Windbg Extension NetExt 使用指南 【2】 ---- NetExt 的基本命令介紹
阿新 • • 發佈:2019-01-15
摘要 : 本章節介紹NetExt常用的命令. 並且對SOS進行一些對比.
NetExt的幫助
要想玩好NetExt, 入門就得看幫助. 看NetExt的幫助可以呼叫!whelp 命令. 這樣hi列舉出NetExt所支援的所有命令.
0:000> !netext.whelp netext version 2.0.0.5000 Feb 9 2015 License and usage can be seen here: !whelp license Check Latest version: !wupdate For help, type !whelp (or in WinDBG run: '.browse !whelp') Questions and Feedback: http://netext.codeplex.com/discussions Copyright (c) 2014-2015 Rodney Viana (http://blogs.msdn.com/b/rodneyviana) Type: !windex -tree or ~*e!wstack to get started Show Object Detail Commands --------------------------- !wdo - Display ad-hoc objects or arrays from GAC or Stack !wselect - Display ad-hoc fields (and level fields) for an object or for all item in an array !wfrom - Perform SQL-like analysis of Heap objects enabling comparison, expression evaluation and indexed filtering. *(new)* !wpe - Dump Exception Object Enumerate objects ------------------ !windex - index and display objects based in different filters like object with of type HttpContext !wstack - dump unique stack objects !wheap - list objects without indexing and show thottled heap sampling !wgchandle - Dump GC root handles *(new)* !wdae - Dump All Exceptions Process commands ---------------- !wclrstack - Dump current stack trace (only managed thread) *(new)* !wthreads *(new)* !wver - Show CLR version and extension version *(new)* !wupdate - Check for update Special ------- !wdict - Display dictionary objects !whash - Display HashTable objects !whttp - List HttpContext Objects !wconfig - Show all .config file lines in memory !wservice - List WCF service Objects !weval - Evaluate expression list !wkeyvalue - Display pair key/value for NameObjectCollection type objects !wcookie - Display HTTP cookies !wruntime - Display HTTP Runtime Info including Active Requests !wtoken - Display WIF tokens and cookies Misc ---- expression syntax functions list *new functions* license see all licenses applied to this product
如果想要知道具體更為具體的內容, 需要在!whelp 後面加上這個命令. 例如, NetExt中用得非常多的一個命令!wdo. 這個命令相當於!sos.do. 如果想要知道它更為詳細的說明, 可以執行命令 !whelp wdo
0:000> !netext.whelp wdo Display ad-hoc objects or arrays from GAC or Stack Usage: !wdo [-forcearray] [-shownull] [-noheader] [-noindex] [-tokens] [-mt <expr>] [-start<expr>] [-end <expr>] <expr> Where: -mt <expr> is the method table address of the object (for value objects). Optional -start lt;expr> is the starting index of an array. Optional. Default is starting array at item 0 -end <expr> is the end index of an array. Optional. Default is ending array at max items -forcearray if not used Byte[] and Char[] arrays will show as string instead of array items. Optional -shownull if not used will show only non-empty array items. Optional -noheader if present will hide headers and show only object address, fields and values. Optional -noindex if present will not show array index (useful for .foreach). Optional -tokens if present will show class token and field token<expr> is the object or array address (you can use an expression). Required Improvements over !DumpObj: --------------------------- - Object, struct and nested class fields show address value with link to detail the field. Click link to follow - Numeric type fields show both hex and decimal values - For Enum type fields it shows the type name (or type names for [Flag]Enum) along with the numeric value - For TimeSpan and DateTime fields it shows the string