.NET DEBUGGING

OOPS

OOAD

SOLID

DP

DS

SQL

XML

FAQ

↓↑

Prerequisites

Windows Tools

Basic Concepts

Environment Setup

Windows Fundamentals

Windows Internals

Debugger Essentials

PE Anatomy

Standard Debugging

.NET Fundamentals

.NET Internals

.NET Metadata

CLR Data Structure

C# Programming

C# Compilation

IL Programming

CUI Debugging

↓↑

Module 13 - Managed Techniques

Execution Engine Version

Details of Common Language Runtime

For Instance Version, Mode etc.
How To
Dump EE Version	1) RUN@ cdb.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc Microsoft (R) Windows Debugger Version 10.0.22621.2428 AMD64 ... ntdll!LdrpDoDebuggerBreak+0x30: ... 2) CDB@ sxe ld clr 3) CDB@ g ... ... clr.dll ntdll!NtMapViewOfSection+0x14: ... 4) CDB@ .loadby SOS clr 5) CDB@ .chain ... Extension DLL chain: ... SOS.dll: ... [path: ... SOS.dll] ... 6) CDB@ sxe ld clrjit 7) CDB@ g ... ... clrjit.dll ntdll!NtMapViewOfSection+0x14: ... 8) CDB@ .reload Reloading current modules ... 9) CDB@ !SOS.EEVersion 4.8.9261.0 free Workstation mode ... 10) CDB@ qd
cdb.exe : Program, CUI Symbolic Debugger -o : Switch, Specifies Target Application C:\Windows\System32\mmc.exe : Parameter, MMC Application C:\Windows\System32\eventvwr.msc : Argument, Event Viewer Snap In sxe ld : Standard Command, To Break on Module Load g : Standard Command, To Go Execution .loadby : Meta Command, To Load Extension DLL .chain : Meta Command, To List Loaded Extension DLL .reload : Meta Command, To Reload Module Symbol !SOS.EEVersion : Extension Command, To Dump EE Version and Mode 4.8.9261.0 : Output, CLR Version Workstation : Output, CLR Mode qd : Standard Command, To Quit and Detach
Alternatively, RUN@ windbg.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc → View → Command (Alt+1) → sxe ld clr; g; .loadby SOS clr; .chain; sxe ld clrjit; g; .reload; !SOS.EEVersion; qd

Dump Domain

Application Domain of Process

For Instance System Domain, Shared Domain, Domain 1 etc.
How To
Dump Domain	1) RUN@ cdb.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc Microsoft (R) Windows Debugger Version 10.0.22621.2428 AMD64 ... ntdll!LdrpDoDebuggerBreak+0x30: ... 2) CDB@ sxe ld clr 3) CDB@ g ... ... clr.dll ntdll!NtMapViewOfSection+0x14: ... 4) CDB@ .loadby SOS clr 5) CDB@ .chain ... Extension DLL chain: ... SOS.dll: ... [path: ... SOS.dll] ... 6) CDB@ sxe ld clrjit 7) CDB@ g ... ... clrjit.dll ntdll!NtMapViewOfSection+0x14: ... 8) CDB@ .reload Reloading current modules ... 9) CDB@ !SOS.DumpDomain System Domain: 00007ffea2e55250 ... Shared Domain: 00007ffea2e54c80 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... Domain 1: 000000000762aee0 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... 10) CDB@ qd
cdb.exe : Program, CUI Symbolic Debugger -o : Switch, Specifies Target Application C:\Windows\System32\mmc.exe : Parameter, MMC Application C:\Windows\System32\eventvwr.msc : Argument, Event Viewer Snap In sxe ld : Standard Command, To Break on Module Load g : Standard Command, To Go Execution .loadby : Meta Command, To Load Extension DLL .chain : Meta Command, To List Loaded Extension DLL .reload : Meta Command, To Reload Module Symbol !SOS.DumpDomain : Extension Command, To Dump Application Domain 00007ffea2e55250 : Output, System Application Domain Address 00007ffea2e54c80 : Output, Shared Application Domain Address 000000000762aee0 : Output, Domain 1 Application Domain Address qd : Standard Command, To Quit and Detach
Alternatively, RUN@ windbg.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc → View → Command (Alt+1) → sxe ld clr; g; .loadby SOS clr; .chain; sxe ld clrjit; g; .reload; !SOS.DumpDomain; qd

