Class : 714108c MethodTable 7b5128 mdToken: 06000001 Flags : 10 Method VA : 06ca0304 ... 0:000> !dumpmd 007b5370 Method Name : [DEFAULT] [hasThis] String TreeNode.ToString() Class : 71410ec MethodTable 7b5438 mdToken: 0600000c Flags : 0 IL RVA : 0000241c 0:000> In this example the following methods are defined in the iserializable module:
...
|
FieldDefToDescMap | Starting location of all field
definitions (mdFieldDef) for the module.
FieldDescs for the field definitions are stored within the FieldDefToDescMap and MemberRefToDescMap addresses and can be dumped out using the DumpObj command. For example: 0:000> !dumpmodule 00095688 Name d:\sscli\build\v1.x86chk.rotor\samples\howto\serialization\iserializable.exe dwFlags 00000080 Attribute PEFile Assembly 000950d8 LoaderHeap* 0009574c TypeDefToMethodTableMap* 07150010 TypeRefToMethodTableMap* 0715001c MethodDefToDescMap* 07150080 FieldDefToDescMap* 071500bc MemberRefToDescMap* 071500cc FileReferencesMap* 07150168 AssemblyReferencesMap* 0715016c 0:000> dd 071500bc 71500C4 071500bc 00000000 00000000 007b5220 0:000> !dumpobj 007b5220 Name: TreeNode MethodTable 0x007b5438 EEClass 0x071410ec Size 16(0x10) bytes mdToken: 02000003 (d:\rotor\build\v1.x86chk.rotor\samples\howto\serialization\iserializable.exe) FieldDesc*: 007b5220 MT Field Offset Type Attr Value Name 007b5438 4000002 4 CLASS instance 10000002 m_value 007b5438 4000003 8 CLASS instance 90000000 m_children 0:000> In this example the following fields are defined in the iserializable module:
|
MemberRefToDescMap | Starting location of all member
references (mdMemberRef) for the module. Method descriptors for the member references are stored within the MemberRefToDescMap and FileReferencesMap addresses and can be dumped out using the DumpMD command. For example: 0:000> !dumpmodule 00095688 Name d:\sscli\build\v1.x86chk.rotor\samples\howto\serialization\iserializable.exe dwFlags 00000080 Attribute PEFile Assembly 000950d8 LoaderHeap* 0009574c TypeDefToMethodTableMap* 07150010 TypeRefToMethodTableMap* 0715001c MethodDefToDescMap* 07150080 FieldDefToDescMap* 071500bc MemberRefToDescMap* 071500cc FileReferencesMap* 07150168 AssemblyReferencesMap* 0715016c 0:000> dd 071500cc 715011C 071500cc 00000000 02c55b80 07117ca8 071177e8 071500dc 07117d98 0711a470 007b5b38 007b5bd8 071500ec 07112ed8 07117a40 007b5b88 00000000 071500fc 00000000 00000000 00000000 00000000 0715010c 00000000 00000000 00000000 00000000 0715011c 00000000 0:000> !dumpmd 02c55b80 Method Name : [DEFAULT] [hasThis] Void System.Runtime.Serialization.ISerializabl e.GetObjectData(Class System.Runtime.Serialization.SerializationInfo,ValueClass System.Runtime.Serialization.StreamingContext) Class : 2c28468 MethodTable 2c55ba8 mdToken: 06000175 Flags : 2481 IL RVA : 00000000 ... 0:000> !dumpmd 007b5b88 Method Name : [DEFAULT] [hasThis] Object System.Runtime.Serialization.Formatters .Soap.SoapFormatter.Deserialize(Class System.IO.Stream) Class : 71436e4 MethodTable 7b5d24 mdToken: 0600000a Flags : 80 IL RVA : 00002204 0:000> In this example the following external methods are used in the iserializable module:
...
|
FileReferencesMap | Starting location of all file references used by the module. |
AssemblyReferencesMap | Starting location of all assembly references used by the module. |
This command dumps MethodTable information.
!DumpMT [-MD] MethodTable
Parameter | Description |
---|---|
-MD | Show all methods in method table. |
MethodTable | Address of method table to display information about. Can be obtained with !DumpMD or !DumpClass. |
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> !name2ee iserializable.exe SimpleGraph -------------------------------------- MethodTable: 007b5128 EEClass: 0714108c Name: SimpleGraph 0:000> !dumpmt 007b5128 EEClass : 0714108c Module : 00095688 Name: SimpleGraph mdToken: 02000002 (d:\rotor\build\v1.x86chk.rotor\samples\howto\serialization\i serializable.exe) MethodTable Flags : 80000 Number of IFaces in IFaceMap : 0 Interface Map : 007b5178 Slots in VTable : 7
0:000> !dumpmt -md 007b5128 EEClass : 0714108c Module : 00095688 Name: SimpleGraph mdToken: 02000002 (d:\sscli\build\v1.x86chk.rotor\samples\howto\serialization\serializable.exe) MethodTable Flags : 80000 Number of IFaces in IFaceMap : 0 Interface Map : 007b5178 Slots in VTable : 7 -------------------------------------- MethodDesc Table Entry MethodDesc JIT Name 003e2073 003e2078 None [DEFAULT] [hasThis] String System.Object.ToString() 003e2223 003e2228 None [DEFAULT] [hasThis] Boolean System.Object.Equals(Object) 003e2253 003e2258 None [DEFAULT] [hasThis] I4 System.Object.GetHashCode() 003e2113 003e2118 None [DEFAULT] [hasThis] Void System.Object.Finalize() 06ca0304 007b50b8 EJIT [DEFAULT] Void SimpleGraph.Main(SZArray String) 007b50db 007b50e0 None [DEFAULT] Void SimpleGraph.FillTree(Class TreeNode) 007b5103 007b5108 None [DEFAULT] [hasThis] Void SimpleGraph..ctor() 0:000>
Column | Description | |
---|---|---|
EEClass | Class containing the method table . Use the DumpClass command to get information on the class. | |
Module | Module containing the method table. Use the DumpModule command to get information on the module. | |
Name | Name of the class containing the method table. | |
mdToken | Metadata token for the method table. | |
MethodTable Flags | Flags associated with the method table. Bit-masked DWORD. | |
Number of IFaces in IFaceMap | Number of interfaces the class implements. | |
Interface Map |
Pointer to the location of the method tables for the implemented interfaces.
