Debugging managed code in WinDbg has never been my idea of fun. I wasn’t forcibly exposed to it enough I guess.

 

For example, if you look at http://blogs.msdn.com/spatdsg/archive/2009/02/23/there-and-back-again-the-life-of-a-bug-and-fix.aspx   there is like a 5 step process for setting a breakpoint, instead of !bpmd. Well, the other day I dug deep into debugging some code to which I had no src or symbols, so I learned a bit – at least what I needed to in order to solve the issue :) – so this post is a bit of a bookmark or reminder for me, and maybe it will help someone else one day as well.

 

 

Load the magical debugger extensions..

 

Not sure which ones I need so I load a bunch..

 

C:\debuggers\clr10\sos.dll

 

C:\debuggers\sosex.dll

-- from http://www.stevestechspot.com/SOSEXV2NowAvailable.aspx

 

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sos.dll

 

Keepers:

!ip2md = instruction pointer to method descriptor

!savemodule = save binary from the debug

 

LOAD  failures - see http://blogs.msdn.com/b/dougste/archive/2009/02/18/failed-to-load-data-access-dll-0x80004005-or-what-is-mscordacwks-dll.aspx

 

0:024> !Threads
Failed to find runtime DLL (clr.dll), 0x80004005
0:000> .loadby sos mscorwks
0:000> .cordll -ve -u -l
Automatically loaded SOS Extension
WARNING: Unable to register for CLR module notifications
CLRDLL: Loaded DLL c:\windows\microsoft.net\framework64\v2.0.50727\mscordacwks.dll
CLR DLL status: Loaded DLL c:\windows\microsoft.net\framework64\v2.0.50727\mscordacwks.dll
0:000> .load c:\windows\microsoft.net\framework64\v2.0.50727\sos.dll

0:000> !Threads
ThreadCount: 41
UnstartedThread: 0
BackgroundThread: 33
PendingThread: 0
DeadThread: 8
Hosted Runtime: no
 
 
0:000> !Threads
ThreadCount: 41
UnstartedThread: 0
BackgroundThread: 33
PendingThread: 0
DeadThread: 8
Hosted Runtime: no
PreEmptive Lock
ID OSID ThreadOBJ State GC GC Alloc Context Domain Count APT Exception
XXXX 1 5394 00000000015ca840 8220 Enabled 0000000170194730:0000000170196388 00000000015bf510 0 Ukn
XXXX 2 5eac 00000000015f44b0 b220 Enabled 000000013fee6880:000000013fee87e0 00000000015bf510 0 MTA (Finalizer)
0 3 8298 0000000001629480 80a220 Enabled 0000000000000000:0000000000000000 00000000015bf510 0 MTA (Threadpool Completion Port)
XXXX 4 549c 0000000001629f30 1220 Enabled 0000000000000000:0000000000000000 00000000015bf510 0 Ukn
 
 
Find func or module references:
!Name2EE *!foo
 
dump module
!DumpModule -mt 000007ff001768f8 
 

Wishlist:

·         Doesn't seem like I can do fancy breakpoints like:

o   0:026> bp 76df1bbb "?1;.echo THIS IS THE RET"

 

·         Wish there was an easy "gu" command for managed code

·         I am sure there were more I wished for but can’t recall now….

 

 

A few nice things:

 

 

Get the exception

 

0:011> !PrintException

Exception object: 0147f600

Exception type: System.DirectoryServices.DirectoryServicesCOMException

Message: There is no such object on the server.