Dump Assembly

Assembly of Application Domain

For Instance Module etc.
How To
Dump Assembly	1) RUN@ cdb.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc Microsoft (R) Windows Debugger Version 10.0.22621.2428 AMD64 ... ntdll!LdrpDoDebuggerBreak+0x30: ... 2) CDB@ sxe ld clr 3) CDB@ g ... ... clr.dll ntdll!NtMapViewOfSection+0x14: ... 4) CDB@ .loadby SOS clr 5) CDB@ .chain ... Extension DLL chain: ... SOS.dll: ... [path: ... SOS.dll] ... 6) CDB@ sxe ld clrjit 7) CDB@ g ... ... clrjit.dll ntdll!NtMapViewOfSection+0x14: ... 8) CDB@ .reload Reloading current modules ... 9) CDB@ !SOS.DumpDomain System Domain: 00007ffea2e55250 ... Shared Domain: 00007ffea2e54c80 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... Domain 1: 000000000762aee0 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... 10) CDB@ !SOS.DumpAssembly 00000000076d75e0 ... Name: ... MMCEx.dll ... Module Name 00007fffdad61000 ... MMCEx.dll ... 11) CDB@ qd
cdb.exe : Program, CUI Symbolic Debugger -o : Switch, Specifies Target Application C:\Windows\System32\mmc.exe : Parameter, MMC Application C:\Windows\System32\eventvwr.msc : Argument, Event Viewer Snap In sxe ld : Standard Command, To Break on Module Load g : Standard Command, To Go Execution .loadby : Meta Command, To Load Extension DLL .chain : Meta Command, To List Loaded Extension DLL .reload : Meta Command, To Reload Module Symbol !SOS.DumpDomain : Extension Command, To Dump Application Domain 00000000076d75e0 : Output, Assembly Address !SOS.DumpAssembly : Extension Command, To Dump Assembly 00007fffdad61000 : Output, Module Address qd : Standard Command, To Quit and Detach
Alternatively, RUN@ windbg.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc → View → Command (Alt+1) → sxe ld clr; g; .loadby SOS clr; .chain; sxe ld clrjit; g; .reload; !SOS.DumpDomain; !SOS.DumpAssembly <Assembly Address>; qd

Dump Module

Module of Assembly

For Instance MT, TypeDef, TypeRef etc.
How To
Dump Module	1) RUN@ cdb.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc Microsoft (R) Windows Debugger Version 10.0.22621.2428 AMD64 ... ntdll!LdrpDoDebuggerBreak+0x30: ... 2) CDB@ sxe ld clr 3) CDB@ g ... ... clr.dll ntdll!NtMapViewOfSection+0x14: ... 4) CDB@ .loadby SOS clr 5) CDB@ .chain ... Extension DLL chain: ... SOS.dll: ... [path: ... SOS.dll] ... 6) CDB@ sxe ld clrjit 7) CDB@ g ... ... clrjit.dll ntdll!NtMapViewOfSection+0x14: ... 8) CDB@ .reload Reloading current modules ... 9) CDB@ !SOS.DumpDomain System Domain: 00007ffea2e55250 ... Shared Domain: 00007ffea2e54c80 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... Domain 1: 000000000762aee0 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... 10) CDB@ !SOS.DumpAssembly 00000000076d75e0 ... Name: ... MMCEx.dll ... Module Name 00007ffe42dc4150 ... MMCEx.dll ... 11) CDB@ !SOS.DumpModule -mt 00007ffe42dc4150 Name: ... MMCEx.dll ... MT TypeDef Name ------------------------------------------------------------------------------ ... 00007ffe42dc56b0 0x020000f3 ... FrameworkSnapInFactory ... MT TypeRef Name ------------------------------------------------------------------------------ ... 00007ffea0230bb0 0x02000001 System.Object ... 12) CDB@ qd
cdb.exe : Program, CUI Symbolic Debugger -o : Switch, Specifies Target Application C:\Windows\System32\mmc.exe : Parameter, MMC Application C:\Windows\System32\eventvwr.msc : Argument, Event Viewer Snap In sxe ld : Standard Command, To Break on Module Load g : Standard Command, To Go Execution .loadby : Meta Command, To Load Extension DLL .chain : Meta Command, To List Loaded Extension DLL .reload : Meta Command, To Reload Module Symbol !SOS.DumpDomain : Extension Command, To Dump Application Domain 00000000076d75e0 : Output, Assembly Address !SOS.DumpAssembly : Extension Command, To Dump Assembly !SOS.DumpModule : Extension Command, To Dump Module -mt : Option, Specifies Method Table 00007ffe42dc4150 : Output, Module Address 00007ffe42dc56b0, 00007ffea0230bb0 : Output, Method Table Address 0x020000f3 : Output, TypeDef Token 0x02000001 : Output, TypeRef Token qd : Standard Command, To Quit and Detach
Alternatively, RUN@ windbg.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc → View → Command (Alt+1) → sxe ld clr; g; .loadby SOS clr; .chain; sxe ld clrjit; g; .reload; !SOS.DumpDomain; !SOS.DumpAssembly <Assembly Address>; !SOS.DumpModule -mt <Module Address>; qd