For example, System.String implements the following
interfaces: System.IComparable System.ICloneable System.IConvertible System.Collections.IEnumerable 0:000> !name2ee mscorlib.dll System.String -------------------------------------- MethodTable: 003e8388 EEClass: 02c281c8 Name: System.String -------------------------------------- 0:000> !dumpmt 003e8388 EEClass : 02c281c8 Module : 0008e6f0 Name: System.String mdToken: 02000011 (d:\sscli\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2000000 Number of elements in array: 2 Number of IFaces in IFaceMap : 4 Interface Map : 003e86c0 Slots in VTable : 191 0:000> dd 003e86c0 003e86c0 003e5c20 00140001 003e29a0 00150001 003e86d0 003e6000 00280001 003e2a78 00270001 003e86e0 69727473 2a20676e 72747328 2c676e69 003e86f0 69727473 5d5b676e 00000029 69727473 003e8700 2a20676e 72747328 2c676e69 69727473 003e8710 5d5b676e 746e692c 692c3233 3233746e 003e8720 00000029 33746e69 282a2032 69727473 003e8730 732c676e 6e697274 6f622c67 00296c6f 0:000> !dumpmt 003e5c20 EEClass : 02c28228 Module : 0008e6f0 Name: System.IComparable mdToken: 0200000f (d:\rotor\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2080000 Number of IFaces in IFaceMap : 0 Interface Map : 003e5c58 Slots in VTable : 1 0:000> !dumpmt 003e29a0 EEClass : 02c28014 Module : 0008e6f0 Name: System.ICloneable mdToken: 02000005 (d:\rotor\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2080000 Number of IFaces in IFaceMap : 0 Interface Map : 003e29d8 Slots in VTable : 1 0:000> !dumpmt 003e6000 EEClass : 02c28288 Module : 0008e6f0 Name: System.IConvertible mdToken: 02000010 (d:\rotor\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2080000 Number of IFaces in IFaceMap : 0 Interface Map : 003e6078 Slots in VTable : 17 0:000> !dumpmt 003e2a78 EEClass : 02c28134 Module : 0008e6f0 Name: System.Collections.IEnumerable mdToken: 02000006 (d:\rotor\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2080000 Number of IFaces in IFaceMap : 0 Interface Map : 003e2ab0 Slots in VTable : 1 0:000> |
|
Slots in VTable | Number of methods in the method table. | |
MethodDesc Table | Displays the methods in the method table. It has the following columns: | |
MethodDesc | Method descriptor for the method. Use the DumpMD command on this address to get more information. | |
JIT | Type of generated code. Can be one of the following values: JIT, EJIT, PreJIT, None | |
Name
|
Method signature. |
This command dumps an object on garbage collector heap.
!DumpObj ObjectAddress
Parameter | Description |
---|---|
ObjectAddress | Displays information about fields in the current object (including inherited fields). |
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> !dumpstackobjects ESP/REG Object Name 0006ee1c 00ad0724 System.String Creating object graph 0006ee48 00ad0724 System.String Creating object graph 0006ee78 00ad0714 System.Object[] 0006f3d4 00ad0714 System.Object[] 0006f5c8 00ad0714 System.Object[] 0006f5d0 00ad0714 System.Object[] 0006f620 00ad0714 System.Object[] 0006f644 00ad0714 System.Object[] 0:000> !dumpobj 00ad0724 Name: System.String MethodTable 0x003e8388 EEClass 0x02c281c8 Size 60(0x3c) bytes mdToken: 02000011 (d:\sscli\build\v1.x86chk.rotor\mscorlib.dll) String: Creating object graph FieldDesc*: 003e67b4 MT Field Offset Type Attr Value Name 003e8388 4000026 4 System.Int32 instance 22 m_arrayLength 003e8388 4000027 8 System.Int32 instance 21 m_stringLength 003e8388 4000028 c System.Char instance 43 m_firstChar 003e8388 4000029 0 CLASS shared static Empty >> Domain:Value 00084900:00acfb6c << 003e8388 400002a 4 CLASS shared static WhitespaceChars >> Domain:Value 00084900:00acfb80 << 0:000>
Column | Description |
---|---|
Name | Class name |
MethodTable | Method Table. Use the DumpMT command to get more information
0:000> !dumpmt 0x003e8388 EEClass : 02c281c8 Module : 0008e6f0 Name: System.String mdToken: 02000011 (d:\rotor\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2000000 Number of elements in array: 2 Number of IFaces in IFaceMap : 4 Interface Map : 003e86c0 Slots in VTable : 191 0:000> |
EEClass | EEClass address. Use the DumpClass command for more detailed information. |
Size | Size of class in bytes. |
mdToken | Metadata Token. See MethodTable example above to get more information about using metadata tokens. |
FieldDesc | Address of first field description. |
MT | Method table for the class containing this member. For
example: 0:000> !dumpmt 003e8388 EEClass : 02c281c8 Module : 0008e6f0 Name: System.String mdToken: 02000011 (d:\sscli\build\v1.x86chk.rotor\mscorlib.dll) MethodTable Flags : 2000000 Number of elements in array: 2 Number of IFaces in IFaceMap : 4 Interface Map : 003e86c0 Slots in VTable : 191 0:000> |
Field | Meta data token (mdFieldDef) for the particular field. |
Type | Type of field. This can be one of the following types:
|
Attr | Field attribute. Can be one of the following
For shared static you will also get an extra line for each domain except the system domain and the shared domain as shown in the following example: 003e8388 4000029 0 CLASS shared static Empty >> Domain:Value 00084900:00acfb6c << "Domain:" is followed by all available domains and whether the
variable is initialized in the specific domain. NotInit, FailInit, or UnInit2
is displayed if the static is not initialized in the specific domain. Use
the DumpDomain command on the domain address to display information about the domain. For example: 0:000> !dumpobj 00acfb6c Name: System.String MethodTable 0x003e8388 EEClass 0x02c281c8 Size 20(0x14) bytes mdToken: 02000011 (d:\rotor\build\v1.x86chk.rotor\mscorlib.dll) String: FieldDesc*: 003e67b4 MT Field Offset Type Attr Value Name 003e8388 4000026 4 System.Int32 instance 1 m_arrayLength 003e8388 4000027 8 System.Int32 instance 0 m_stringLength 003e8388 4000028 c System.Char instance 0 m_firstChar 003e8388 4000029 0 CLASS shared static Empty >> Domain:Value 00084900:00acfb6c << 003e8388 400002a 4 CLASS shared static WhitespaceChars >> Domain:Value 00084900:00acfb80 << 0:000> |
Value | Can be empty if it is an instance field, or static if it is an uninitialized shared variable. If a shared or static variable is initialized the value is shown here. |
Name | Name of field (member variable). |
This command lists the call stack for the current thread (including both managed and native calls).
!DumpStack [-EE] [-smart] [TopStack [BottomStack]]
Parameter | Description |
---|---|
-EE | Shows only managed calls. |
-smart | Shows a brief summary of stack information:
|
TopStack | Optional address of the starting position within stack for output. |
BottomStack | Optional address of the ending position within stack for output. |
The following example demonstrates debugging the iserializable.exe sample on Windows..
