Debugging .Net String value in windbg and WinDbg and SoS, how do I print/dump a large string? show a script that dump the string to a local file:
$$ Dumps the managed strings to a file
$$ Platform x86
$$ Usage $$>a<"c:empdumpstringtofolder.txt" 6544f9ac 5000 c:empstringtest
$$ First argument is the string method table pointer
$$ Second argument is the Min size of the string that needs to be used filter the strings
$$ Third is the path of the file
.foreach ($string {!dumpheap -short -mt ${$arg1} -min ${$arg2}})
{
$$ MT Field Offset Type VT Attr Value Name
$$ 65452978 40000ed 4 System.Int32 1 instance 71117 m_stringLength
$$ 65451dc8 40000ee 8 System.Char 1 instance 3c m_firstChar
$$ 6544f9ac 40000ef 8 System.String 0 shared static Empty
$$ start of string is stored in the 8th offset, which can be inferred from above
$$ Size of the string which is stored in the 4th offset
r@$t0= poi(${$string}+4)*2
.writemem ${$arg3}${$string}.txt ${$string}+8 ${$string}+8+@$t0
}
this script is on x86. I modify the code and try on .net 4.0, x64 system.
the only difference is that the offset is different. for example:
$$ .net 4.0 , the offset is different
$$ MT Field Offset Type VT Attr Value Name
$$ 000007fee4abc7e8 4000103 8 System.Int32 1 instance 460 m_stringLength
$$ 000007fee4abb328 4000104 c System.Char 1 instance 26 m_firstChar
$$ 000007fee4ab6900 4000105 10 System.String 0 shared static Empty
So, I change my code to:
r@$t0= poi(${$string}+8)*2
.writemem ${$arg3}${$string}.txt ${$string}+c ${$string}+c+@$t0
Here, I wonder the function poi,
1. why here need '*2'?
2. I find a string address, run !do, like this:
0:000> !do 0x00000000ffad0de0
Name: System.String
MethodTable: 000007fef5da6738
EEClass: 000007fef592ed68
Size: 794(0x31a) bytes
File: C:WindowsMicrosoft.NetassemblyGAC_64mscorlibv4.0_4.0.0.0__b77a5c561934e089mscorlib.dll
String: jv15Rr2HXPn3....
Fields:
MT Field Offset Type VT Attr Value Name
000007fef5dac620 4000103 8 System.Int32 1 instance 384 m_stringLength
000007fef5dab160 4000104 c System.Char 1 instance 6a m_firstChar
000007fef5da6738 4000105 10 System.String 0 shared static Empty
I run
0:000> ? poi(0x00000000ffad0de0)+8
Evaluate expression: 8791627818816 = 000007fe`f5da6740
to get the length value of 384, but the output value is wrong(displayed is 8791627818816).
What is wrong?
Thank you for helping me!
updated 1):
I tried:
0:000> r@$t0= poi(0x00000000ffad0de0+8)
0:000> r@$t0
$t0=0076006a00000180
the result seems not correct.
Update 2):
I tried to debug the script:
.echo ${$str}
r@$t0= poi(${$str}+8)*2
.printf "@$t0 is %d
", @$t0
.echo ${$arg3}${$str}.txt
.printf "${$str}+c: %p
", ${$str}+c
.printf "${$str}+c+@$t0: %p
", ${$str}+c+@$t0
$$.writemem ${$arg3}${$str}.txt ${$str}+c ${$str}+c+@$t0
then I got the output:
0x00000000ffad4550
@$t0 is 640
c:stringtestx00000000ffad4550.txt
0x00000000ffad4550+c: 00000000ffad455c
0x00000000ffad4550+c+@$t0: 00ec00d4ffad47dc
then I run the .writemem for the output address:
0:000> .writemem c:stringtestss.txt 00000000ffad455c L0n640
Writing 280 bytes.
I got the correct string, it's like this:
/txrqcf...........j7ULyzqxSmB3bpu
I run the command:
0:000> .writemem c:stringtestss.txt 00000000ffad455c 00ec00d4ffad47dc
^ Range error
I got the error Range error, I check the link to find out the result, but I have no idea.
See Question&Answers more detail:
os 