Token to Execution Engine

Metadata Token of Module

For Instance Method Table, EE Class, Name etc.
How To
Dump Token 2 EE	1) RUN@ cdb.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc Microsoft (R) Windows Debugger Version 10.0.22621.2428 AMD64 ... ntdll!LdrpDoDebuggerBreak+0x30: ... 2) CDB@ sxe ld clr 3) CDB@ g ... ... clr.dll ntdll!NtMapViewOfSection+0x14: ... 4) CDB@ .loadby SOS clr 5) CDB@ .chain ... Extension DLL chain: ... SOS.dll: ... [path: ... SOS.dll] ... 6) CDB@ sxe ld clrjit 7) CDB@ g ... ... clrjit.dll ntdll!NtMapViewOfSection+0x14: ... 8) CDB@ .reload Reloading current modules ... 9) CDB@ !SOS.DumpDomain System Domain: 00007ffea2e55250 ... Shared Domain: 00007ffea2e54c80 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... Domain 1: 000000000762aee0 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... 10) CDB@ !SOS.DumpAssembly 00000000076d75e0 ... Name: ... MMCEx.dll ... Module Name 00007ffe42dc4150 ... MMCEx.dll ... 11) CDB@ !SOS.DumpModule -mt 00007ffe42dc4150 Name: ... MMCEx.dll ... MT TypeDef Name ------------------------------------------------------------------------------ ... 00007ffe42dc56b0 0x020000f3 ... FrameworkSnapInFactory ... MT TypeRef Name ------------------------------------------------------------------------------ ... 00007ffea0230bb0 0x02000001 System.Object ... 12) CDB@ !SOS.Token2EE MMCEx.dll 0x020000f3 ... Token: 00000000020000f3 MethodTable: 00007ffe42dc56b0 EEClass: 00007ff92f0212a0 Name: Microsoft.ManagementConsole.Advanced.FrameworkSnapInFactory ... 13) CDB@ qd
cdb.exe : Program, CUI Symbolic Debugger -o : Switch, Specifies Target Application C:\Windows\System32\mmc.exe : Parameter, MMC Application C:\Windows\System32\eventvwr.msc : Argument, Event Viewer Snap In sxe ld : Standard Command, To Break on Module Load g : Standard Command, To Go Execution .loadby : Meta Command, To Load Extension DLL .chain : Meta Command, To List Loaded Extension DLL .reload : Meta Command, To Reload Module Symbol !SOS.DumpDomain : Extension Command, To Dump Application Domain 00000000076d75e0 : Output, Assembly Address !SOS.DumpAssembly : Extension Command, To Dump Assembly !SOS.DumpModule : Extension Command, To Dump Module -mt : Option, Specifies Method Table 00007ffe42dc4150 : Output, Module Address !SOS.Token2EE : Extension Command, To Dump Metadata Token 00007ffe42dc56b0 : Output, Method Table Address 00007ff92f0212a0 : Output, EE Class Address Microsoft.ManagementConsole.Advanced.FrameworkSnapInFactory : Output, EE Class Name qd : Standard Command, To Quit and Detach
Alternatively, RUN@ windbg.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc → View → Command (Alt+1) → sxe ld clr; g; .loadby SOS clr; .chain; sxe ld clrjit; g; .reload; !SOS.DumpDomain; !SOS.DumpAssembly <Assembly Address>; !SOS.DumpModule -mt <Module Address>; !SOS.Token2EE <Module Name> <Metadata Token>; qd