Some debugger output has been removed for clarity.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> !dumpstack Current frame: 79b03880 ChildEBP RetAddr Caller, Callee 0006d938 7963359c 7963359c, calling 79af11a4 0006d9a4 02ca35c4 (MethodDesc 0x71178b0 +0x11c System.Console[mscorlib.dll].GetStandardFile) 0006d9c4 02ca3480 (MethodDesc 0x71179a0 +0x3c System.Console[mscorlib.dll].OpenStandardOutput) 0006d9e4 02ca2fec (MethodDesc 0x7117810 +0x24 System.Console[mscorlib.dll]..cctor) 0006da0c 794388bc 794388bc 0006da14 7943116b 7943116b, calling 79438894 0006de4c 79415e63 79415e63, calling 794310d0 0006dec4 794be044 794be044, calling 7971c80c 0006decc 79416ecb 79416ecb, calling 794be000 0006dee8 7945729d 7945729d, calling 7971c81e 0006df20 7943893a 7943893a, calling 77e876b3 0006df48 794c227f 794c227f, calling 7971c80c 0006df50 79416fc6 79416fc6, calling 794c1fc0 0006df58 79417012 79417012, calling 7971c80c 0006df64 79415af2 79415af2, calling 7971c866 0006e098 794156eb 794156eb, calling 794158b0 0006e0b8 794320d0 794320d0, calling 79415680 0006e104 79432120 79432120, calling 7971c8c0 0006e1c4 79432246 79432246, calling 7971c8c0 0006e234 79432735 79432735, calling 79431ed0 0006e2d4 794327ee 794327ee, calling 7971c8c0 0006e33c 79432c97 79432c97, calling 794325f0 0006ebd4 79432e58 79432e58, calling 7971c8c0 0006ec2c 7943183f 7943183f, calling 794329a0 0006ec4c 7949d91e 7949d91e, calling 79431780 0006eddc 07117ca8 (stub for System.Console[mscorlib.dll].WriteLine), calling 0008afec 0006ede4 7949d548 7949d548, calling 7949d590 0006ee04 07117ca8 (stub for System.Console[mscorlib.dll].WriteLine), calling 0008afec 0006ee0c 0008b035 0008b035, calling 7949d4a0 0006ee20 02ca2d75 (MethodDesc 0x7b50b8 +0x21 SimpleGraph[iserializable.exe].Main) 0006ee3c 07117ca8 (stub for System.Console[mscorlib.dll].WriteLine), calling 0008afec 0006ee40 02ca2d75 (MethodDesc 0x7b50b8 +0x21 SimpleGraph[iserializable.exe].Main) 0006ee70 794388bc 794388bc 0006ee7c 7943116b 7943116b, calling 79438894 0006ef04 0006f865 0006f865, calling 1006ff5d 0006f2b4 79415e63 79415e63, calling 794310d0 0006f350 7945729d 7945729d, calling 7971c81e 0006f388 7943893a 7943893a, calling 77e876b3 0006f3b4 794c227f 794c227f, calling 7971c80c 0006f3bc 79416fc6 79416fc6, calling 794c1fc0 0006f3c4 79417012 79417012, calling 7971c80c 0006f504 79415873 79415873, calling 794158b0 0006f588 79415500 79415500, calling 79415820 0006f5a8 7946438c 7946438c, calling 79415490 0006f6d4 7946446f 7946446f, calling 7971c8c0 0006f75c 79463dbb 79463dbb, calling 79464010 0006f880 79463b94 79463b94, calling 7971c8c0 0006f908 79463d05 79463d05, calling 7971c8c0 0006f998 795603ae 795603ae, calling 794636f0 0006f9b0 793fcbe6 793fcbe6, calling 79560350 0006fb68 793d191b 793d191b, calling 793fc5d0 0006fbf0 7943893a 7943893a, calling 77e876b3 0006fc04 793deed6 793deed6, calling 7971c80c 0006fc28 793df1ab 793df1ab, calling 7971c80c 0006fc34 7943893a 7943893a, calling 77e876b3 0006fc8c 00405aba 00405aba 0006ff04 00405eac 00405eac, calling 00401019 0006ff50 0040611c 0040611c, calling 0040100f 0006ff64 79b0030d 79b0030d 0006ff88 0040607b 0040607b, calling 79af1181 0006ffc0 77e9ca90 77e9ca90 0006ffd0 77fcb740 77fcb740, calling 77f83893 0006ffd8 77fcb740 77fcb740, calling 77f83893 0:000>
The following code continues the example to demonstrate the use of the -EE option.
0:000> !dumpstack -ee Current frame: ChildEBP RetAddr Caller,Callee 0006d9a4 02ca35c4 (MethodDesc 0x71178b0 +0x11c System.Console[mscorlib.dll].GetStandardFile) 0006d9c4 02ca3480 (MethodDesc 0x71179a0 +0x3c System.Console[mscorlib.dll].OpenStandardOutput) 0006d9e4 02ca2fec (MethodDesc 0x7117810 +0x24 System.Console[mscorlib.dll]..cctor) 0006ee20 02ca2d75 (MethodDesc 0x7b50b8 +0x21 SimpleGraph[iserializable.exe].Main) 0006ee40 02ca2d75 (MethodDesc 0x7b50b8 +0x21 SimpleGraph[iserializable.exe].Main) 0:000>
The following code continues the example to demonstrate the use of the -smart option.
0:000> !dumpstack -smart Current frame: 79b03880 ChildEBP RetAddr Caller,Callee EIP:79b03880 EBP:6d9a4 ESP:6d93c -- EIP:0 EBP:0 ESP:0 0:000>
The following code continues the example to demonstrate the use of the TopStack and BottomStack parameters.
0:000> !dumpstack 0006ee3c 0006ee70 Current frame: 79b03880 ChildEBP RetAddr Caller,Callee 0006ee3c 07117ca8 (stub for System.Console[mscorlib.dll].WriteLine), calling 00 08af5c 0006ee40 02ca2d75 (MethodDesc 0x7b50b8 +0x21 SimpleGraph[iserializable.exe].Main)
DumpStack provides a combined native and managed stack trace.
For managed calls the stack frame contains a method description for the managed
function, in addition to
the stackpointer and the return address. For example:
0006ee40 02ca2d75 (MethodDesc 0x7b50b8 +0x21 SimpleGraph[iserializable.exe].Main)
This command dumps all the objects used on the current thread.
!DumpStackObjects [TopStack [BottomStack]]
Parameter | Description |
---|---|
TopStack | Stack pointer at top of stack segment you wish to display |
BottomStack | Stack pointer at bottom of stack segment you wish to display |
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
Note that the PAL_WriteFile breakpoint is hit several times to get to a point where there are more objects on the stack.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp ESP/REG Object Name 0006ed60 00ad16ec System.Byte[] 0006ed90 00ad098c System.IO.__ConsoleStream 0006ed94 00ad16ec System.Byte[] 0006edbc 00ad0a50 System.IO.StreamWriter 0006ede0 00ad0a50 System.IO.StreamWriter 0006ede4 00ad1d40 System.Char[] 0006edf0 00ad1d40 System.Char[] 0006ee10 00ad0a50 System.IO.StreamWriter 0006ee14 00ad0770 System.String Creating object graph 0006ee2c 00ad1970 System.IO.TextWriter/SyncTextWriter 0006ee30 00ad0770 System.String Creating object graph 0006ee48 00ad0770 System.String Creating object graph 0006ee78 00ad0714 System.Object[] 0006f3d4 00ad0714 System.Object[] 0006f5c8 00ad0714 System.Object[] 0006f5d0 00ad0714 System.Object[] 0006f5f4 00ad0748 System.String cdblog.txt 0006f620 00ad0714 System.Object[] 0006f644 00ad0714 System.Object[] 0:000>
The following code continues the example to demonstrate the use of the TopStack and BottomStack parameters.
