visual-studio – How can I get its variables from the application memory dump if there are debug symbols only for my dll?

Question:

There is my DLL library (Visual Studio 2013 project). It is used by other people's programs. While these programs were running, several complete dumps of the process memory of these programs were saved.
I am opening these dumps in my Visual Studio project. I only have debug symbols for my DLL. At the same time, if during the saving of the dump the code of one of the functions of my DLL was executed, then you can see all the symbols in the source code, the place of the current execution, etc. But if another code was executed, I do not see any data and I cannot see the current value of the variables of my DLL. Local variables are obviously inaccessible, since they are not there, but static data is not visible either.

How do I view my DLL data?

Answer:

Not sure if this can be done via studio. But you can definitely use WinDBG:

  1. Open dump.

  2. Include links in output:

     .prefer_dml 1

  3. Register the path to symbols:

     .sympath+ srv*

  4. Download SOS (let's fix it on the appropriate version and platform)

    for 4.0:

     .loadby sos clr

    for <4.0

     .loadby sos mscorwks

    or the full path

     .load C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll

  5. Find EEClass for the type for which you want to view static fields

     > !name2ee mscorlib.dll System.Console Module: 0000064278854000 (mscorlib.dll) Token: 0x000000000200008b MethodTable: 00000642788c8d10 EEClass: 0000064278a271a8 Name: System.Console

  6. View static fields:

     > !dumpclass 0000064278a271a8 Class Name: System.Console mdToken: 000000000200008b (C:\WINDOWS\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll) Parent Class: 00000642788c0c30 Module: 0000064278854000 Method Table: 00000642788c8d10 Vtable Slots: 4 Total Method Slots: 78 Class Attributes: 100181 Abstract, NumInstanceFields: 0 NumStaticFields: d MT Field Offset Type VT Attr Value Name 00000642788f5aa0 40002ae d8 System.IO.TextReader 0 shared static _in

Then click on the object addresses – in DML mode, click on the corresponding command to dump the object.

There is an excellent tutorial on setting up WinDBG, Debugging Managed Code Using the Windows Debugger .

Post Views: 0
Scroll to Top