equivalent - For strings it show the content after the address - It shows the inheritance chain in the header (not interface implementations though) - Byte[] and Char[] objects shows as string if you do not use -forcearraty - By default, array objects only show non-null items - Static fields show the value for the first valid application domain where it is defined - For arrays it lists all components Examples: ------------- Listing an object ad-hoc ------------------------ !wdo -tokens 00000001556e24e8 Address: 00000001556e24e8 EEClass: 000007feef8c2d50 Method Table: 000007feefc40268 Class Name: System.Runtime.Remoting.Lifetime.Lease Size : 96 Instance Fields: 12 Static Fields: 1 Total Fields: 13 Heap: 0 Generation: 0 Module: 000007feef7d1000 Assembly: 0000000001373e00 Domain: 000007fef2767880 Dynamic: false Assembly name: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll Inherits: System.Runtime.Remoting.Lifetime.Lease System.Object System.MarshalByRefObject (000007FEEFC40268 000007FEEFC07370 000007FEEFC0AD70) 400018a 000007feefc07370 2000052 System.Object +0000 __identity 0000000000000000 400201e 000007feefc0ecf0 2000702 System.Int32 +0020 id 0 (0n0) 400201f 000007feefc47fb8 2000702 System.DateTime +0030 leaseTime -mt 000007FEEFC47FB8 00000001556E2520 10/26/2011 9:21:08 PM 4002020 000007feefc47eb8 2000702 System.TimeSpan +0038 initialLeaseTime -mt 000007FEEFC47EB8 00000001556E2528 00:05:00 4002021 000007feefc47eb8 2000702 System.TimeSpan +0040 renewOnCallTime -mt 000007FEEFC47EB8 00000001556E2530 00:02:00 4002022 000007feefc47eb8 2000702 System.TimeSpan +0048 sponsorshipTimeout -mt 000007FEEFC47EB8 00000001556E2538 00:02:00 4002023 000007feefc06c50 2000702 System.Boolean +002c isInfinite 0 (False) 4002024 000007feefc0f3d8 2000702 System.Collections.Hashtable +0008 sponsorTable 00000001556E2548 4002025 000007feefc0ecf0 2000702 System.Int32 +0024 sponsorCallThread 0 (0n0) 4002026 000007feefc41568 2000702 System.Runtime.Remoting.Lifetime.LeaseMa +0010 leaseManager 00000001556E1FD0 4002027 000007feefc0ad70 2000702 System.MarshalByRefObject +0018 managedObject 0000000155663A40 4002028 000007fef03aefc0 2000702 System.Runtime.Remoting.Lifetime.LeaseSt +0028 state 2 (0n2) Active 4002029 000007feefc0ecf0 Static 2000702 System.Int32 +0c78 nextId NoInit Listing only items 5 to 10 (oxa) from an array ---------------------------------------------- !wdo -start 5 -end a 000000016d29cb50 Address: 000000016d29cb50 EEClass: 00000642780e0cf8 Method Table: 000006427843e2a8 Class Name: System.Collections.Hashtable+bucket[] Size : 576 Rank: 1 Components: 23 [5]: 000000016d29cbd8 [6]: 000000016d29cbf0 [7]: 000000016d29cc08 [8]: 000000016d29cc20 [9]: 000000016d29cc38 [10]: 000000016d29cc50 * Note: for HashTables you can use !whash Compare to: ----------- !wselect - also shows add-hoc objects and arrays, however wselect enables the selection of fields (and field levels) and does not show extensive header !wfrom - enable complex query mechanism with categories, conditions and functions but it is not as simple to use as wselect and wdo How do I get object addresses? ------------------------------ - Type !windex -enumtypes or !windex -tree to enumerate heap objects - Type ~*e!wstack to list all objects in the stack for all threads - Type !wheap to show a quick heap sampling without indexing. It will yield a throttled but quick output
玩轉DUMP OBJECT
SOS中可以用!do裡面把Object的資訊DUMP出來. NetExt中, 則是使用!wdo. 從表面看, 他們顯示的結果並沒有多大區別.