0:000> !dumpstackobjects 0006ee10 0006ee78 ESP/REG Object Name 0006ee10 00ad0a50 System.IO.StreamWriter 0006ee14 00ad0770 System.String Creating object graph 0006ee2c 00ad1970 System.IO.TextWriter/SyncTextWriter 0006ee30 00ad0770 System.String Creating object graph 0006ee48 00ad0770 System.String Creating object graph 0:000>
The following code continues the example to demonstrate the use of the DumpObj command to dump objects found from the DumpStackObjects command.
0:000> !dumpobj 00ad0a50 Name: System.IO.StreamWriter MethodTable 0x0711ef3c EEClass 0x02c2c6e4 Size 56(0x38) bytes mdToken: 02000252 (d:\sscli\build\v1.x86chk.rotor\mscorlib.dll) FieldDesc*: 0711ea30 MT Field Offset Type Attr Value Name 02c67af4 40000ca 4 CLASS instance 00000000 __identity 071195f8 4000aad 8 CLASS instance 00ad14c4 CoreNewLine 071195f8 4000aae c CLASS instance 00000000 InternalForm atProvider 071195f8 4000aac 0 CLASS shared static Null >> Domain:Value 00084990:00ad0bac << 0711ef3c 4000b76 10 CLASS instance 00ad098c stream 0711ef3c 4000b77 14 CLASS instance 00ad0a0c encoding 0711ef3c 4000b78 18 CLASS instance 00ad14d4 encoder 0711ef3c 4000b79 1c CLASS instance 00ad16ec byteBuffer 0711ef3c 4000b7a 20 CLASS instance 00ad14e0 charBuffer 0711ef3c 4000b7b 28 System.Int32 instance 0 charPos 0711ef3c 4000b7c 2c System.Int32 instance 256 charLen 0711ef3c 4000b7d 30 System.Boolean instance 1 autoFlush 0711ef3c 4000b7e 31 System.Boolean instance 1 haveWrittenPreamble 0711ef3c 4000b7f 32 System.Boolean instance 0 closable 0711ef3c 4000b80 24 CLASS instance 00000000 allocatedFrom 0711ef3c 4000b75 0 CLASS shared static Null >> Domain:Value 00084990:00ad0a9c << 0:000>
Use the DumpObj command with the object address to dump out the contents of the objects as shown in the example above.
THe ESP/REG output column indicates the address location of the object on the stack.
This command outputs stack information. It is very similar to the DumpStack command except that it shows the stack segregated by thread.
!EEStack [-EE]
Parameter | Description |
---|---|
-EE | Only displays the managed callstacks. |
The following example demonstrates debugging the iserializable.exe sample on Windows.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> !eestack --------------------------------------------- Thread 0 Current frame: 79b03880 ChildEBP RetAddr Caller,Callee 0006d938 7963359c 7963359c, calling 79af11a4 0006d9a4 02ca35c4 (MethodDesc 0x71178b0 +0x11c System.Console[mscorlib.dll].GetStandardFile) 0006d9c4 02ca3480 (MethodDesc 0x71179a0 +0x3c System.Console[mscorlib.dll].OpenStandardOutput) 0006d9e4 02ca2fec (MethodDesc 0x7117810 +0x24 System.Console[mscorlib.dll]..cctor) 0006da0c 794388bc 794388bc 0006da14 7943116b 7943116b, calling 79438894 0006de4c 79415e63 79415e63, calling 794310d0 0006dec4 794be044 794be044, calling 7971c80c 0006decc 79416ecb 79416ecb, calling 794be000 0006dee8 7945729d 7945729d, calling 7971c81e 0006df20 7943893a 7943893a, calling 77e876b3 0006df48 794c227f 794c227f, calling 7971c80c 0006df50 79416fc6 79416fc6, calling 794c1fc0 0006df58 79417012 79417012, calling 7971c80c 0006df64 79415af2 79415af2, calling 7971c866 0006e098 794156eb 794156eb, calling 794158b0 0006e0b8 794320d0 794320d0, calling 79415680 0006e104 79432120 79432120, calling 7971c8c0 0006e1c4 79432246 79432246, calling 7971c8c0 0006e234 79432735 79432735, calling 79431ed0 0006e2d4 794327ee 794327ee, calling 7971c8c0 0006e33c 79432c97 79432c97, calling 794325f0 0006ebd4 79432e58 79432e58, calling 7971c8c0 0006ec2c 7943183f 7943183f, calling 794329a0 0006ec4c 7949d91e 7949d91e, calling 79431780 0006eddc 07117ca8 (stub for System.Console[mscorlib.dll].WriteLine), calling 0008afec 0006ede4 7949d548 7949d548, calling 7949d590 0006ee04 07117ca8 (stub for System.Console[mscorlib.dll].WriteLine), calling 0008afec 0006ee0c 0008b035 0008b035, calling 7949d4a0 0006ee20 02ca2d75 (MethodDesc 0x7b50b8 +0x21 SimpleGraph[iserializable.exe].Main) 0006ee3c 07117ca8 (stub for System.Console[mscorlib.dll].WriteLine), calling 0008afec 0006ee40 02ca2d75 (MethodDesc 0x7b50b8 +0x21 SimpleGraph[iserializable.exe].Main) 0006ee70 794388bc 794388bc 0006ee7c 7943116b 7943116b, calling 79438894 0006ef04 0006f865 0006f865, calling 1006ff5d 0006f2b4 79415e63 79415e63, calling 794310d0 0006f350 7945729d 7945729d, calling 7971c81e 0006f388 7943893a 7943893a, calling 77e876b3 0006f3b4 794c227f 794c227f, calling 7971c80c 0006f3bc 79416fc6 79416fc6, calling 794c1fc0 0006f3c4 79417012 79417012, calling 7971c80c 0006f504 79415873 79415873, calling 794158b0 0006f588 79415500 79415500, calling 79415820 0006f5a8 7946438c 7946438c, calling 79415490 0006f6d4 7946446f 7946446f, calling 7971c8c0 0006f75c 79463dbb 79463dbb, calling 79464010 0006f880 79463b94 79463b94, calling 7971c8c0 0006f908 79463d05 79463d05, calling 7971c8c0 0006f998 795603ae 795603ae, calling 794636f0 0006f9b0 793fcbe6 793fcbe6, calling 79560350 0006fb68 793d191b 793d191b, calling 793fc5d0 0006fbf0 7943893a 7943893a, calling 77e876b3 0006fc04 793deed6 793deed6, calling 7971c80c 0006fc28 793df1ab 793df1ab, calling 7971c80c 0006fc34 7943893a 7943893a, calling 77e876b3 0006fc8c 00405aba 00405aba 0006ff04 00405eac 00405eac, calling 00401019 0006ff50 0040611c 0040611c, calling 0040100f 0006ff64 79b0030d 79b0030d 0006ff88 0040607b 0040607b, calling 79af1181 0006ffc0 77e9ca90 77e9ca90 0006ffd0 77fcb740 77fcb740, calling 77f83893 0006ffd8 77fcb740 77fcb740, calling 77f83893 --------------------------------------------- Thread 2 Current frame: 77f83786 ChildEBP RetAddr Caller,Callee 02a5fe20 77e8780f 77e8780f 02a5fe48 77e87837 77e87837, calling 77e877b5 02a5fe58 79b06681 79b06681, calling 77e87828 02a5fe70 794f7cc2 794f7cc2, calling 79af125d 02a5fe84 794f7f21 794f7f21, calling 794f7cb0 02a5ff24 794f8275 794f8275, calling 7971c8c0 02a5ff74 79b0030d 79b0030d 02a5ff98 79b06b35 79b06b35, calling 79af1181 02a5ffb4 77e887dd 77e887dd 0:000>
The following code continues the example to demonstrate the use of the -EE option.
