问题描述
限时送ChatGPT账号..我有一个包含 73 个线程的用户模式转储.其中一些是受管理的,其中一些是本地的.我想找到托管线程,它的调用堆栈中包含某个托管函数.
I have a user mode dump with 73 threads. Some of them are managed and some of them native. I would like to find the managed thread, which call stack contains a certain managed function.
我在调试器中加载了 SOSEX 扩展.
I have the SOSEX extension loaded in the debugger.
现在我执行 ~*e !mk
转储所有托管线程,然后手动浏览它们以查找我需要的内容 - 太长而且很烦人.
Right now I do ~*e !mk
to dump all the managed threads and then browse through them manually looking for what I need - too long and tiresome.
有没有更好的方法?
推荐答案
相关命令
有 !findstack
查找在堆栈上具有特定模块的线程,但恕我直言,它仅适用于本机调用堆栈和仅适用于模块,不适用于方法.
Related commands
There is !findstack <module> 2
to find threads that have a specific module on the stack, but IMHO it only works well for native callstacks and for modules only, not for methods.
然后是 !uniqstack
,它可能有助于缩小线程的范围,以防许多线程具有相同的调用堆栈.这也是一个本机命令.
Then there is !uniqstack
which might help narrowing down the threads in case many threads have the same callstack. It's also a native command.
我在这种情况下所做的是一种丑陋的解决方法,但我还没有找到更好的方法:
What I do in such cases is an ugly workaround, but I have not found something better yet:
.shell -ci "!clrstack" find "Class.Method("
当然,您可以将其与 ~*e
结合起来为所有线程执行此操作.
Of course you can combine this with ~*e
to do it for all threads.
~*e ? $tid;.shell -ci "!clrstack" find "Program.Main("
PyKd 脚本
如果你不介意安装另一个 WinDbg 扩展,我推荐 PyKd 以获得更方便和安静的解决方案.在 WinDbg 目录(或者可能是 WinDbg 的工作目录,不太确定,否则使用完整路径)中创建一个包含内容的文件 findstack.py
PyKd script
If you don't mind installing another WinDbg extension, I recommend PyKd for a more convenient and silent solution. Create a file findstack.py
in WinDbg directory (or maybe the working directory of WinDbg, not so sure, otherwise use the full path) with the content
from pykd import *
if "Class.Method(" in dbgCommand("!clrstack"):
print(hex(expr("$tid")))
在 WinDbg 中,像这样运行脚本:
In WinDbg, run the script like this:
.load E:\path to\x86\pykd.pyd
*** Actually it's a DLL and I prefer renaming it
*** .load E:\path to\x86\pykd.dll
~*e !py findstack.py
当然你可以参数化脚本,例如喜欢
Of course you can parameterize the script, e.g. like
from pykd import *
import sys
if (len(sys.argv) < 4):
print "find <command> <search term> <success command>."
quit()
if sys.argv[2] in dbgCommand(sys.argv[1]):
print(dbgCommand(sys.argv[3]))
然后用参数调用它
~*e !py find.py "!clrstack" "Program.Main(" "? $tid"
这篇关于获取调用堆栈中包含某个 .NET 函数的线程?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
更多推荐
[db:关键词]
发布评论