 

InnerException: <none>

StackTrace (generated):

<none>

StackTraceString: <none>

HResult: 80072030

 

 

 

 

Dump an array:

 

0:011> !DumpArray 01473aa8

Name: System.Object[]

MethodTable: 7912254c

EEClass: 79122ac0

Size: 1072(0x430) bytes

Array: Rank 1, Number of elements 264, Type CLASS

Element Methodtable: 790f8a7c

[0] 0146f64c

[1] 0146f684

[2] 0146f6ac

[3] 0146f6e0

[4] 0146f714

[5] 0146f748

[6] 0146f790

[7] 0146f7c8

[8] 0146f814

[9] 0146f840

[10] 0146f870

[11] 0146f8ac

[12] 0146f8d0

[13] 0146f8f4

[14] 0146f91c

[15] 0146f950

[16] 0146f990

 

 

0:011> ! mdt 0146f64c

0146f64c (System.String: "accountNameHistory")

0:011> !mdt 01472644

01472644 (System.String: "securityIdentifier")



In order to get the raw IL:

 

IL reference

http://www.ecma-international.org/publications/standards/Ecma-335.htm

 

 

0:026> !name2ee FooBar.DirectoryServices.dll FooBar.DirectoryServices.Server.getDomain

Module: 01d93da4 (FooBar.DirectoryServices.dll)

Token: 0x06000412

MethodDesc: 0ec510b0

Name: FooBar.DirectoryServices.Server.getDomain()

JITTED Code Address: 02594a00

 

 

0:026> !dumpil 0ec510b0

ilAddr = 0e835350

IL_0000: ldarg.0

IL_0001: ldfld FooBar.DirectoryServices.Server::initial

IL_0006: callvirt FooBar.DirectoryServices.LDAPInitialContext::get_Domain

IL_000b: ret

 

 

 

Get the method table from the class

 

 

0:026> !name2ee FooBar.DirectoryServices.dll FooBar.DirectoryServices.LDAPInitialContext

Module: 01d93da4 (FooBar.DirectoryServices.dll)

Token: 0x0200004d

MethodTable: 01d99d54

EEClass: 0ec21610

Name: FooBar.DirectoryServices.LDAPInitialContext

 

 

0:026> !dumpmt -md 01d99d54

EEClass: 0ec21610

Module: 01d93da4

Name: FooBar.DirectoryServices.LDAPInitialContext

mdToken: 0200004d  (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

BaseSize: 0x48

ComponentSize: 0x0

Number of IFaces in IFaceMap: 1

Slots in VTable: 45

--------------------------------------

MethodDesc Table

   Entry MethodDesc      JIT Name

7934cdcc   79137ab8   PreJIT System.Object.ToString()

7934bba0   79137ac0   PreJIT System.Object.Equals(System.Object)

7934bb90   79137ad8   PreJIT System.Object.GetHashCode()

793424c0   79137ae0   PreJIT System.Object.Finalize()

0ec1df50   01d99c60      JIT FooBar.DirectoryServices.LDAPInitialContext.get_Path()

01d999f5   01d99928      JIT FooBar.DirectoryServices.Context.getPathEx()

01d999fd   01d99938     NONE FooBar.DirectoryServices.Context.Contains(FooBar.DirectoryServices.Context)

01d99a01   01d99940     NONE FooBar.DirectoryServices.Context.IsParentOf(FooBar.DirectoryServices.Context)

01d99a05   01d99948     NONE FooBar.DirectoryServices.Context.GetRelativeDisplayName(FooBar.DirectoryServices.Context)

<snip>

 

 

 

 

Set a managed breakpoint?


0:027> !bpmd FooBar.WebDir.dll FooBar.WebDir.SecurityLevel.Evaluate

 

 How do I set a breakpoint on the return address for a function? ( thanks Khalil ! )

 

                Q: For example - I want to set a break on the return of the highlighted function..

A: Do a !u (managed command for unassemble) on the red highlighted. Set a bp, as you normally would, on the instruction after the call of interest.