0:000> !eestack -ee --------------------------------------------- Thread 0 Current frame: ChildEBP RetAddr Caller,Callee 0006d9a4 02ca35c4 (MethodDesc 0x71178b0 +0x11c System.Console[mscorlib.dll].GetStandardFile) 0006d9c4 02ca3480 (MethodDesc 0x71179a0 +0x3c System.Console[mscorlib.dll].OpenStandardOutput) 0006d9e4 02ca2fec (MethodDesc 0x7117810 +0x24 System.Console[mscorlib.dll]..cctor) 0006ee20 02ca2d75 (MethodDesc 0x7b50b8 +0x21 SimpleGraph[iserializable.exe].Main) 0006ee40 02ca2d75 (MethodDesc 0x7b50b8 +0x21 SimpleGraph[iserializable.exe].Main) --------------------------------------------- Thread 2 Current frame: ChildEBP RetAddr Caller,Callee 0:000>
This command converts an instruction pointer address into the corresponding MethodDesc. This can be used to move from JIT-compiled code into the execution engine's data structures.
!IP2MD InstructionPointer
Parameter | Description |
---|---|
InstructionPointer | An instruction pointer to JIT-compiled code. |
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
This example uses the COMPlus_JitHalt environment variable to stop the debugger just before the JIT-compiled code for method FillTree is entered.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>set COMPlus_JitHalt=FillTree D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> g Creating object graph (1590.157c): Break instruction exception - code 80000003 (first chance) eax=06ca0794 ebx=7ffdf000 ecx=00ad2104 edx=0008a130 esi=00000000 edi=0006f2b4 eip=02ca776c esp=0006ee44 ebp=0006ee70 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 02ca776c cc int 3 0:000> !ip2md 02ca776c MethodDesc: 0x007b50e0 Jitted by EJIT Method Name : [DEFAULT] Void SimpleGraph.FillTree(Class TreeNode) Class : 6ef108c MethodTable 7b5128 mdToken: 06000002 Flags : 10 Method VA : 06ca0794 0:000>
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
This example, like many previous examples, stops on a breakpoint on PAL_WriteFile that is in unmanaged code. The stack is then backtraced to get a return address to use with the IP2MD command.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> k ChildEBP RetAddr 0006d934 79553e4c rotor_pal!PAL_WriteFile [d:\rotor\pal\win32\win32pal.c @ 1700] 0006d9a0 02ca35c4 sscoree!COMStreams::ConsoleHandleIsValid+0xac [d:\sscli\clr\src\vm\comstreams.cpp @ 153] WARNING: Frame IP not in any known module. Following frames may be wrong. 0006d9c0 02ca3480 0x2ca35c4 0006d9e0 02ca2fec 0x2ca3480 0006da08 79358a7c 0x2ca2fec 0006da10 7935130b sscoree!CallDescrWorkerInternal+0x28 0006de48 79335fd3 sscoree!CallDescrWorker+0x9b [d:\rotor\clr\src\vm\class.cpp @ 11127] 0006e094 7933585b sscoree!MethodDesc::CallDescr+0x5b3 [d:\rotor\clr\src\vm\method.cpp @ 1233] 0006e0b4 79352284 sscoree!MethodDesc::Call+0x6b [d:\rotor\clr\src\vm\method.cpp @ 1009] 0006e234 793528ef sscoree!EEClass::RunClassInit+0x214 [d:\rotor\clr\src\vm\class.cpp @ 11884] 0006e33c 79352e51 sscoree!EEClass::DoRunClassInitHelper+0x14f [d:\rotor\clr\src\vm\class.cpp @ 11941] 0006ec2c 793519df sscoree!EEClass::DoRunClassInit+0x301 [d:\rotor\clr\src\vm\class.cpp @ 12100] 0006ec4c 793bd73e sscoree!MethodTable::CheckRunClassInit+0xbf [d:\rotor\clr\src\vm\class.cpp @ 11688] 0006ede4 793bd368 sscoree!MethodDesc::DoPrestub+0x38e [d:\rotor\clr\src\vm\prestub.cpp @ 788] 0006ee0c 0008afa5 sscoree!PreStubWorker+0xa8 [d:\rotor\clr\src\vm\prestub.cpp @592] 0006ee20 02ca2d75 0x8afa5 0006ee70 79358a7c 0x2ca2d75 0006ee7c 7935130b sscoree!CallDescrWorkerInternal+0x28 0006f2b4 79335fd3 sscoree!CallDescrWorker+0x9b [d:\rotor\clr\src\vm\class.cpp @11127] 0006f504 793359e3 sscoree!MethodDesc::CallDescr+0x5b3 [d:\rotor\clr\src\vm\method.cpp @ 1233] 0:000> !ip2md 0x2ca2d75 MethodDesc: 0x007b50b8 Jitted by EJIT Method Name : [DEFAULT] Void SimpleGraph.Main(SZArray String) Class : 6ef108c MethodTable 7b5128 mdToken: 06000001 Flags : 10 Method VA : 06ca0304
Column | Description |
---|---|
MethodDesc | Method Description |
JIT information | Information about how the method was JIT-compiled.
|
The rest of the information is the same information displayed using the DumpMD command.
It is easy to confuse a valid instruction pointer with a stub or FCALL. A rough rule of thumb is that a JIT-compiled address tends to be in the vicinity of 02000000 (for example, 02ca776c) whereas most other addresses tend to be in the vicinity of 70000000 (for example, 79358a7c).
This command finds a MethodTable given a class name or a MethodDesc given a fully qualified method name.