0:014> !do 00000001957775e0
Name: System.RuntimeFieldInfoStub
MethodTable: 000007fef0b9c950
EEClass: 000007fef07d1dc0
Size: 72(0x48) bytes
File: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
Fields:
MT Field Offset Type VT Attr Value Name
000007fef0b95a48 40005c6 8 System.Object 0 instance 0000000000000000 m_keepalive
000007fef0b95a48 40005c7 10 System.Object 0 instance 0000000000000000 m_c
000007fef0b95a48 40005c8 18 System.Object 0 instance 0000000000000000 m_d
000007fef0b9c7d8 40005c9 30 System.Int32 1 instance 0 m_b
000007fef0b95a48 40005ca 20 System.Object 0 instance 0000000000000000 m_e
000007fef0b95a48 40005cb 28 System.Object 0 instance 0000000000000000 m_f
000007fef0ba6d98 40005cc 38 ...eldHandleInternal 1 instance 0000000195777618 m_fieldHandle
0:014> !netext.wdo 00000001957775e0
Address: 00000001957775e0
Method Table/Token: 000007fef0b9c950/200014a04
Class Name: System.RuntimeFieldInfoStub
Size : 72
EEClass: 000007fef07d1dc0
Instance Fields: 7
Static Fields: 0
Total Fields: 14
Heap/Generation: 1/0
Module: 00000000f06d0000
Assembly: 0000000000da0870
Domain: 00000000f3f75580
Assembly Name: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
Inherits: System.Object (000007FEF0B95A48)
000007fef0b95a48 System.Object +0000 m_keepalive 0000000000000000
000007fef0b95a48 System.Object +0008 m_c 0000000000000000
000007fef0b95a48 System.Object +0010 m_d 0000000000000000
000007fef0b95a48 System.Object +0018 m_e 0000000000000000
000007fef0b95a48 System.Object +0020 m_f 0000000000000000
000007fef0b9c7d8 System.Int32 +0028 m_b 0 (0n0)
000007fef0ba6d98 System.RuntimeFieldHandleInternal +0030 m_fieldHandle -mt 000007FEF0BA6D98 0000000195777618
!wdo在細節上則做的更加體貼. 例如dump的物件中包含了一個string型別, !wdo會將string的地址顯示出來. 對於列舉型別, 則會將列舉對應的含義顯示出來. !do命令顯示出來的結果還必須手工的再對string的地址進行操作. 對列舉的型別的翻譯也相當的貼心, 減少了機械枯燥的工作也節省了時間.
0:014> !do 000000019588b000
Name: System.Uri
MethodTable: 000007feeec9b358
EEClass: 000007feee995d30
Size: 72(0x48) bytes
File: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
Fields:
MT Field Offset Type VT Attr Value Name
000007fef0b968f0 400161c 8 System.String 0 instance 000000019571ede0 m_String
000007fef0b968f0 400161d 10 System.String 0 instance 0000000000000000 m_originalUnicodeString
000007feeec9f698 400161e 18 System.UriParser 0 instance 000000019568c020 m_Syntax
000007fef0b968f0 400161f 20 System.String 0 instance 0000000000000000 m_DnsSafeHost
000007feeecf2778 4001620 30 System.UInt64 1 instance 37624152064 m_Flags
(...)
0:014> !wdo 000000019588b000
Address: 000000019588b000
Method Table/Token: 000007feeec9b358/200037704
Class Name: System.Uri
Size : 72
EEClass: 000007feee995d30
Instance Fields: 7
Static Fields: 21
Total Fields: 14
Heap/Generation: 1/0
Module: 00000000ee980000
Assembly: 0000000003ec58a0
Domain: 00000000f3f75580
Assembly Name: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
Inherits: System.Object (000007FEF0B95A48)
000007fef0b968f0 System.String +0000 m_String 000000019571ede0 http://rviana-serv.northamerica.corp.microsoft.com:2000/Service.svc
000007fef0b968f0 System.String +0008 m_originalUnicodeString 0000000000000000 (null)
000007feeec9f698 System.UriParser +0010 m_Syntax 000000019568c020
000007fef0b968f0 System.String +0018 m_DnsSafeHost 0000000000000000 (null)
000007feeec9fbb8 System.Uri+UriInfo +0020 m_Info 000000015572ea20
000007feeecf2778 System.Uri+Flags +0028 m_Flags 8c2930000 (0n37624152064) IPv6HostType|IPv4HostType|DnsHostType|AuthorityFound|NotDefaultPort|CanonicalDnsHost|MinimalUriInfoSet|AllUriInfoSet|RestUnicodeNormalized
(...)
另外一個優勢在於對陣列的處理. SOS的!do並不能顯示數組裡面的內容, 需要使用!dumparray命令.