 

0012ebd0 671663ae System.DirectoryServices.DirectoryEntry.Bind(Boolean)

0012ec28 67166245 System.DirectoryServices.DirectoryEntry.Bind()

0012ec38 67165870 System.DirectoryServices.DirectoryEntry.get_AdsObject()

0012ec48 67168ede System.DirectoryServices.DirectorySearcher.FindAll(Boolean)

0012ec64 67168d9b System.DirectoryServices.DirectorySearcher.FindOne()

0012ec9c 044e101d FooBar.DirectoryServices.ActiveDirectoryInitialContext.IsExchangeMixed()

0012ecb8 044e099e FooBar.DirectoryServices.ActiveDirectoryInitialContext.detectServerType()

0012ece0 0498f222 FooBar.DirectoryServices.ActiveDirectoryInitialContext.Connect(System.DirectoryServices.DirectoryEntry)

0012ecfc 0498e34c FooBar.DirectoryServices.ContextManager.Connect(FooBar.DirectoryServices.Credentials, System.String, Boolean)

0012ed14 0498d669 FooBar.DirectoryServices.Server.connect(FooBar.DirectoryServices.Credentials, System.String, System.String, System.String, Boolean, Boolean)

0012ed58 0498d506 FooBar.DirectoryServices.Server.connect(FooBar.DirectoryServices.Credentials, System.String, System.String, System.String)

0012ed68 044e419b FooBar.SystemConfiguration.GetAdminListDistinguishedName(System.String, System.String, System.String, System.Windows.Forms.Form)

0012ed88 044e4104 FooBar.ServerForm.cmdSelectHelpdeskDL_Click(System.Object, System.EventArgs)

 

 

 

Dump the object:

 

0:011> !mdt 014224ec

014224ec (System.DirectoryServices.PropertyValueCollection)

   list:0142250c (System.Collections.ArrayList)

   entry:013ffffc (System.DirectoryServices.DirectoryEntry)

   propertyName:013fe734 (System.String: "DnsHostName")

   updateType:0x3 (System.DirectoryServices.PropertyValueCollection+UpdateType)

   changeList:014225c0 (System.Collections.ArrayList+SyncArrayList)

   allowMultipleChange:true (System.Boolean)

   needNewBehavior:true (System.Boolean)

 

 

 

 

Get the CLR Stack:

 

0:000> !CLRStack -a

OS Thread Id: 0x3b4 (0)

ESP       EIP    

ESP/REG  Object   Name

0012eca8 76f19255 [ComPlusMethodFrameGeneric: 0012eca8] System.DirectoryServices.Interop.UnsafeNativeMethods+IAds.GetEx(System.String, System.Object ByRef)

ESP/REG  Object   Name

0012ecbc 6716d109 System.DirectoryServices.PropertyValueCollection.PopulateList()

    PARAMETERS:

        this = 0x01736e38

    LOCALS:

        <no data>

        <CLR reg> = 0x0012ea30

 

ESP/REG  Object   Name

0012ecd0 6716cbc5 System.DirectoryServices.PropertyValueCollection..ctor(System.DirectoryServices.DirectoryEntry, System.String)

    PARAMETERS:

        this = 0x01736e38

        entry = 0x017360f8

        propertyName = <no data>

    LOCALS:

        <no data>

        <no data>

 

ESP/REG  Object   Name

0012ecdc 013ab5f4 System.String    defaultNamingContext

0012ece4 013ab5f4 System.String    defaultNamingContext

0012ece8 6716bea4 System.DirectoryServices.PropertyCollection.get_Item(System.String)

    PARAMETERS:

        this = 0x01736ce8

        propertyName = <no data>

    LOCALS:

        <CLR reg> = 0x01736dfc

        <no data>

 

ESP/REG  Object   Name

0012ecfc 0498e2a0 FooBar.DirectoryServices.ContextManager.Connect(FooBar.DirectoryServices.Credentials, System.String, Boolean)

    PARAMETERS:

        credentials = 0x01736044

        serverName = 0x016fa234

        newConn = 0x00000001

    LOCALS:

        <no data>

        <CLR reg> = 0x017360f8

        <no data>

        <no data>   

 

 

 

 

 

 

Finding the call they made..

