总目录
1. WinDbg概述
2. WinDbg主要功能
3. WinDbg程序调试示例
4. CPU寄存器及指令系统
5. CPU保护模式概述
6. 汇编语言不等于CPU指令
7. 用WinDbg观察托管程序架构
8. Windows PE/COFF文件格式简述
9. 让WinDbg自动打开DotNet Runtime源程序
10. WinDbg综合实战
前言
本文介绍使用WinDbg调试 DOTNET应用程序(如C#程序)的两个个小技巧。
- DOTNET应用程序的运行时离不开CLR与即时编译器的参与。如何使用WinDbg调试程序的同时,跟踪到即时编译器的动作?
- 调试DotNet程序时,如果遇到了clr代码,如何让WinDbg自动将源程序打开?
下图是我们希望实现的功能:在调试C#程序过程中,能把断点断到Clr即时编译器的某个方法中,直接调试 dotnet runtime源代码。
源代码
C#源代码定义了一个Person类,并且定义了一个GetAge方法。显然入口Main调用person.GetAge()时一定会调用clrjit模块对GetAge方法进行即时编译。
程序使用.NET 8.0编译。
using System.Diagnostics;
namespace BasicGrammar;
class Program
{
static void Main()
{
Person person = new Person();
person.age = 20;
int age = person.GetAge();
Console.WriteLine(age);
Debugger.Break();
}
public class Person
{
public int age;
public int GetAge()
{
return age; }
}
}
下面说明具体操作步骤。
让WinDbg加载clrjit.dll后暂停
第一步:使用WinDbg加载Core.exe。
第二步:使用sxe ld命令,让WinDbg加载完clrjit.dll模块后暂停:
0:000> sxe ld:clrjit
0:000> sx
ct - Create thread - ignore
et - Exit thread - ignore
cpr - Create process - ignore
epr - Exit process - ignore
ld - Load module - break
(only break for clrjit)
ud - Unload module - ignore
ser - System error - ignore
ibp - Initial breakpoint - ignore
iml - Initial module load - ignore
out - Debuggee output - output
av - Access violation - break - not handled
asrt - Assertion failure - break - not handled
aph - Application hang - break - not handled
bpe - Break instruction exception - break
bpec - Break instruction exception continue - handled
eh - C++ EH exception - second-chance break - not handled
clr - CLR exception - second-chance break - not handled
clrn - CLR notification exception - second-chance break - handled
cce - Control-Break exception - break
cc - Control-Break exception continue - handled
cce - Control-C exception - break
cc - Control-C exception continue - handled
dm - Data misaligned - break - not handled
dbce - Debugger command exception - ignore - handled
gp - Guard page violation - break - not handled
ii - Illegal instruction - second-chance break - not handled
ip - In-page I/O error - break - not handled
dz - Integer divide-by-zero - break - not handled
iov - Integer overflow - break - not handled
ch - Invalid handle - break
hc - Invalid handle continue - not handled
lsq - Invalid lock sequence - break - not handled
isc - Invalid system call - break - not handled
3c - Port disconnected - second-chance break - not handled
svh - Service hang - break - not handled
sse - Single step exception - break
ssec - Single step exception continue - handled
sbo - Security check failure or stack buffer overrun - break - not handled
sov - Stack overflow - break - not handled
vs - Verifier stop - break - not handled
vcpp - Visual C++ exception - ignore - handled
wkd - Wake debugger - break - not handled
rto - Windows Runtime Originate Error - second-chance break - not handled
rtt - Windows Runtime Transform Error - second-chance break - not handled
wob - WOW64 breakpoint - break - handled
wos - WOW64 single step exception - break - handled
观察以上命令输出,会发现sxe命令已经起作用,将在Load clrjit这个module后break(证据就是下面两行输出):
ld - Load module - break
(only break</