0:014> !do 00000001957ab4a8 Name: System.Byte[] MethodTable: 000007fef0ba0b40 EEClass: 000007fef0722310 Size: 4120(0x1018) bytes Array: Rank 1, Number of elements 4096, Type Byte (Print Array) Element Type:System.Byte Content: <HTML><HEAD><link rel="alternate" type="text/xml" href="http://rviana-serv.northamerica.corp.microsoft.com:2000/Service.svc?disc Fields: None 0:014> !dumparray -details 00000001957ab4a8 Name: System.Byte[] MethodTable: 000007fef0ba0b40 EEClass: 000007fef0722310 Size: 4120(0x1018) bytes Array: Rank 1, Number of elements 4096, Type Byte Element Methodtable: 000007fef0b9c158 [0] 00000001957ab4b8 Name: System.Byte MethodTable: 000007fef0b9c158 EEClass: 000007fef0720398 Size: 24(0x18) bytes File: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll Fields: MT Field Offset Type VT Attr Value Name 000007fef0b9c158 4000276 0 System.Byte 1 instance 60 m_value [1] 00000001957ab4b9 Name: System.Byte MethodTable: 000007fef0b9c158 EEClass: 000007fef0720398 Size: 24(0x18) bytes File: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll Fields: MT Field Offset Type VT Attr Value Name 000007fef0b9c158 4000276 0 System.Byte 1 instance 72 m_value (…)
使用!wdo時候, 他會嘗試將這些陣列翻譯成一些有意義的內容. 例如上面的byte[]陣列, 其實可以拼成一組字串.
0:014> !wdo 00000001957ab4a8 Address: 00000001957ab4a8 Method Table/Token: 000007fef0ba0b40/200000004 Class Name: System.Byte[] Size : 4120 EEClass: 000007fef0722310 Rank: 1 Components: 4096 Data Start: 00000001957ab4b8 <HTML><HEAD><link rel="alternate" type="text/xml" href="http://rviana-serv.northamerica.corp.microsoft.com:2000/Service.svc?disco"/><STYLE type="text/css">#content{ FONT-SIZE: 0.7em; PADDING-BOTTOM: 2em; MARGIN-LEFT: 30px}BODY{MARGIN-TOP: 0px; MARGIN-LEFT: 0px; COLOR: #000000; FONT-FAMILY: Verdana; BACKGROUND-COLOR: white}P{MARGIN-TOP: 0px; MARGIN-BOTTOM: 12px; COLOR: #000000; FONT-FAMILY: Verdana}PRE{BORDER-RIGHT: #f0f0e0 1px solid; PADDING-RIGHT: 5px; BORDER-TOP: #f0f0e0 1px solid; MARGIN-TOP: -5px; PADDING-LEFT: 5px; FONT-SIZE: 1.2em; PADDING-BOTTOM: 5px; BORDER-LEFT: #f0f0e0 1px solid; PADDING-TOP: 5px; BORDER-BOTTOM: #f0f0e0 1px solid; FONT-FAMILY: Courier New; BACKGROUND-COLOR: #e5e5cc}.heading1{MARGIN-TOP: 0px; PADDING-LEFT: 15px; FONT-WEIGHT: normal; FONT-SIZE: 26px; MARGIN-BOTTOM: 0px; PADDING-BOTTOM: 3px; MARGIN-LEFT: -30px; WIDTH: 100%; COLOR: #ffffff; PADDING-TOP: 10px; FONT-FAMILY: Tahoma; BACKGROUND-COLOR: #003366}.intro{MARGIN-LEFT: -15px}</STYLE><TITLE>Service Service</TITLE></HEAD><BODY><DIV id="content"><P class="heading1">Service Service</P><BR/><P class="intro">You have created a service.