Name to Execution Engine

Name of Module

For Instance Method Table, EE Class, Method Desc etc.
How To
Dump Name 2 EE	1) RUN@ cdb.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc Microsoft (R) Windows Debugger Version 10.0.22621.2428 AMD64 ... ntdll!LdrpDoDebuggerBreak+0x30: ... 2) CDB@ sxe ld clr 3) CDB@ g ... ... clr.dll ntdll!NtMapViewOfSection+0x14: ... 4) CDB@ .loadby SOS clr 5) CDB@ .chain ... Extension DLL chain: ... SOS.dll: ... [path: ... SOS.dll] ... 6) CDB@ sxe ld clrjit 7) CDB@ g ... ... clrjit.dll ntdll!NtMapViewOfSection+0x14: ... 8) CDB@ .reload Reloading current modules ... 9) CDB@ !SOS.DumpDomain System Domain: 00007ffea2e55250 ... Shared Domain: 00007ffea2e54c80 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... Domain 1: 000000000762aee0 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... 10) CDB@ !SOS.DumpAssembly 00000000076d75e0 ... Name: ... MMCEx.dll ... Module Name 00007ffe42dc4150 ... MMCEx.dll ... 11) CDB@ !SOS.DumpModule -mt 00007ffe42dc4150 Name: ... MMCEx.dll ... MT TypeDef Name ------------------------------------------------------------------------------ ... 00007ffe42dc56b0 0x020000f3 ... FrameworkSnapInFactory ... MT TypeRef Name ------------------------------------------------------------------------------ ... 00007ffea0230bb0 0x02000001 System.Object ... 12) CDB@ !SOS.Name2EE MMCEx.dll Microsoft.ManagementConsole.Advanced.FrameworkSnapInFactory ... MethodTable: 00007ffe42dc56b0 EEClass: 00007ff92f0212a0 ... 13) CDB@ qd
cdb.exe : Program, CUI Symbolic Debugger -o : Switch, Specifies Target Application C:\Windows\System32\mmc.exe : Parameter, MMC Application C:\Windows\System32\eventvwr.msc : Argument, Event Viewer Snap In sxe ld : Standard Command, To Break on Module Load g : Standard Command, To Go Execution .loadby : Meta Command, To Load Extension DLL .chain : Meta Command, To List Loaded Extension DLL .reload : Meta Command, To Reload Module Symbol !SOS.DumpDomain : Extension Command, To Dump Application Domain 00000000076d75e0 : Output, Assembly Address !SOS.DumpAssembly : Extension Command, To Dump Assembly !SOS.DumpModule : Extension Command, To Dump Module -mt : Option, Specifies Method Table 00007ffe42dc4150 : Output, Module Address !SOS.Name2EE : Extension Command, To Turn Name to Method Table and EE Class 00007ffe42dc56b0 : Output, Method Table Address 00007ff92f0212a0 : Output, EE Class Address qd : Standard Command, To Quit and Detach
Alternatively, RUN@ windbg.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc → View → Command (Alt+1) → sxe ld clr; g; .loadby SOS clr; .chain; sxe ld clrjit; g; .reload; !SOS.DumpDomain; !SOS.DumpAssembly <Assembly Address>; !SOS.DumpModule -mt <Module Address>; !SOS.Name2EE <Module Name> <Name>; qd