 

 

 

04a8eba8 8bf8            mov     edi,eax

04a8ebaa 8b5624          mov     edx,dword ptr [esi+24h]      --- some offset member

04a8ebad 8bcf            mov     ecx,edi               --- move some object instance in place

04a8ebaf ff150053df03    call    dword ptr ds:[3DF5300h]      --- call some method of that class instance

 

 

0:011> r

eax=014229e8 ebx=013ffffc ecx=03df5294 edx=01421b18 esi=01421bfc edi=014229e8

eip=04a8ebad esp=03ddf34c ebp=013ffffc iopl=0         nv up ei pl nz na pe nc

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206

04a8ebad 8bcf            mov     ecx,edi

 

 

 

0:011> p

eax=014229e8 ebx=013ffffc ecx=014229e8 edx=01421b18 esi=01421bfc edi=014229e8

eip=04a8ebaf esp=03ddf34c ebp=013ffffc iopl=0         nv up ei pl nz na pe nc

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206

04a8ebaf ff150053df03    call    dword ptr ds:[3DF5300h] ds:0023:03df5300=03df5329

 

 

0:011> !dumpmt -md 03df5294

EEClass: 03cbacb4

Module: 00909394

Name: FooBar.DirectoryServices.Exchange.Site

mdToken: 0200009e  (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

BaseSize: 0x54

ComponentSize: 0x0

Number of IFaces in IFaceMap: 2

Slots in VTable: 20

--------------------------------------

MethodDesc Table

   Entry MethodDesc      JIT Name

7934cdcc   79137ab8   PreJIT System.Object.ToString()

...

03df5331   03df5268     NONE FooBar.DirectoryServices.Exchange.Site.IsGroupContainer()

03df5329   03df5258     NONE FooBar.DirectoryServices.Exchange.Site..ctor(System.String)

03df532d   03df5260     NONE FooBar.DirectoryServices.Exchange.Site..ctor(System.String, System.String)

03df5335   03df5270     NONE FooBar.DirectoryServices.Exchange.Site.isMixed()

 

 

 

 

Assembly walk back..

 

Here is a small portion of code we can walk through the managed stuff in

 

04a8ebad 8bcf            mov     ecx,edi

04a8ebaf ff150053df03    call    dword ptr ds:[3DF5300h] -- call method as noted above. ( maybe gets some info? )

 

04a8ebb5 8d5638          lea     edx,[esi+38h]

04a8ebb8 e8625b3e75      call    mscorwks!JIT_Writeable_Thunks_Buf+0x11f (79e7471f) (mscorwks!JIT_Writeable_Thunks_Buf)

 

04a8ebbd 8b4e38          mov     ecx,dword ptr [esi+38h]

04a8ebc0 3909            cmp     dword ptr [ecx],ecx

04a8ebc2 ff150853df03    call    dword ptr ds:[3DF5308h]

 

 

04a8ebc8 88464c          mov     byte ptr [esi+4Ch],al

04a8ebcb b94477df03      mov     ecx,3DF7744h

04a8ebd0 e84734e6fb      call    008f201c (JitHelp: CORINFO_HELP_NEWSFAST)

 

 

 

 

Moving the data back into the object instance

 

 

04a8ebb5 8d5638          lea     edx,[esi+38h]

04a8ebb8 e8625b3e75      call    mscorwks!JIT_Writeable_Thunks_Buf+0x11f (79e7471f) (mscorwks!JIT_Writeable_Thunks_Buf)

 

 

0:011> r

eax=014229e8 ebx=013ffffc ecx=01422ffc edx=0000508a esi=01421bfc edi=014229e8

eip=04a8ebb5 esp=03ddf34c ebp=013ffffc iopl=0         nv up ei pl nz na po nc

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202

04a8ebb5 8d5638          lea     edx,[esi+38h]

 