<P class='intro'>To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from the command line with the following syntax:</P> <BR/><PRE>svcutil.exe <A HREF="http://rviana-serv.northamerica.corp.microsoft.com:2000/Service.svc?wsdl">http://rviana-serv.northamerica.corp.microsoft.com:2000/Service.svc?wsdl</A></PRE></P><P class="intro"/>This will generate a configuration file and a code file that contains the client class. Add the two files to your client application and use the generated client class to call the Service. For example:<BR/><P class='intro'><B>C#</B></P><PRE><font color="blue">class </font><font color="teal">Test </font>{ <font color="blue"> static void </font>Main() { <font color="teal">ServiceClient</font> client = <font color="blue">new </font><font color="teal">ServiceClient</font>(); <font color="green"> // Use the 'client' variable to call operations on the service. </font><font color="green"> // Always close the client. </font> client.Close(); } } </PRE><BR/><P class='intro'><B>Visual Basic</B></P><PRE><font color="blue">Class </font><font color="teal">Test </font><font color="blue"> Shared Sub </font>Main() <font color="blue"> Dim </font>client As <font color="teal">ServiceClient</font> = <font color="blue">New </font><font color="teal">ServiceClient</font>() <font color="green"> ' Use the 'client' variable to call operations on the service. </font><font color="green"> ' Always close the client. </font> client.Close() <font color="blue"> End Sub </font><font color="blue">End Class</font></PRE></DIV></BODY></HTML> 當然也可以選擇以陣列的形式進行檢查, 同時也可以指定一定的範圍. 例如可以用!wdo並且帶上引數 -forcearray -start 以及 -end 進行約束. 0:014> !wdo -forcearray -start 0n10 -end 0n15 00000001957ab4a8 Address: 00000001957ab4a8 Method Table/Token: 000007fef0ba0b40/200000004 Class Name: System.Byte[] Size : 4120 EEClass: 000007fef0722310 Rank: 1 Components: 4096 Data Start: 00000001957ab4b8 [10]: 0x44 (0n68) [11]: 0x3e (0n62) [12]: 0x3c (0n60) [13]: 0x6c (0n108) [14]: 0x69 (0n105) [15]: 0x6e (0n110)
還能用-noheader的引數減少輸出的內容, 可以關注具體欄位裡面的資料. 通常是配合一些指令碼一起使用.
每一列的意義如下 :
| Column | 意義 |
| 0 | 當前field的型別的Method Definition Table的地址 |
| 1 | 如果顯示Static, 則說明這個field是個Static型別, 否則是個instance |
| 2 | 型別的名稱 |
| 3 | field的偏移量. |
| 4 | field name |
| 5 | 這個field的具體內容, 如果是個值型別, 則是它的值, 如果是引用型別則顯示它的地址. |
| 6 | 如果是一個常用型別, 則顯示他的具體內容, 常用型別包括datetime, string, guid等等 |
!wselect初體驗
另外一個非常強大的功能是!wselect命令. 這個命令與!wdo很類似, 也是用dump object.
0:014> !wselect * from 000000019588b000
[System.Uri]
Known Type Value: http://rviana-serv.northamerica.corp.microsoft.com:2000/Service.svc
(string)System.String m_String = http://rviana-serv.northamerica.corp.microsoft.com:2000/Service.svc
(string)System.String m_originalUnicodeString = NULL
System.UriParser m_Syntax = 000000019568C020
(string)System.String m_DnsSafeHost = NULL
System.Uri+UriInfo m_Info = 000000015572EA20
(…)
如果你認為他只能做到這些就圖樣圖森破了. 它還可以只顯示個別特定的field, 當然你必須指定field的名稱.
0:014> !wselect m_String, m_Flags from 000000019588b000
[System.Uri]
Known Type Value: http://rviana-serv.northamerica.corp.microsoft.com:2000/Service.svc
(string)System.String m_String = http://rviana-serv.northamerica.corp.microsoft.com:2000/Service.svc
(uint64)System.Uri+Flags m_Flags = 8c2930000 (0n37624152064) IPv6HostType|IPv4HostType|DnsHostType|AuthorityFound|NotDefaultPort|CanonicalDnsHost|MinimalUriInfoSet|AllUriInfoSet|RestUnicodeNormalized
不僅如此, 它還可以將field所對應的Object下面的field也dump出來. 這個功能非常的實用. 當我需要重複性的檢查一些固定模式的物件值的時候, 可以用他做成一個指令碼, 然後一勞永逸的一直執行下去.
