Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Limit !dumpheap (windbg) output to n objects

Tags:

windbg

When using windbg and running !dumpheap command to see the addresses of objects, how can you limit to a specific number of objects. The only way I found was using CTRL+BREAK and a command line on a blog http://dotnetdebug.net/2005/07/04/dumpheap-parameters-and-some-general-information-on-sos-help-system/

-l X - Prints out only X items from each heap instead of all the objects.

Apparently -l no longer exists in SOS.dll

like image 632
Timur Fanshteyn Avatar asked Jan 31 '09 07:01

Timur Fanshteyn


2 Answers

What are you actually looking for? Before looking at individual objects, it's usual to narrow the area of interest.

The –stat switch shows a summary, per type of the objects on the heap.

DumpHeap [-stat] [-min ][-max ] [-thinlock] [-mt ] [-type ][start [end]]

  • The -stat option restricts the output to the statistical type summary.
  • The -min option ignores objects that are less than the size parameter, specified in bytes.
  • The -max option ignores objects that are larger than the size parameter, specified in bytes.
  • The -thinlock option reports ThinLocks. For more information, see the SyncBlk command.
  • The -mt option lists only those objects that correspond to specified the MethodTable structure.
  • The -type option lists only those objects whose type name is a substring match of the specified string.

The start parameter begins listing from the specified address. The end parameter stops listing at the specified address.

Ref.

like image 80
Mitch Wheat Avatar answered Oct 22 '22 11:10

Mitch Wheat


According which criteria would you like to limit the number of outputs? The -l option just limits the output according to line numbers. This is useless: let's say it shows only the first 10 objects, maybe the object you're looking for is not even listed.

If the output is too long for WinDbgs output window, use .logopen to dump the objects into a file and then review the file with a text editor.

If you have other ideas how your object looks like, you can perform a loop over all objects

.foreach ( obj { !dumpheap -short -type MyType} )

and then decide with .if whether or not your object matches this criteria.

As an example, I was looking for a needle in a haystack. I was searching a specific Hashtable in a program with more than 3000 Hashtables on the heap. The command I tried to use was

.foreach ( obj { !dumpheap -short -type Hashtable }) {.if (poi(poi(${obj}+1c)) > 100) {!do ${obj}} }

1C is the offset of the count member of the hashtable.

100 is the number of items the Hashtable was expected to have at least.

Unfortunately it didn't work for Hashtables immediately, because !dumpheap -type also listed HashtableEnumerators which somehow crashed the debugger.

To dump hashtables only, run !dumpheap -stat and figure out the method table of hashtables and run the command with -mt <methodtable> instead of -type <classname>, which gives

.foreach ( obj { !dumpheap -short -mt <MT of Hashtable> }) {.if (poi(poi(${obj}+1c)) > 100) {!do ${obj}} }
like image 42
Thomas Weller Avatar answered Oct 22 '22 10:10

Thomas Weller