!Name2EE ModuleName ClassName[.MethodName]
Parameter | Description |
---|---|
ModuleName | Name of .dll or .exe file in which the class or method is defined, including extension. |
ClassName | Class name. |
MethodName | Fully qualified method name. |
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> !name2ee iserializable.exe SimpleGraph -------------------------------------- MethodTable: 007b5128 EEClass: 06ef108c Name: SimpleGraph 0:000> !name2ee iserializable.exe SimpleGraph.FillTree -------------------------------------- MethodDesc: 7b50e0 Name: [DEFAULT] Void SimpleGraph.FillTree(Class TreeNode) ----------------------- 0:000>
This function is commonly used to get the MethodTable or EEClass addresses for a given class name. With those addresses you can use the DumpMT and DumpClass commands to get additional information about the class.
When given a method name, the Name2EE command returns a MethodDesc. With the MethodDesc address you can use the DumpMD command to get additional information about the method.
This command lists synchronization blocks.
!SyncBlk [-all|<#>]
Parameter | Description |
---|---|
-all | By default only synchronization blocks with locks will show up, -all will show all synchronization blocks. |
# | Show only a specific syncblock |
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
Note that the breakpoint is hit several times to get to a position in the code where the output of the SyncBlk command has more valid values.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 79b03880 55 push ebp 0:000> !syncblk Index SyncBlock MonitorHeld Recursion Thread ThreadID Object Waiting 2 000974a4 1 1 8a130 15cc 0 00a01cb4 System.IO.TextWriter/SyncTextWriter ----------------------------- Total 4 ComCallWrapper 3 ComPlusWrapper 0 ComClassFactory 0 Free 0 0:000>
Column | Description |
---|---|
Index | Synchronization block index. |
SyncBlock | Address of synchronization block. |
Recursion | Levels of recursion. |
Thread | Address of the thread object waiting on the object this synchronization
block is mapped to. Use the Threads command to get more information about the thread. |
ThreadID | ID in hexadecimal of thread waiting on this synchronization block. |
Thread Number | Thread number as shown in the Threads command of the thread waiting on this synchronization block. |
Object | Address of the object waiting on this synchronization block. Use the DumpObj command to get information about this object. |
Waiting | Class of object that is waiting for this synchronization block. If the synchronization block is no longer in use, this will display free. |
Total | Total number of synchronization blocks |
ComCallWrapper | Not implemented in the SSCLI. |
ComPlusWrapper | Number of ComPlus wrappers. |
ComClassFactory | Number of ComClass factories. |
Free | Number of free synchronization blocks. |
This command displays threadpool state.
!ThreadPool
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
The COMPlusJitHalt environment variable is being used to stop the debugger at a point in the program after threadpool items have been created. It is recommended that you run the utility once outside the debugger so it can strore its settings file. This way you will not have to enter much input for the program while in the debugger.
D:\sscli\build\v1.x86chk.rotor\samples\utilities\cleanbuild>cdb clix iserializable.exe D:\sscli\build\v1.x86chk.rotor\samples\utilities\cleanbuild>set COMPlus_JitHalt=WaitForOutput Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix cleanbuild.exe 0:000> .load sos.dll Settings file found at D:\sscli\build\v1.x86chk.rotor\samples\utilities\cleanbui ld\cb.xml Current program settings are: Build directory path: d:\sscli Tar file location: d:\sscli_20021014.tar Deletion script path: d:\junk\ OS type: Windows Verbose: True Continue with generating deletion list? 'y' or 'n' y Starting command tar -tf d:\sscli_20021014.tar (16d0.15d4): Break instruction exception - code 80000003 (first chance) eax=07d00b84 ebx=7ffdf000 ecx=00b3450c edx=0008a130 esi=00000000 edi=0006f2b4 eip=02d98de0 esp=0006edd4 ebp=0006ee3c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 02d98de0 cc int 3 0:000> !threadpool Worker Thread: Total: 2 Running: 2 Idle: 1 MaxLimit: 50 MinLimit: 2 Work Request in Queue: 1 QueueUserWorkItemCallback DelegateInfo@0014fe28 -------------------------------------- Number of Timers: 0 --------------------------------------
This command lists managed thread information.
!Threads
The following example demonstrates debugging the cleanbuild.exe sample on Windows.
Some debugger output has been removed for clarity.
The COMPlusJitHalt environment variable is being used to stop the debugger at a point in the program after threadpool items have been created. It is recommended that you run the utility once outside the debugger so it can strore its settings file. This way you will not have to enter much input for the program while in the debugger.
D:\sscli\build\v1.x86chk.rotor\samples\utilities\cleanbuild>cdb clix iserializable.exe D:\sscli\build\v1.x86chk.rotor\samples\utilities\cleanbuild>set COMPlus_JitHalt=WaitForOutput Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix cleanbuild.exe 0:000> .load sos.dll Settings file found at D:\sscli\build\v1.x86chk.rotor\samples\utilities\cleanbui ld\cb.xml Current program settings are: Build directory path: d:\sscli Tar file location: d:\sscli_20021014.tar Deletion script path: d:\junk\ OS type: Windows Verbose: True Continue with generating deletion list? 'y' or 'n' y Starting command tar -tf d:\sscli_20021014.tar (16d0.15d4): Break instruction exception - code 80000003 (first chance) eax=07d00b84 ebx=7ffdf000 ecx=00b3450c edx=0008a130 esi=00000000 edi=0006f2b4 eip=02d98de0 esp=0006edd4 ebp=0006ee3c iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 02d98de0 cc int 3 0:000> !threads ThreadCount: 3 UnstartedThread: 0 BackgroundThread: 2 PendingThread: 0 DeadThread: 0 PreEmptive Lock ID ThreadOBJ State GC Domain Count APT Exception 0 15d4 0008a130 20 Disabled 00084900 0 2 15cc 0008b180 1220 Enabled 00084900 0 (Finalizer) 3 ba0 07bad088 1800220 Disabled 00084900 1 (Threadpool Worker)
Column | Description |
---|---|
ThreadCount | Number of managed threads. |
UnstartedThread | Number of unstarted managed threads. |
BackgroundThread | Number of managed background threads. |
PendingThread | Number of pending managed threads. |
DeadThread | Number of inactive threads. |
ID | Thread ID (in hexadecimal format). If the thread has terminated when the threads are displayed this will show XXX. |
ThreadObj | Address of the thread object for current thread. |
State | Bitmasked DWORD of thread states. |
PreEmptive GC | Enabled or Disabled. Shows if garbage collection is scheduled cooperatively with this thread. |
Domain | Address of the domain this thread belongs to. Use the DumpDomain command for information about the domain |
Lock Count | Number of locks that this thread is waiting on. |
APT | Apartment threading model. This can be STA, MTA, NTA (neutral) or Unk (unknown). |
Exception | Describes the type of thread if it is a thread
used by the runtime. The possible values are:
|
This command finds a memory address from a metadata token.