例如, 如果我現在知道HttpContext的地址. 然後我需要知道它對應的請求的UTC Time Stamp, http Method, URL, Response status code等等內容時, 應該怎麼辦? 這些資料並不全都直接顯示在HttpContext上面. UTC Time Stamp在HttpContext上面可以找到. HttpMethod則在HttpContext下面的HttpRequest下面this._request._httpMethod. URI則離得更遠, _request._url.m_String. Response Status Code又在另外一個物件上this._response._statusCode. 下面舉例我如何通過SOS去DUMP一個Http的請求地址.
0:014> !do 00000001956f77a8
Name: System.Web.HttpContext
MethodTable: 000007fed5396100
EEClass: 000007fed505b938
Size: 344(0x158) bytes
File: C:\Windows\Microsoft.Net\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
Fields:
MT Field Offset Type VT Attr Value Name
000007fed5395598 4000cab 8 ...IHttpAsyncHandler 0 instance 0000000000000000 _asyncAppHandler
000007fed53950c0 4000cac 10 ...b.HttpApplication 0 instance 0000000000000000 _appInstance
000007fed5395610 4000cad 18 ....Web.IHttpHandler 0 instance 0000000000000000 _handler
000007fed5396558 4000cae 20 ...m.Web.HttpRequest 0 instance 00000001956f7900 _request
(...)
0:014> !do 00000001956f7900
Name: System.Web.HttpRequest
MethodTable: 000007fed5396558
EEClass: 000007fed505b9a0
Size: 360(0x168) bytes
File: C:\Windows\Microsoft.Net\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
Fields:
MT Field Offset Type VT Attr Value Name
000007fed5399f48 4000d40 8 ...HttpWorkerRequest 0 instance 00000001956f7570 _wr
000007fed5396100 4000d41 10 ...m.Web.HttpContext 0 instance 00000001956f77a8 _context
000007fef0b968f0 4000d42 18 System.String 0 instance 00000001956fa860 _httpMethod
000007fed53cb4c0 4000d43 148 System.Int32 1 instance 2 _httpVerb
000007fef0b968f0 4000d44 20 System.String 0 instance 0000000000000000 _requestType
000007fed538ac98 4000d45 28 ...m.Web.VirtualPath 0 instance 00000001956ff140 _path
000007fef0b968f0 4000d46 30 System.String 0 instance 0000000000000000 _rewrittenUrl
000007fef0b9d608 4000d47 150 System.Boolean 1 instance 0 _computePathInfo
000007fed538ac98 4000d48 38 ...m.Web.VirtualPath 0 instance 00000001956fe068 _filePath
000007fed538ac98 4000d49 40 ...m.Web.VirtualPath 0 instance 0000000000000000 _currentExecutionFilePath
000007fed538ac98 4000d4a 48 ...m.Web.VirtualPath 0 instance 0000000000000000 _pathInfo
000007fef0b968f0 4000d4b 50 System.String 0 instance 0000000155660488 _queryStringText
000007fef0b9d608 4000d4c 151 System.Boolean 1 instance 0 _queryStringOverriden
000007fef0ba0b40 4000d4d 58 System.Byte[] 0 instance 0000000000000000 _queryStringBytes
000007fef0b968f0 4000d4e 60 System.String 0 instance 00000001956f76c0 _pathTranslated
000007fef0b968f0 4000d4f 68 System.String 0 instance 0000000155660488 _contentType
000007fef0b9c7d8 4000d50 14c System.Int32 1 instance -1 _contentLength
000007fef0b968f0 4000d51 70 System.String 0 instance 0000000000000000 _clientTarget
000007fef0b9adf8 4000d52 78 System.Object[] 0 instance 0000000000000000 _acceptTypes
000007fef0b9adf8 4000d53 80 System.Object[] 0 instance 0000000000000000 _userLanguages
000007fed53a3f68 4000d54 88 ...owserCapabilities 0 instance 0000000000000000 _browsercaps
000007feeec9b358 4000d55 90 System.Uri 0 instance 00000001957112a0 _url
(...)
0:014> !do 00000001957112a0
Name: System.Uri
MethodTable: 000007feeec9b358
EEClass: 000007feee995d30
Size: 72(0x48) bytes
File: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
Fields:
MT Field Offset Type VT Attr Value Name
000007fef0b968f0 400161c 8 System.String 0 instance 0000000195711240 m_String
(...)
