locked
Windbg - expression in !do RRS feed

  • Question

  • Hi,

    I'm stuck on what must be a simple issue.

    Using this in windbg doesn't work: !do ( 0f137a28 + 024 )

    I've tried every variation of it I can think of it and I just get "Incorrect argument"

    How do you use expressions in !do? What I ultimately want (I think) is something like this:

    !do (address at (expression)) - it's going to be used in a .foreach where I want to list out a particular string field from a list of objects of the heap. i.e.

    .foreach (addr {!dumpheap -type t}) (!do poi(addr + 24))

    "For every object o of type t: Dump the string at the address found at o's address + 24."

    Thanks,

    Adam.

    Monday, August 10, 2015 11:25 AM

Answers

  • You already tried omitting spaces?

    0:005> !do (01ecd340+010)
    Name:        System.String
    MethodTable: 5c643e18
    EEClass:     5c2438f0
    Size:        26(0x1a) bytes
    File:        C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    String:      System
    Fields:
          MT    Field   Offset                 Type VT     Attr    Value Name
    5c64560c  40000ab        4         System.Int32  1 instance        6 m_stringLength
    5c644810  40000ac        8          System.Char  1 instance       53 m_firstChar
    5c643e18  40000ad        c        System.String  0   shared   static Empty
        >> Domain:Value  0026d668:NotInit  <<
    

    else using a pseudo register?
    http://stackoverflow.com/questions/28102678/iterating-through-dumpheap-output-to-read-value-at-memory-offset

    With kind regards


    • Marked as answer by Adam Benson Tuesday, August 11, 2015 9:07 AM
    Monday, August 10, 2015 5:50 PM

All replies

  • You already tried omitting spaces?

    0:005> !do (01ecd340+010)
    Name:        System.String
    MethodTable: 5c643e18
    EEClass:     5c2438f0
    Size:        26(0x1a) bytes
    File:        C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    String:      System
    Fields:
          MT    Field   Offset                 Type VT     Attr    Value Name
    5c64560c  40000ab        4         System.Int32  1 instance        6 m_stringLength
    5c644810  40000ac        8          System.Char  1 instance       53 m_firstChar
    5c643e18  40000ad        c        System.String  0   shared   static Empty
        >> Domain:Value  0026d668:NotInit  <<
    

    else using a pseudo register?
    http://stackoverflow.com/questions/28102678/iterating-through-dumpheap-output-to-read-value-at-memory-offset

    With kind regards


    • Marked as answer by Adam Benson Tuesday, August 11, 2015 9:07 AM
    Monday, August 10, 2015 5:50 PM
  • Thanks, Maybe,

    that pointed me in the right direction. Windbg can be very powerful but pretty confusing. I don't really get the poi operator. But I got the information I want now :-)

    Thanks,

    Adam.

    Tuesday, August 11, 2015 9:07 AM