!Token2EE ModuleName mdToken
Parameter | Description |
---|---|
ModuleName | Module name including .dll or .exe extension. |
mdToken | Metadata token. You can obtain the mdToken value using the DumpMD or DumpMT commands. |
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 0:000> !name2ee iserializable.exe SimpleGraph.Main -------------------------------------- MethodDesc: 7b50b8 Name: [DEFAULT] Void SimpleGraph.Main(SZArray String) ----------------------- 0:000> !dumpmd 7b50b8 Method Name : [DEFAULT] Void SimpleGraph.Main(SZArray String) Class : 714108c MethodTable 7b5128 mdToken: 06000001 Flags : 10 Method VA : 06ca0304 0:000> !token2ee iserializable.exe 06000001 -------------------------------------- MethodDesc: 7b50b8 Name: [DEFAULT] Void SimpleGraph.Main(SZArray String) 0:000>
The following code continues the example to demonstrate using the MethodTable tokens.
0:000> !name2ee iserializable.exe SimpleGraph -------------------------------------- MethodTable: 007b5128 EEClass: 06ef108c Name: SimpleGraph 0:000> !dumpmt 007b5128 EEClass : 06ef108c Module : 00095688 Name: SimpleGraph mdToken: 02000002 (d:\sscli\build\v1.x86chk.rotor\samples\howto\serialization\iserializable.exe) MethodTable Flags : 80000 Number of IFaces in IFaceMap : 0 Interface Map : 007b5178 Slots in VTable : 7 0:000> !token2ee iserializable.exe 02000002 -------------------------------------- MethodTable: 007b5128 EEClass: 06ef108c Name: SimpleGraph
Token2EE supports mdtMethodDef, mdtTypeDef and mdtTypeRef tokens.
For mdtMethodDef tokens this command displays the method descriptor address and the method
signature. Use the DumpMD command to get information about the method descriptor.
For mdtTypeDef and mdtTypeRef tokens this command displays the method table address, the
EEClass address and the class name. Use the DumpMT command to get information about
the method table and use !DumpClass to get information about the EEClass.
This command disassembles managed code that has been JIT-compiled.
!U [MethodDescriptor] [InstructionPointer]
Parameter | Description |
---|---|
MethodDescriptor | Disassembles a method based on the given method descriptor. |
InstructionPointer | Disassembles the method containing the given instruction pointer. |
The following example demonstrates debugging the iserializable.exe sample on Windows.
Some debugger output has been removed for clarity.
D:\sscli\build\v1.x86chk.rotor\samples\howto\serialization>cdb clix iserializable.exe Microsoft (R) Windows Debugger Version 6.0.0017.0 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: clix iserializable.exe 0:000> .load sos.dll 0:000> bp rotor_pal!pal_writefile 0:000> g Breakpoint 0 hit rotor_pal!PAL_WriteFile: 0:000> !name2ee iserializable.exe SimpleGraph.Main -------------------------------------- MethodDesc: 7b50b8 Name: [DEFAULT] Void SimpleGraph.Main(SZArray String) 0:000> !u 7b50b8 EJIT generated code [DEFAULT] Void SimpleGraph.Main(SZArray String) Begin 02ca2d54, size 6ee1c5b 02ca2d54 55 push ebp 02ca2d55 8bec mov ebp,esp 02ca2d57 56 push esi 02ca2d58 33f6 xor esi,esi 02ca2d5a 56 push esi 02ca2d5b b907000000 mov ecx,0x7 02ca2d60 6a00 push 0x0 02ca2d62 e2fc loop 02ca2d60 02ca2d64 b8c000a001 mov eax,0x1a000c0 02ca2d69 8b00 mov eax,[eax] 02ca2d6b 8bc8 mov ecx,eax 02ca2d6d 51 push ecx 02ca2d6e b88481ec06 mov eax,0x6ec8184 02ca2d73 ff10 call dword ptr [eax] (System.Console[mscorlib.dll].WriteLine) 02ca2d75 83c404 add esp,0x4 02ca2d78 b82800a001 mov eax,0x1a00028 02ca2d7d 8b00 mov eax,[eax] 02ca2d7f 50 push eax 02ca2d80 b838547b00 mov eax,0x7b5438 (MT: TreeNode) 02ca2d85 50 push eax 02ca2d86 b824207a00 mov eax,0x7a2024 (JitHelp: NEWSFAST) 02ca2d8b ffd0 call eax (JitHelp: NEWSFAST) 02ca2d8d 83c404 add esp,0x4 02ca2d90 8bf0 mov esi,eax 02ca2d92 8bc8 mov ecx,eax 02ca2d94 5a pop edx 02ca2d95 52 push edx 02ca2d96 51 push ecx 02ca2d97 b87c547b00 mov eax,0x7b547c 02ca2d9c ff10 call dword ptr [eax] (TreeNode[iserializable.exe]..ctor) 02ca2d9e 83c408 add esp,0x8 02ca2da1 8bc6 mov eax,esi 02ca2da3 be00000000 mov esi,0x0 02ca2da8 8945f0 mov [ebp-0x10],eax 02ca2dab 8b45f0 mov eax,[ebp-0x10] 02ca2dae 8bc8 mov ecx,eax 02ca2db0 51 push ecx 02ca2db1 b864517b00 mov eax,0x7b5164 02ca2db6 ff10 call dword ptr [eax] (SimpleGraph[iserializable.exe].FillTree)
(This example produces too much output to list.)
The following code continues the example to demonstrate using an address within JIT-compiled code.
0:000> !u 02ca2d9c EJIT generated code [DEFAULT] Void SimpleGraph.Main(SZArray String) Begin 02ca2d54, size 6ee1c5b 02ca2d54 55 push ebp 02ca2d55 8bec mov ebp,esp 02ca2d57 56 push esi 02ca2d58 33f6 xor esi,esi 02ca2d5a 56 push esi 02ca2d5b b907000000 mov ecx,0x7 02ca2d60 6a00 push 0x0 02ca2d62 e2fc loop 02ca2d60 02ca2d64 b8c000a001 mov eax,0x1a000c0 02ca2d69 8b00 mov eax,[eax] 02ca2d6b 8bc8 mov ecx,eax 02ca2d6d 51 push ecx 02ca2d6e b88481ec06 mov eax,0x6ec8184 02ca2d73 ff10 call dword ptr [eax] (System.Console[mscorlib.dll]. WriteLine) 02ca2d75 83c404 add esp,0x4 02ca2d78 b82800a001 mov eax,0x1a00028 02ca2d7d 8b00 mov eax,[eax] 02ca2d7f 50 push eax 02ca2d80 b838547b00 mov eax,0x7b5438 (MT: TreeNode) 02ca2d85 50 push eax 02ca2d86 b824207a00 mov eax,0x7a2024 (JitHelp: NEWSFAST) 02ca2d8b ffd0 call eax (JitHelp: NEWSFAST) 02ca2d8d 83c404 add esp,0x4 02ca2d90 8bf0 mov esi,eax 02ca2d92 8bc8 mov ecx,eax 02ca2d94 5a pop edx 02ca2d95 52 push edx 02ca2d96 51 push ecx 02ca2d97 b87c547b00 mov eax,0x7b547c 02ca2d9c ff10 call dword ptr [eax] (TreeNode[iserializable.exe].. ctor) 02ca2d9e 83c408 add esp,0x8 02ca2da1 8bc6 mov eax,esi 02ca2da3 be00000000 mov esi,0x0 02ca2da8 8945f0 mov [ebp-0x10],eax 02ca2dab 8b45f0 mov eax,[ebp-0x10] 02ca2dae 8bc8 mov ecx,eax 02ca2db0 51 push ecx 02ca2db1 b864517b00 mov eax,0x7b5164
(This example produces too much output to list.)