0:014> !do 0000000195711240
Name: System.String
MethodTable: 000007fef0b968f0
EEClass: 000007fef071ed58
Size: 92(0x5c) bytes
File: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
String: http://localhost:2000/Service.svc
Fields:
MT Field Offset Type VT Attr Value Name
000007fef0b9c7d8 4000103 8 System.Int32 1 instance 33 m_stringLength
從這裡看到, 如果要從HttpContext上面dump Http 請求的地址, 需要執行4次!do指令. 同時還要去找到其他的物件, 那麼還需要更多的步驟. 如果需要檢查多個HttpContext上面相同的這些欄位內容, 將是一場噩夢.
如果這個事情交給NetExt來做就相當的輕鬆, 只要幾個命令, 一切搞定.
0:014> !wselect _utcTimestamp, _request._httpMethod, _request._url.m_String, _response._statusCode from 00000001956f77a8
[System.Web.HttpContext]
System.DateTime _utcTimestamp = -mt 000007FEF0BB96C8 00000001956F78D8 10/26/2011 11:29:15 PM
(string)System.String _request._httpMethod = GET
(string)System.String _request._url.m_String = http://localhost:2000/Service.svc
(int32)System.Int32 _response._statusCode = c8 (0n200)
從這個角度上來說, 這絕對是提高debugging效率的利器.
總結
NetExt針對debugging的工作做了非常多的優化工作.
- 相對!sos.do, !wdo優化了顯示的內容, 很多常用的型別都將會直接顯示出具體的內容. 並且針對一些常用的列舉進行了轉義, 可以讓我們直接瞭解到列舉的值所代表的意義.
- !wdo針對陣列的顯示進行了相當多的優化
- !wselect同樣是dump object的利器. 如果我們嶴DUMP的object藏在很深的路徑下, 它能夠幫助我們介紹很多時間和工作量.
Sonic Guo
相關推薦
Windbg Extension NetExt 使用指南 【2】 ---- NetExt 的基本命令介紹
摘要 : 本章節介紹NetExt常用的命令. 並且對SOS進行一些對比. NetExt的幫助 要想玩好NetExt, 入門就得看幫助. 看NetExt的幫助可以呼叫!whelp 命令. 這樣hi列舉出NetExt所支援的所有命令. 0:000> !netext.whelp netext ve
Windbg Extension NetExt 使用指南 【1】 ---- NetExt 介紹
摘要 : 在使用WINDBG做debugging的時候,需要一個好的工具幫助進行資料分析. 最常見的extension包括SOS, PSSCOR. NetExt則是另外一種提供了豐富命令功能的debugging extension. NetExt主要用於Managed Code的分析功能, 對ASP.NET
企業IT管理員IE11升級指南【2】—— Internet Explorer 11 對Adobe Flash的支援
企業IT管理員IE11升級指南 系列: Internet Explorer 11 對Adobe Flash的支援 在Windows 8.1上,Adobe Flash被作為一個平臺功能包括在內,可運行於Internet Explorer
企業IT管理員IE11升級指南【4】—— IE企業模式介紹
企業IT管理員IE11升級指南 系列: IE企業模式介紹 企業模式,執行在Windows8.1 Update和Windows7 Internet Explorer 11上的相容模式,讓網站使用一種模仿Internet Explorer
企業IT管理員IE11升級指南【12】—— 相容檢視列表介紹
企業IT管理員IE11升級指南 系列: 相容檢視列表介紹 為過去版本Internet Explorer設計的網站並不總是能夠在當前版本的Internet Explorer中得到預期的顯示效果。為了解決這個問題,Internet Expl
【Ansible 文檔】【譯文】Ad-Hoc 命令介紹
力量 services 方式 控制 雙引號 handlers 升級 ges 快的 Introduction To Ad-Hoc Commands Ad-Hoc命令介紹 下面的例子展示了如何使用 /usr/bin/ansible 來運行ad hoc任務。 什麽是ad hoc命
【Linux】Linux基本命令