Dump Method Table

Method Table of Module

For Instance EE Class, Method Desc etc.
How To
Dump MT	1) RUN@ cdb.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc Microsoft (R) Windows Debugger Version 10.0.22621.2428 AMD64 ... ntdll!LdrpDoDebuggerBreak+0x30: ... 2) CDB@ sxe ld clr 3) CDB@ g ... ... clr.dll ntdll!NtMapViewOfSection+0x14: ... 4) CDB@ .loadby SOS clr 5) CDB@ .chain ... Extension DLL chain: ... SOS.dll: ... [path: ... SOS.dll] ... 6) CDB@ sxe ld clrjit 7) CDB@ g ... ... clrjit.dll ntdll!NtMapViewOfSection+0x14: ... 8) CDB@ .reload Reloading current modules ... 9) CDB@ !SOS.DumpDomain System Domain: 00007ffea2e55250 ... Shared Domain: 00007ffea2e54c80 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... Domain 1: 000000000762aee0 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... 10) CDB@ !SOS.DumpAssembly 00000000076d75e0 ... Name: ... MMCEx.dll ... Module Name 00007ffe42dc4150 ... MMCEx.dll ... 11) CDB@ !SOS.DumpModule -mt 00007ffe42dc4150 Name: ... MMCEx.dll ... MT TypeDef Name ------------------------------------------------------------------------------ ... 00007ffe42dc56b0 0x020000f3 ... FrameworkSnapInFactory ... MT TypeRef Name ------------------------------------------------------------------------------ ... 00007ffea0230bb0 0x02000001 System.Object ... 12) CDB@ !SOS.DumpMT -md 00007ffe42dc56b0 EEClass: 00007ff92f0212a0 ... MethodDesc Table Entry MethodDesc JIT Name ... 00007ff92ef90140 00007ff92ee75698 NONE ... CreateSnapIn(Int32, System.String, System.Object ByRef) ... 13) CDB@ qd
cdb.exe : Program, CUI Symbolic Debugger -o : Switch, Specifies Target Application C:\Windows\System32\mmc.exe : Parameter, MMC Application C:\Windows\System32\eventvwr.msc : Argument, Event Viewer Snap In sxe ld : Standard Command, To Break on Module Load g : Standard Command, To Go Execution .loadby : Meta Command, To Load Extension DLL .chain : Meta Command, To List Loaded Extension DLL .reload : Meta Command, To Reload Module Symbol !SOS.DumpDomain : Extension Command, To Dump Application Domain 00000000076d75e0 : Output, Assembly Address !SOS.DumpAssembly : Extension Command, To Dump Assembly !SOS.DumpModule : Extension Command, To Dump Module -mt : Option, Specifies Method Table 00007ffe42dc4150 : Output, Module Address !SOS.DumpMT : Extension Command, To Dump Method Table -md : Option, Specifies Method Descriptor 00007ff92f0212a0 : Output, EE Class Address 00007ff92ee75698 : Output, Method Descriptor Address qd : Standard Command, To Quit and Detach
Alternatively, RUN@ windbg.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc → View → Command (Alt+1) → sxe ld clr; g; .loadby SOS clr; .chain; sxe ld clrjit; g; .reload; !SOS.DumpDomain; !SOS.DumpAssembly <Assembly Address>; !SOS.DumpModule -mt <Module Address>; !SOS.DumpMT -md <Method Table Address>; qd

Dump Class

Execution Engine Class of Method Table

For Instance Class Name, Num Instance Fields, Num Static Fields etc.
How To
Dump Class	1) RUN@ cdb.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc Microsoft (R) Windows Debugger Version 10.0.22621.2428 AMD64 ... ntdll!LdrpDoDebuggerBreak+0x30: ... 2) CDB@ sxe ld clr 3) CDB@ g ... ... clr.dll ntdll!NtMapViewOfSection+0x14: ... 4) CDB@ .loadby SOS clr 5) CDB@ .chain ... Extension DLL chain: ... SOS.dll: ... [path: ... SOS.dll] ... 6) CDB@ sxe ld clrjit 7) CDB@ g ... ... clrjit.dll ntdll!NtMapViewOfSection+0x14: ... 8) CDB@ .reload Reloading current modules ... 9) CDB@ !SOS.DumpDomain System Domain: 00007ffea2e55250 ... Shared Domain: 00007ffea2e54c80 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... Domain 1: 000000000762aee0 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... 10) CDB@ !SOS.DumpAssembly 00000000076d75e0 ... Name: ... MMCEx.dll ... Module Name 00007ffe42dc4150 ... MMCEx.dll ... 11) CDB@ !SOS.DumpModule -mt 00007ffe42dc4150 Name: ... MMCEx.dll ... MT TypeDef Name ------------------------------------------------------------------------------ ... 00007ffe42dc56b0 0x020000f3 ... FrameworkSnapInFactory ... MT TypeRef Name ------------------------------------------------------------------------------ ... 00007ffea0230bb0 0x02000001 System.Object ... 12) CDB@ !SOS.DumpMT -md 00007ffe42dc56b0 EEClass: 00007ff92f0212a0 ... MethodDesc Table Entry MethodDesc JIT Name ... 00007ff92ef90140 00007ff92ee75698 NONE ... CreateSnapIn(Int32, System.String, System.Object ByRef) ... 13) CDB@ !SOS.DumpClass 00007ff92f0212a0 Class Name: ... FrameworkSnapInFactory ... NumInstanceFields: 0 NumStaticFields: 0 ... 14) CDB@ qd
cdb.exe : Program, CUI Symbolic Debugger -o : Switch, Specifies Target Application C:\Windows\System32\mmc.exe : Parameter, MMC Application C:\Windows\System32\eventvwr.msc : Argument, Event Viewer Snap In sxe ld : Standard Command, To Break on Module Load g : Standard Command, To Go Execution .loadby : Meta Command, To Load Extension DLL .chain : Meta Command, To List Loaded Extension DLL .reload : Meta Command, To Reload Module Symbol !SOS.DumpDomain : Extension Command, To Dump Application Domain 00000000076d75e0 : Output, Assembly Address !SOS.DumpAssembly : Extension Command, To Dump Assembly !SOS.DumpModule : Extension Command, To Dump Module -mt : Option, Specifies Method Table 00007ffe42dc4150 : Output, Module Address !SOS.DumpMT : Extension Command, To Dump Method Table -md : Option, Specifies Method Descriptor 00007ffe42dc56b0 : Output, Method Table Address !SOS.DumpClass : Extension Command, To Dump Class ... FrameworkSnapInFactory : Output, Class Name 0 : Output, Number of Instance Fields 0 : Output, Number of Static Fields qd : Standard Command, To Quit and Detach
Alternatively, RUN@ windbg.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc → View → Command (Alt+1) → sxe ld clr; g; .loadby SOS clr; .chain; sxe ld clrjit; g; .reload; !SOS.DumpDomain; !SOS.DumpAssembly <Assembly Address>; !SOS.DumpModule -mt <Module Address>; !SOS.DumpMT -md <Method Table Address>; !SOS.DumpClass <EEClass Address>; qd