0:011> !do 01421bfc

Name: FooBar.DirectoryServices.ActiveDirectoryInitialContext

MethodTable: 03df6194

EEClass: 03cbb41c

Size: 88(0x58) bytes

GC Generation: 0

 (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

Fields:

      MT    Field   Offset                 Type VT     Attr    Value Name

034c94cc  40001a4        4 ...es.InitialContext  0 instance 00000000 initialContext

790f9244  40001a5        8        System.String  0 instance 01254d68 distinguishedName

03df7240  40001a6        c ...veDs.IADsPathname  0 instance 01422100 adsPathName

790f9244  40001a7       10        System.String  0 instance 01422110 protocolPrefix

790fd8b4  40001a8       14 ...ections.Hashtable  0 instance 01422038 objectClassSchemas

034caad4  40001c1       18 ...vices.Credentials  0 instance 013db8f4 connectionCredentials

790f9244  40001c2       1c        System.String  0 instance 012f9f74 serverName

790f9244  40001c3       20        System.String  0 instance 01422538 dnsHostName

790f9244  40001c4       24        System.String  0 instance 01421b18 defaultNamingContext

790f9244  40001c5       28        System.String  0 instance 01422680 configNamingContext

790f9244  40001c6       2c        System.String  0 instance 014227d0 schemaNamingContext

03df7744  40001c7       30 ...veDirectoryDomain  0 instance 00000000 domain

03df7844  40001c8       34 ...ory.GlobalCatalog  0 instance 00000000 global

03df5294  40001c9       38 ...ces.Exchange.Site  0 instance 00000000 site

03df4a80  40001ca       3c ...ces.DirectoryItem  0 instance 00000000 config

790ffe7c  40001cb       40          System.Type  0 instance 00000000 providerType

034c30c0  40001c0      2a0         log4net.ILog  0   static 013fe5e4 debugLog

790f9244  40001cc      2a4        System.String  0   static 013fe330 TopContainerFormatter

79103c00  400025b       4c       System.Boolean  1 instance        0 ntMixed

79103c00  400025c       4d       System.Boolean  1 instance        0 mixed

79103c00  400025d       4e       System.Boolean  1 instance        0 hasExchange

79103c00  400025e       4f       System.Boolean  1 instance        0 hasExchange2003

79103c00  400025f       50       System.Boolean  1 instance        0 gcPresent

790f9244  4000260       44        System.String  0 instance 0142293c rootDomainNamingContext

790fd8b4  4000261       48 ...ections.Hashtable  0 instance 01421f70 detailedSchemaInfo

034c30c0  400025a      330         log4net.ILog  0   static 01421ef0 debugLog

 

 

 

 

04a8ebb8 e8625b3e75      call    mscorwks!JIT_Writeable_Thunks_Buf+0x11f (79e7471f) (mscorwks!JIT_Writeable_Thunks_Buf) 

-- > after this the  FooBar.DirectoryServices.ActiveDirectoryInitialContext site is filled in

 

 

0:011> !do 01421bfc

Name: FooBar.DirectoryServices.ActiveDirectoryInitialContext

MethodTable: 03df6194

EEClass: 03cbb41c

Size: 88(0x58) bytes

GC Generation: 0

 (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

Fields:

      MT    Field   Offset                 Type VT     Attr    Value Name

034c94cc  40001a4        4 ...es.InitialContext  0 instance 00000000 initialContext

790f9244  40001a5        8        System.String  0 instance 01254d68 distinguishedName

03df7240  40001a6        c ...veDs.IADsPathname  0 instance 01422100 adsPathName

790f9244  40001a7       10        System.String  0 instance 01422110 protocolPrefix

790fd8b4  40001a8       14 ...ections.Hashtable  0 instance 01422038 objectClassSchemas

034caad4  40001c1       18 ...vices.Credentials  0 instance 013db8f4 connectionCredentials

