locked
Modules not listed by "lm" command RRS feed

  • Question

  • I tried to debug .NET application (user mode debugging) for some crash issue for that i want to know the modules loaded. I tried "lm" command to list the modules but it didnt list all the modules loaded in the application. The modules loaded from the Image path are not displayed. Only the Modules from GAC and Windows folders are displayed.

    Please let me know why the modules from private path (Image path) are missing when using "lm" command?

    Moreover i tried to using sxe:ld MyModule to stop execution when "MyModule" is loaded. Its never stopped? Please someone let me know what should i do?

    Thanks


    RM123
    Tuesday, May 24, 2011 8:46 AM

All replies

  • Paul,

    Thanks for your reply

    I load SOS dll using the following command

    .loadby sos mscorwks

    Even after that, when i tried "lm" command, it didnt list the modules from the image path where i open the executable. Below the output of lm command

    00400000 00502000   MYAPP    (deferred)            
    00e70000 01135000   xpsp2res   (deferred)            
    10000000 10030000   sxwmon32   (deferred)            
    5d090000 5d12a000   comctl32_5d090000   (deferred)            
    68000000 68036000   rsaenh     (deferred)            
    74720000 7476c000   MSCTF      (deferred)            
    773d0000 774d3000   comctl32   (deferred)            
    774e0000 7761e000   ole32      (deferred)            
    77c10000 77c68000   msvcrt     (deferred)            
    77dd0000 77e6b000   ADVAPI32   (deferred)            
    77e70000 77f03000   RPCRT4     (deferred)            
    77f10000 77f59000   GDI32      (deferred)            
    77f60000 77fd6000   SHLWAPI    (deferred)            
    77fe0000 77ff1000   Secur32    (deferred)            
    78130000 781cb000   MSVCR80    (deferred)            
    79000000 79046000   mscoree    (deferred)            
    79060000 790b6000   mscorjit   (deferred)            
    790c0000 79bac000   mscorlib_ni   (deferred)            
    79e70000 7a40b000   mscorwks   (deferred)            
    7a440000 7ac32000   System_ni   (deferred)            
    7c800000 7c8f6000   KERNEL32   (pdb symbols)          c:\symbols\kernel32.pdb\072FF0EB54D24DFAAE9D13885486EE092\kernel32.pdb
    7c900000 7c9b2000   ntdll      (pdb symbols)          c:\symbols\ntdll.pdb\CEFC0863B1F84130A11E0F54180CD21A2\ntdll.pdb
    7c9c0000 7d1d7000   SHELL32    (deferred)            
    7e410000 7e4a1000   USER32     (deferred)            

    Here, i see System.dll listed. But the module from the image path (MyModule.dll) is missing. But when i user !dll its there. Why is that?

    Moreover, When i use sxe:ld System to break windbg when the module "System" is loaded, it works fine. However, when i tried to use sxe:ld MyModule, widbg doesnt break when loading MyModule. But when i see in Process Exploere, its there. Can you please explain why this happens?

    Thanks


    RM123
    Tuesday, May 24, 2011 4:31 PM
  • I don’t think the output of lm differs if you load the sos extension or not.

    You can try lm m<your dll name without the extension>

     

    Have you looked at the bottom of the lm output ? sometimes it terminates with an error like

    “Missing image name, possible paged-out or corrupt data.”
    (paged-out is strange in a userdump !!)

     

    There is a handy alternative way to list the modules if the lm fails by a macro:

    ( I think I found it in the windbg help)

     

    Regards

    Kjell Gunnar

     

    ---------copy this to  C:\DbgScripts\walkLdr.txt -----

    $$ run with:  $$>< C:\DbgScripts\walkLdr.txt
    $$
    $$ Get module list LIST_ENTRY in $t0.
    r? $t0 = &@$peb->Ldr->InLoadOrderModuleList
     
    $$ Iterate over all modules in list.
    .for (r? $t1 = *(ntdll!_LDR_DATA_TABLE_ENTRY**)@$t0;
          (@$t1 != 0) & (@$t1 != @$t0);
          r? $t1 = (ntdll!_LDR_DATA_TABLE_ENTRY*)@$t1->InLoadOrderLinks.Flink)
    {
        $$ Get base address in $Base.
        as /x ${/v:$Base} @@c++(@$t1->DllBase)
       
        $$ Get full name into $Mod.
        as /msu ${/v:$Mod} @@c++(&@$t1->FullDllName)
     
        .block
        {
            .echo ${$Mod} at ${$Base}
        }
     
        ad ${/v:$Base}
        ad ${/v:$Mod}
    }

    Wednesday, May 25, 2011 7:37 AM
  • Hi Kgt,

    I read in some article that, only the assemblies loaded using kernel32!LoadLibrary function will be listed using "lm" command. so i tried to break windbg on kernel32!LoadLibrary by setting conditional breakpoint like bu 7c80aeeb ";as /mu ${/v:MyAlias} poi(@esp+0x4*1); .if ( $spat( \"${MyAlias}\", \"*NetXApplicationFrame*\" ) != 0 ) {;.echo *** LoadLibraryA CALLED *** ;.printf \"%mu\\n\", dwo (ESP + 0x04*1);.echo } .else { g }". Windbg didnt break on kernel32!LoadLibrary which means CLR didnt use LoadLibrary function to load the modules and the modules are not listed by lm command.

    Do you know the win32API which is used by CLR to load libraries ? My intention is not only to check the modules loaded but also i want to break windbg when the module is loaded.

     

    Thanks


    RM123
    Wednesday, May 25, 2011 7:52 AM
  • The only blog I know of is
    http://blogs.msdn.com/b/junfeng/archive/2007/08/06/the-sequence-of-interactions-between-clr-loader-and-fusion-during-assembly-load.aspx, which mentions loadlibrary explicitely (Net 2.0).
    For me (.Net 4.0) a kb of sxe:ld, when loading managed dll normally yields some clr!ClassLoader::RunMain, clr!PEFile::LoadAssembly, clr!FusionBind::LoadAssembly functions .
    Probably you can try catching loading in an early stage.

    with kind regards

    Wednesday, May 25, 2011 8:22 AM
  • Pavel,

    I didn't precompile anything using ngen. To ensure that, i verified in "ngen.log" and my modules are not there. But interestingly, i found the below in the ngen.log

     

    ......

    11/03/2010 14:07:15 [3172]: Command line: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe install System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 /NoDependencies /queue:1 /nologo /netfxpri1
    11/03/2010 14:07:15 [3172]: Installing assembly System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
    11/03/2010 14:07:15 [3172]: ngen returning 0x00000000
    11/03/2010 14:07:15 [2992]: Command line: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe install System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a /NoDependencies /queue:3 /nologo
    11/03/2010 14:07:15 [2992]: Installing assembly System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
    11/03/2010 14:07:15 [2992]: ngen returning 0x00000000

    ......

    i dont know much about ngen.. but it seems all the .NET modules are precompiled and are listed by "lm" command. Please refer the output above.

    Any Clues?

    Ram

     


    RM123
    Thursday, May 26, 2011 1:04 AM
  • Hi Kgt,
    ...
    Do you know the win32API which is used by CLR to load libraries ? My intention is not only to check the modules loaded but also i want to break windbg when the module is loaded.

    Sorry I don’t know anything about how CLR is loading the assemblies, but in those apps I have debugged, I normally see them in lm.

    kgt



    Thursday, May 26, 2011 6:41 AM