Dump Method Descriptor

Method Descriptor of Method Table

For Instance Name, Is Jitted, Code Addr etc.
How To
Dump MD	1) RUN@ cdb.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc Microsoft (R) Windows Debugger Version 10.0.22621.2428 AMD64 ... ntdll!LdrpDoDebuggerBreak+0x30: ... 2) CDB@ sxe ld clr 3) CDB@ g ... ... clr.dll ntdll!NtMapViewOfSection+0x14: ... 4) CDB@ .loadby SOS clr 5) CDB@ .chain ... Extension DLL chain: ... SOS.dll: ... [path: ... SOS.dll] ... 6) CDB@ sxe ld clrjit 7) CDB@ g ... ... clrjit.dll ntdll!NtMapViewOfSection+0x14: ... 8) CDB@ .reload Reloading current modules ... 9) CDB@ !SOS.DumpDomain System Domain: 00007ffea2e55250 ... Shared Domain: 00007ffea2e54c80 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... Domain 1: 000000000762aee0 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... 10) CDB@ !SOS.DumpAssembly 00000000076d75e0 ... Name: ... MMCEx.dll ... Module Name 00007ffe42dc4150 ... MMCEx.dll ... 11) CDB@ !SOS.DumpModule -mt 00007ffe42dc4150 Name: ... MMCEx.dll ... MT TypeDef Name ------------------------------------------------------------------------------ ... 00007ffe42dc56b0 0x020000f3 ... FrameworkSnapInFactory ... MT TypeRef Name ------------------------------------------------------------------------------ ... 00007ffea0230bb0 0x02000001 System.Object ... 12) CDB@ !SOS.DumpMT -md 00007ffe42dc56b0 EEClass: 00007ff92f0212a0 ... MethodDesc Table Entry MethodDesc JIT Name ... 00007ff92ef90140 00007ff92ee75698 NONE ... CreateSnapIn(Int32, System.String, System.Object ByRef) ... 13) CDB@ !SOS.DumpMD 00007ff92ee75698 Method Name: ... CreateSnapIn(Int32, System.String, System.Object ByRef) ... IsJitted: yes CodeAddr: 00007ff92ecf4d50 ... 14) CDB@ qd
cdb.exe : Program, CUI Symbolic Debugger -o : Switch, Specifies Target Application C:\Windows\System32\mmc.exe : Parameter, MMC Application C:\Windows\System32\eventvwr.msc : Argument, Event Viewer Snap In sxe ld : Standard Command, To Break on Module Load g : Standard Command, To Go Execution .loadby : Meta Command, To Load Extension DLL .chain : Meta Command, To List Loaded Extension DLL .reload : Meta Command, To Reload Module Symbol !SOS.DumpDomain : Extension Command, To Dump Application Domain 00000000076d75e0 : Output, Assembly Address !SOS.DumpAssembly : Extension Command, To Dump Assembly !SOS.DumpModule : Extension Command, To Dump Module -mt : Option, Specifies Method Table 00007ffe42dc4150 : Output, Module Address !SOS.DumpMT : Extension Command, To Dump Method Table -md : Option, Specifies Method Descriptor 00007ffe42dc56b0 : Output, Method Table Address !SOS.DumpMD : Extension Command, To Dump Method Descriptor ... CreateSnapIn : Output, Method Name Yes : Output, Is Jitted 00007ff92ecf4d50 : Output, Code Address qd : Standard Command, To Quit and Detach
Alternatively, RUN@ windbg.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc → View → Command (Alt+1) → sxe ld clr; g; .loadby SOS clr; .chain; sxe ld clrjit; g; .reload; !SOS.DumpDomain; !SOS.DumpAssembly <Assembly Address>; !SOS.DumpModule -mt <Module Address>; !SOS.DumpMT -md <Method Table Address>; !SOS.DumpMD <Method Descriptor Address>; qd