790f9244  40001c2       1c        System.String  0 instance 012f9f74 serverName

790f9244  40001c3       20        System.String  0 instance 01422538 dnsHostName

790f9244  40001c4       24        System.String  0 instance 01421b18 defaultNamingContext

790f9244  40001c5       28        System.String  0 instance 01422680 configNamingContext

790f9244  40001c6       2c        System.String  0 instance 014227d0 schemaNamingContext

03df7744  40001c7       30 ...veDirectoryDomain  0 instance 00000000 domain

03df7844  40001c8       34 ...ory.GlobalCatalog  0 instance 00000000 global

03df5294  40001c9       38 ...ces.Exchange.Site  0 instance 014229e8 site

03df4a80  40001ca       3c ...ces.DirectoryItem  0 instance 00000000 config

790ffe7c  40001cb       40          System.Type  0 instance 00000000 providerType

034c30c0  40001c0      2a0         log4net.ILog  0   static 013fe5e4 debugLog

790f9244  40001cc      2a4        System.String  0   static 013fe330 TopContainerFormatter

79103c00  400025b       4c       System.Boolean  1 instance        0 ntMixed

79103c00  400025c       4d       System.Boolean  1 instance        0 mixed

79103c00  400025d       4e       System.Boolean  1 instance        0 hasExchange

79103c00  400025e       4f       System.Boolean  1 instance        0 hasExchange2003

79103c00  400025f       50       System.Boolean  1 instance        0 gcPresent

790f9244  4000260       44        System.String  0 instance 0142293c rootDomainNamingContext

790fd8b4  4000261       48 ...ections.Hashtable  0 instance 01421f70 detailedSchemaInfo

034c30c0  400025a      330         log4net.ILog  0   static 01421ef0 debugLog

 

 

04a8ebbd 8b4e38          mov     ecx,dword ptr [esi+38h] - now move the value into ECX

04a8ebc0 3909            cmp     dword ptr [ecx],ecx          -- ptr [ECX] is the method table

 

 

0:011> r

eax=014229e8 ebx=013ffffc ecx=01422ffc edx=00005087 esi=01421bfc edi=014229e8

eip=04a8ebbd esp=03ddf34c ebp=013ffffc iopl=0         nv up ei pl zr na pe nc

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246

04a8ebbd 8b4e38          mov     ecx,dword ptr [esi+38h] ds:0023:01421c34=014229e8

 

0:011> p

eax=014229e8 ebx=013ffffc ecx=014229e8 edx=00005087 esi=01421bfc edi=014229e8

eip=04a8ebc0 esp=03ddf34c ebp=013ffffc iopl=0         nv up ei pl zr na pe nc

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246

04a8ebc0 3909            cmp     dword ptr [ecx],ecx  ds:0023:014229e8=03df5294

 

0:011> !do 014229e8

Name: FooBar.DirectoryServices.Exchange.Site

MethodTable: 03df5294 -- check this via "!dumpmt -md 03df5294"

EEClass: 03cbacb4

Size: 84(0x54) bytes

GC Generation: 0

 

04a8ebc2 ff150853df03    call    dword ptr ds:[3DF5308h]  -- here we call 03df5335-> 03df5270    

 

 

0:011> !dumpmt -md 03df5294

EEClass: 03cbacb4

Module: 00909394

 

Name: FooBar.DirectoryServices.Exchange.Site

mdToken: 0200009e  (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

BaseSize: 0x54

ComponentSize: 0x0

Number of IFaces in IFaceMap: 2

 

Slots in VTable: 20

 

--------------------------------------

MethodDesc Table

   Entry MethodDesc      JIT Name

7934cdcc   79137ab8   PreJIT System.Object.ToString()

7934bba0   79137ac0   PreJIT System.Object.Equals(System.Object)

7934bb90   79137ad8   PreJIT System.Object.GetHashCode()

793424c0   79137ae0   PreJIT System.Object.Finalize()

03df44e5   03df43e0     NONE FooBar.DirectoryServices.Item.GetDisplayName()

...

