WinDbg .foreach by reference type and get field value

Question

How I can iterate over reference type (eg MyClass) and get value for one of fields (value type)

I use next code.

.foreach (address  {!DumpHeap -type MyClass -short }) {!do ${address} (what I do next?) }

I get dump of objects, but how to get field value for all objects?

Answer 1

First, you need to find out the offsets of the individual fields by dumping a single object:

0:016> !do 00000000115bff60 
Name: System.Action
MethodTable: 000007fedb35ff30
EEClass: 000007fedb111f90
Size: 64(0x40) bytes
 (C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll)
Fields:
              MT    Field   Offset                 Type VT     Attr            Value Name
000007fedc267680  40000ff        8        System.Object  0 instance 00000000115bff60 _target
000007fedc266138  4000100       10 ...ection.MethodBase  0 instance 0000000000000000 _methodBase
000007fedc26a798  4000101       18        System.IntPtr  1 instance      7fedf0bf238 _methodPtr
000007fedc26a798  4000102       20        System.IntPtr  1 instance      7fedf0fa850 _methodPtrAux
000007fedc267680  400010c       28        System.Object  0 instance 0000000000000000 _invocationList
000007fedc26a798  400010d       30        System.IntPtr  1 instance                0 _invocationCount

Next you can use the offset in your loop. Note that I changed -type <ClassName> to -mt <MethodTable> in order to avoid conflicts. !do searches by substring which might include objects that you don't expect.

Depending on the type of the field, you can then use d* ${address}+<offset> [L<length>] to dump value types

0:016> .foreach (address  {!DumpHeap -mt 000007fedb35ff30 -short }) {dp ${address}+0x20 L1}
00000000`114cfc48  00000000`114ce518
...

or !do poi(${address}+<offset>) to dump .NET objects

0:016> .foreach (address  {!DumpHeap -mt 000007fedb35ff30 -short }) {!do poi(${address}+0x8)}
Name: PaintDotNet.Controls.UnitsComboBoxStrip
MethodTable: 000007fed94cd120
EEClass: 000007fed91b38f8
Size: 224(0xe0) bytes
 (C:\Program Files\Paint.NET\PaintDotNet.exe)
Fields:
              MT    Field   Offset                 Type VT     Attr            Value Name
000007fedc267680  400018a        8        System.Object  0 instance 0000000000000000 __identity
000007fedb6cd320  40008e0       10 ...ponentModel.ISite  0 instance 0000000000000000 site
000007fedb6fcc18  40008e1       18 ....EventHandlerList  0 instance 00000000114d0050 events
...