Hi all,

This post is a continuation of MANAGED DEBUGGING with WINDBG. Thread Stacks. Part 1.

 

THREAD STACKS. Part 2

 

·         We can inspect the objects with unmanaged commands:

The reference to an object points to the method table (which is a pointer to the table with the method descriptors) followed by the data of the object. There are 4 other bytes before the pointer to the method table which are the syncblk.

The graph below will show the following info, fields and methods in a different way which will help us understand how an object looks in memory:

0:000> !do 0x01aef338

Name: WindowsApplication1.Form1

MethodTable: 001c6ecc

EEClass: 002d0a30

Size: 352(0x160) bytes

 (C:\__WORKSHOP\Demos\BuggyNETApp\bin\Debug\WindowsApplication1.exe)

Fields:

      MT    Field   Offset                 Type VT     Attr    Value Name

...

7ae75b24  40011e0       80 ...Drawing.Rectangle  1 instance 01aef3b8 displayRect

...

7b47f3dc  4000011      154 ...dows.Forms.Button  0 instance 01af0398 _Button6

...

0:000> !DumpVC 7ae75b24 01aef3b8

Name: System.Drawing.Rectangle

MethodTable 7ae75b24

EEClass: 7ae75aac

Size: 24(0x18) bytes

 (C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll)

Fields:

      MT    Field   Offset                 Type VT     Attr    Value Name

79102290  4000462        0         System.Int32  0 instance        0 x

79102290  4000463        4         System.Int32  0 instance        0 y

79102290  4000464        8         System.Int32  0 instance      384 width

79102290  4000465        c         System.Int32  0 instance      352 height

...

0:000> !DumpMT -md 0x001c6ecc

EEClass: 002d0a30

Module: 001c2c3c

Name: WindowsApplication1.Form1

mdToken: 02000008  (C:\__WORKSHOP\Demos\BuggyNETApp\bin\Debug\WindowsApplication1.exe)

BaseSize: 0x160

ComponentSize: 0x0

Number of IFaces in IFaceMap: 15

Slots in VTable: 399

--------------------------------------

MethodDesc Table

   Entry MethodDesc      JIT Name

7b05e348   7b4a4668   PreJIT System.Windows.Forms.Form.ToString()

...

002c1828   001c6d80      JIT WindowsApplication1.Form1.get_Button1()

...

001cc221   001c6e08     NONE WindowsApplication1.Form1.Run()

...

 

Note: Click on the image to enlarge.

 .NET object in memory

Next post: MANAGED DEBUGGING with WINDBG. Managed Heap. Part 1.

Index: MANAGED DEBUGGING with WINDBG. Introduction and Index.

 

Regards,

 

Alex (Alejandro Campos Magencio)