2.修改使用者組的名稱:groupmod -n (新組名) (原組名) 3.修改組編號:groupmod -g668 (組名) 4.建立組名為boss的使用者組,組編號為888: groupadd -g 888 boss 5.刪除使用者組:groupdel (組名) 6.使用者組裡新增使用者:useradd
【轉】linux 基本命令學習
基本命令 經常用的 在網上找了一個比較全面的 轉帖 [語法]: ls [-RadCxmlnogrtucpFbqisf1] [目錄或檔案......] [說明]: ls 命令列出指定目錄下的檔案,預設目錄為當前目錄 ./,預設輸出順序為縱向按字元順序排列。 -R 遞迴地
docker【4】docker基本命令
這篇部落格主要羅列了一些docker的基本命令和一些進階命令,以及一些命令的詳解: 基本命令 1、先添加當前使用者到docker組(非root使用者) 使用者lin 不新增使用者的話,每次執行docker 都需要使用sudo,所以進行新增一下
Windbg Extension NetExt 使用指南 【3】 ---- 挖掘你想要的資料 Managed Heap
摘要 : NetExt中有兩個比較常用的命令可以用來分析heap上面的物件. 一個是!wheap, 另外一個是!windex. !wheap 這個命令可以用於打印出heap structure資訊. heap 上 object彙總後的資訊. 這個命令也可以按照一些條件過濾出objects, 不過執行速度比
【Spring-Security】【2】DelegatingFilterProxy
pat security clas 添加 chain let XML org mapping Spring Security 對我們應用的影響是通過一系列的 ServletRequest 過濾器實現的。 Spring Security 使用了 o.s.web.filter
【2】JVM-JAVA對象的訪問
lin oar XML nts java棧 article value new string Java中對象的訪問 JAVA是面向對象的語言,那麽在JAVA虛擬機中,存在非常多的對象,對象訪問是無處不在的。即時是最簡單的訪問,也會涉及到JAVA棧、JAVA堆、方法區
Android組件系列----ContentProvider內容提供者【2】
resolv blank lan int 復制 pad otto rtp wrap 二、代碼舉例: 終於全部project文件的文件夾結構例如以下: PersonDao是增刪改查數據庫的工具類,並在PersonContentProvider中得到調用。DBHe
quick-cocos2d-x遊戲開發【2】——項目結構分析、創建新場景
fileutil 遊戲 log world plain ack 設計 avi sca 創建完一個新項目之後,我們能夠簡單的看一看這個項目的文件組成,有這麽一個文件層次結構 幾個proj.*目錄就不用說了,是相應的平臺的解決方式,res專門存放我們的遊戲資源
Cocos2d-x v3.0正式版嘗鮮體驗【2】 Android平臺移植
生成 ble ack nts 做的 導入 eclipse so文件 腳本 今天沒事又嘗試了下3.0正式版關於Android平臺的移植,把新建的項目移植了下。過程僅用了十分鐘左右,什麽概念?!好吧,事實上我想說,這個版本號真的移植非常輕松啊,只是還沒加上其它東西,只是就眼
java持有對象【2】ArrayList容器續解
對象 符號 向上 ont 轉換 選擇 同時 是什麽 object 此為JDK API1.6.0對ArrayList的解釋。 ArrayList 使用java泛型創建類很復雜,但是應用預定義的泛型很簡單。例如,要想定義用來保存Apple對象的ArrayList,可以聲明
FindBugs錯誤修改指南 【轉】
早期 雙重檢查鎖 一點 sub 整理 there chan 調度 又是 FindBugs錯誤修改指南 1. EC_UNRELATED_TYPES Bug: Call to equals() comparing different types Pattern id: EC
Fiddler抓包【2】_捕獲設置
from lang 請求 user src file ati 允許 iphone 1、Fiddler抓web網站請求 手動設置方法一:Tools--->WinINET Options--->連接--->局域網設置--->代理服務器勾選後“高級
nmap使用指南【轉】
統計數據 超時 開放端口 嘗試 ip報頭 特定 icm select 否則 一、目標指定 1.CIDR標誌位 192.168.1.0/24 2.指定範圍 192.168.1.1-255 192.168.1-255.1(任意位置)3.IPv6地址只能用規範的IPv6地址或主機
LeetCode數組類的題目提交記錄 【2】
targe result 有序 suppose middle size body some 遞歸 /***********************************************************************33. Search in Ro