select this link
- how to use windbg to debug c# program
befor debug c# program , also called as “Managed Code” , need load sos.dll ,
in my machine , it located at C:\Windows\Microsoft.NET\Framework64\v4.0.30319
From article : https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugging-managed-code
a) First write a console c# program
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Net.Sockets; using System.Threading; namespace socketClient { class Program { const int PORT_NO = 8080; const string SERVER_IP = "192.168.3.111"; static void Main(string[] args) { //Console.ReadLine(); //---data to send to the server--- string textToSend = "Hello From Client"; //---create a TCPClient object at the IP and port no.--- TcpClient client = new TcpClient(SERVER_IP, PORT_NO); NetworkStream nwStream = client.GetStream(); byte[] bytesToSend = ASCIIEncoding.ASCII.GetBytes(textToSend); //---send the text--- Console.WriteLine("Sending : " + textToSend); nwStream.Write(bytesToSend, 0, bytesToSend.Length); //---read back the text--- byte[] bytesToRead = new byte[client.ReceiveBufferSize]; int bytesRead = nwStream.Read(bytesToRead, 0, client.ReceiveBufferSize); Console.WriteLine("Received : " + Encoding.ASCII.GetString(bytesToRead, 0, bytesRead)); client.Close(); while (true) { Thread.Sleep(3000); sendTwoTimes(); } Console.ReadLine(); //System.Net.Sockets.TcpClient clientSocket = new System.Net.Sockets.TcpClient(); //clientSocket.Connect("192.168.3.111", 8080); //Console.WriteLine("Client Socket Program - Server Connected ..."); //NetworkStream serverStream = clientSocket.GetStream(); //byte[] outStream = System.Text.Encoding.ASCII.GetBytes("hello" + "$"); //serverStream.Write(outStream, 0, outStream.Length); //serverStream.Flush(); //byte[] inStream = new byte[10025]; //serverStream.Read(inStream, 0, (int)clientSocket.ReceiveBufferSize); //string returndata = System.Text.Encoding.ASCII.GetString(inStream); //Console.WriteLine(returndata); //Console.ReadLine(); } static void sendTwoTimes() { string textToSend = "Hello From Client"; //---create a TCPClient object at the IP and port no.--- TcpClient client = new TcpClient(SERVER_IP, PORT_NO); NetworkStream nwStream = client.GetStream(); byte[] bytesToSend = ASCIIEncoding.ASCII.GetBytes(textToSend); //---send the text--- Console.WriteLine("Sending : " + textToSend); nwStream.Write(bytesToSend, 0, bytesToSend.Length); //---read back the text--- byte[] bytesToRead = new byte[client.ReceiveBufferSize]; int bytesRead = nwStream.Read(bytesToRead, 0, client.ReceiveBufferSize); Console.WriteLine("Received : " + Encoding.ASCII.GetString(bytesToRead, 0, bytesRead)); client.Close(); } } } |
b) build and run it in command line , then open “windbg(X86)” , and attach to this process , then type this command :
1 |
1 |
.cordll -ve -u -l |
in my machine , output is :
1 2 3 |
CLRDLL: Loaded DLL C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll Automatically loaded SOS Extension CLR DLL status: Loaded DLL C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll |
it show DAC and CLR are all loaded
c) set symbol path , in my case , use
1 |
srv*f:\debug\symbols*http://msdl.microsoft.com/download/symbols |
c)
- commandshow all loaded DLL
1.cordll -ve -u -l
show all method table of attached program
1 |
!Name2EE *!socketClient.Program |
the output like this :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
Module: 50ce1000 Assembly: mscorlib.dll -------------------------------------- Module: 033b400c Assembly: socketClient.exe Token: 02000002 MethodTable: 033b4d40 EEClass: 033b12e4 Name: socketClient.Program -------------------------------------- Module: 502d1000 Assembly: System.dll -------------------------------------- Module: 54911000 Assembly: System.Configuration.dll -------------------------------------- Module: 61641000 Assembly: System.Core.dll -------------------------------------- |
With the method table address we can examine all the fuctions defined in the method. by using command
1 |
!DumpMT -MD 033b4d40 |
033b4d40 is a example method address , it depend on your output
it output like this :
1 2 3 4 5 6 7 8 9 |
MethodDesc Table Entry MethodDe JIT Name 5111a500 50ce74e0 PreJIT System.Object.ToString() 5112b4f0 50ce74e8 PreJIT System.Object.Equals(System.Object) 51117b30 50ce7508 PreJIT System.Object.GetHashCode() 5111a498 50ce751c PreJIT System.Object.Finalize() 04fe0048 03704d38 NONE socketClient.Program..ctor() 04fe0448 03704d20 JIT socketClient.Program.Main(System.String[]) 04fe0608 03704d2c JIT socketClient.Program.sendTwoTimes() |
if want to set a breakpoint at method “sendTwoTimes”
could use this command
1 |
!bpmd -md 03704d2c |
when reach breakpoint , type
1 |
kL |
to display strack info , notice kL , L is upcase
1 |
r |
view and edit registers
open registers window
Alt+4
1 |
k |
call trace
- Ref articles
https://blogs.msdn.microsoft.com/kaevans/2011/04/11/intro-to-windbg-for-net-developers/