The following code continues the example to demonstrate using items from backtrace for disassembly.
0:000> k ChildEBP RetAddr 0006d934 79553e4c rotor_pal!PAL_WriteFile [d:\sscli\pal\win32\win32pal.c @ 1700] 0006d9a0 02ca35c4 sscoree!COMStreams::ConsoleHandleIsValid+0xac [d:\sscli\clr\src\vm\comstreams.cpp @ 153] WARNING: Frame IP not in any known module. Following frames may be wrong. 0006d9c0 02ca3480 0x2ca35c4 0006d9e0 02ca2fec 0x2ca3480 0006da08 79358a7c 0x2ca2fec 0006da10 7935130b sscoree!CallDescrWorkerInternal+0x28 0006de48 79335fd3 sscoree!CallDescrWorker+0x9b [d:\rotor\clr\src\vm\class.cpp @11127] 0006e094 7933585b sscoree!MethodDesc::CallDescr+0x5b3 [d:\rotor\clr\src\vm\method.cpp @ 1233] 0006e0b4 79352284 sscoree!MethodDesc::Call+0x6b [d:\rotor\clr\src\vm\method.cpp @ 1009] 0006e234 793528ef sscoree!EEClass::RunClassInit+0x214 [d:\rotor\clr\src\vm\class.cpp @ 11884] 0006e33c 79352e51 sscoree!EEClass::DoRunClassInitHelper+0x14f [d:\rotor\clr\src\vm\class.cpp @ 11941] 0006ec2c 793519df sscoree!EEClass::DoRunClassInit+0x301 [d:\rotor\clr\src\vm\class.cpp @ 12100] 0006ec4c 793bd73e sscoree!MethodTable::CheckRunClassInit+0xbf [d:\rotor\clr\src\vm\class.cpp @ 11688] 0006ede4 793bd368 sscoree!MethodDesc::DoPrestub+0x38e [d:\rotor\clr\src\vm\prestub.cpp @ 788] 0006ee0c 0008afa5 sscoree!PreStubWorker+0xa8 [d:\rotor\clr\src\vm\prestub.cpp @592] 0006ee20 02ca2d75 0x8afa5 0006ee70 79358a7c 0x2ca2d75 0006ee7c 7935130b sscoree!CallDescrWorkerInternal+0x28 0006f2b4 79335fd3 sscoree!CallDescrWorker+0x9b [d:\sscli\clr\src\vm\class.cpp @ 11127] 0006f504 793359e3 sscoree!MethodDesc::CallDescr+0x5b3 [d:\sscli\clr\src\vm\method.cpp @ 1233] 0:000> !u 0x2ca2d75 EJIT generated code [DEFAULT] Void SimpleGraph.Main(SZArray String) Begin 02ca2d54, size 6ee1c5b 02ca2d54 55 push ebp 02ca2d55 8bec mov ebp,esp 02ca2d57 56 push esi 02ca2d58 33f6 xor esi,esi 02ca2d5a 56 push esi 02ca2d5b b907000000 mov ecx,0x7 02ca2d60 6a00 push 0x0 02ca2d62 e2fc loop 02ca2d60 02ca2d64 b8c000a001 mov eax,0x1a000c0 02ca2d69 8b00 mov eax,[eax] 02ca2d6b 8bc8 mov ecx,eax 02ca2d6d 51 push ecx 02ca2d6e b88481ec06 mov eax,0x6ec8184 02ca2d73 ff10 call dword ptr [eax] (System.Console[mscorlib.dll]. WriteLine) 02ca2d75 83c404 add esp,0x4 02ca2d78 b82800a001 mov eax,0x1a00028 02ca2d7d 8b00 mov eax,[eax]
(This example produces too much output to list.)
The output first displays the type of generated code. In the SSCLI it will always be:
EJIT generated code
Next the output displays the method signature and then the resulting
native instructions for the method.
This command can be useful to disassembly managed code when looking at a call
stack. If the method has not yet been JIT-compiled, it will display "Not jitted
yet".
Term | Description |
---|---|
Assembly | A reusable, versionable, and self-describing building block of a common language runtime application. |
Domain | A secure and versatile unit of processing that the common language runtime can use to provide isolation between applications. You can run several application domains in a single process with the same level of isolation that would exist in separate processes, but without incurring the additional overhead of making cross-process calls or switching between processes. The ability to run multiple applications within a single process dramatically increases server scalability. |
EEClass | A managed class. |
Field declarations (mdFieldDef) | Declarations of data members as members of classes or interfaces or as global module-level data members. |
mdToken | A metadata token; a 4-byte value. The most-significant byte
specifies the type of the token. For example, a value of 1 means it is
a TypeDef token, while a value of 4 means it is a FieldDef token. For
the full list, with their values, see the CorTokenType enumeration in
corhdr.h . The lower 3 bytes give the index of the row that the token refers to within a metadata table. The lower 3 bytes is called the RID, or Record IDentifier. The metadata token with value 0x01000007 is a way to refer to row number 7 in the TypeDef table, within the current scope. Similarly, token 0x0400001A refers to row number 26 (decimal) in the FieldDef table within the current scope. Nothing is stored in row zero of a metadata table. A metadata token whose RID is zero is called a "nil" token. The metadata API defines a host of such nil tokens, one for each token type. For example, mdTypeDefNil with value 0x01000000. |
Member references (mdMemberRef) | References to methods and fields. A member reference is generated in metadata for every method invocation or field access that is made by any implementation in this module, and a token is persisted in the MSIL stream. (Note that there is no runtime support for property or event references.) |
Method definitions (mdMethodDef) | Definitions of methods as members of classes or interfaces or as global module-level methods. |
MethodDesc | Method descriptor. A CLI internal method representation. |
MethodTable | A CLI internal representation of a type. |
RVA(Relative Virtual Address) | The address of an item once loaded into memory, with the base address of the image file subtracted from it (such as the offset from the base address where the file is loaded). The RVA of an item will almost always differ from its position within the file on disk. |
Type declarations (mdTypeDef) | Declarations of runtime reference types (classes and interfaces) and of value types. |
Type references (mdTypeRef) | References to runtime reference types and value types, such as might occur when declaring variables as runtime reference or value types or in declaring inheritance or implementation hierarchies. In a very real sense, the collection of type references in a module is the collection of compile-time import dependencies. |