03df5331   03df5268     NONE FooBar.DirectoryServices.Exchange.Site.IsGroupContainer()

04a8ed00   03df5258      JIT FooBar.DirectoryServices.Exchange.Site..ctor(System.String)

03df532d   03df5260     NONE FooBar.DirectoryServices.Exchange.Site..ctor(System.String, System.String)

03df5335   03df5270     NONE FooBar.DirectoryServices.Exchange.Site.isMixed()

<snip>

 

 


 

04a8ebc8 88464c          mov     byte ptr [esi+4Ch],al

04a8ebcb b94477df03      mov     ecx,3DF7744h

04a8ebd0 e84734e6fb      call    008f201c (JitHelp: CORINFO_HELP_NEWSFAST)

 

 

 

0:011> p

eax=00000000 ebx=013ffffc ecx=01454b94 edx=00000000 esi=01421bfc edi=014229e8

eip=04a8ebc8 esp=03ddf34c ebp=013ffffc iopl=0         nv up ei ng nz ac pe cy

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000297

04a8ebc8 88464c          mov     byte ptr [esi+4Ch],al      ds:0023:01421c48=00 -- sets ntMixed == false

 

 

 

0:011> !do 01421bfc

Name: FooBar.DirectoryServices.ActiveDirectoryInitialContext

MethodTable: 03df6194

EEClass: 03cbb41c

Size: 88(0x58) bytes

GC Generation: 0

 (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

Fields:

      MT    Field   Offset                 Type VT     Attr    Value Name

034c94cc  40001a4        4 ...es.InitialContext  0 instance 00000000 initialContext

790f9244  40001a5        8        System.String  0 instance 01254d68 distinguishedName

...

790f9244  40001cc      2a4        System.String  0   static 013fe330 TopContainerFormatter

79103c00  400025b       4c       System.Boolean  1 instance        0 ntMixed

79103c00  400025c       4d       System.Boolean  1 instance        0 mixed

79103c00  400025d       4e       System.Boolean  1 instance        0 hasExchange

 

 

0:011> p

eax=00000000 ebx=013ffffc ecx=01454b94 edx=00000000 esi=01421bfc edi=014229e8

eip=04a8ebcb esp=03ddf34c ebp=013ffffc iopl=0         nv up ei ng nz ac pe cy

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000297

04a8ebcb b94477df03      mov     ecx,3DF7744h

 

 

0:011> !do 01421bfc

Name: FooBar.DirectoryServices.ActiveDirectoryInitialContext

MethodTable: 03df6194

EEClass: 03cbb41c

Size: 88(0x58) bytes

GC Generation: 0

 (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

Fields:

      MT    Field   Offset                 Type VT     Attr    Value Name

034c94cc  40001a4        4 ...es.InitialContext  0 instance 00000000 initialContext

790f9244  40001a5        8        System.String  0 instance 01254d68 distinguishedName

...

790f9244  40001c5       28        System.String  0 instance 00000000 configNamingContext

790f9244  40001c6       2c        System.String  0 instance 00000000 schemaNamingContext

03df7744  40001c7       30 ...veDirectoryDomain  0 instance 00000000 domain

03df7844  40001c8       34 ...ory.GlobalCatalog  0 instance 00000000 global

03df5294  40001c9       38 ...ces.Exchange.Site  0 instance 00000000 site

 

0:011>

eax=00000000 ebx=013ffffc ecx=03df7744 edx=00000000 esi=01421bfc edi=014229e8

eip=04a8ebd0 esp=03ddf34c ebp=013ffffc iopl=0         nv up ei ng nz ac pe cy

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000297

04a8ebd0 e84734e6fb      call    008f201c

 

04a8e381 e8963ce6fb      call    008f201c (JitHelp: CORINFO_HELP_NEWSFAST) --- can’t recall what this was - looks like it allocates an object?