Dump Intermediate Language

Intermediate Language of Method Descriptor

For Instance IL Addr, IL Code etc.
How To
Dump IL	1) RUN@ cdb.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc Microsoft (R) Windows Debugger Version 10.0.22621.2428 AMD64 ... ntdll!LdrpDoDebuggerBreak+0x30: ... 2) CDB@ sxe ld clr 3) CDB@ g ... ... clr.dll ntdll!NtMapViewOfSection+0x14: ... 4) CDB@ .loadby SOS clr 5) CDB@ .chain ... Extension DLL chain: ... SOS.dll: ... [path: ... SOS.dll] ... 6) CDB@ sxe ld clrjit 7) CDB@ g ... ... clrjit.dll ntdll!NtMapViewOfSection+0x14: ... 8) CDB@ .reload Reloading current modules ... 9) CDB@ !SOS.DumpDomain System Domain: 00007ffea2e55250 ... Shared Domain: 00007ffea2e54c80 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... Domain 1: 000000000762aee0 ... Assembly: 00000000076d75e0 [... MMCEx.dll] ... 10) CDB@ !SOS.DumpAssembly 00000000076d75e0 ... Name: ... MMCEx.dll ... Module Name 00007ffe42dc4150 ... MMCEx.dll ... 11) CDB@ !SOS.DumpModule -mt 00007ffe42dc4150 Name: ... MMCEx.dll ... MT TypeDef Name ------------------------------------------------------------------------------ ... 00007ffe42dc56b0 0x020000f3 ... FrameworkSnapInFactory ... MT TypeRef Name ------------------------------------------------------------------------------ ... 00007ffea0230bb0 0x02000001 System.Object ... 12) CDB@ !SOS.DumpMT -md 00007ffe42dc56b0 EEClass: 00007ff92f0212a0 ... MethodDesc Table Entry MethodDesc JIT Name ... 00007ff92ef90140 00007ff92ee75698 NONE ... CreateSnapIn(Int32, System.String, System.Object ByRef) ... 13) CDB@ !SOS.DumpIL 00007ff92ee75698 ilAddr = 000000001f61d214 .try { ... } .catch { ... } ... 14) CDB@ qd
cdb.exe : Program, CUI Symbolic Debugger -o : Switch, Specifies Target Application C:\Windows\System32\mmc.exe : Parameter, MMC Application C:\Windows\System32\eventvwr.msc : Argument, Event Viewer Snap In sxe ld : Standard Command, To Break on Module Load g : Standard Command, To Go Execution .loadby : Meta Command, To Load Extension DLL .chain : Meta Command, To List Loaded Extension DLL .reload : Meta Command, To Reload Module Symbol !SOS.DumpDomain : Extension Command, To Dump Application Domain 00000000076d75e0 : Output, Assembly Address !SOS.DumpAssembly : Extension Command, To Dump Assembly !SOS.DumpModule : Extension Command, To Dump Module -mt : Option, Specifies Method Table 00007ffe42dc4150 : Output, Module Address !SOS.DumpMT : Extension Command, To Dump Method Table -md : Option, Specifies Method Descriptor 00007ffe42dc56b0 : Output, Method Table Address !SOS.DumpIL : Extension Command, To Dump Intermediate Language 000000001f61d214 : Output, IL Address .try {...} .catch {...} ... : Output, IL Code qd : Standard Command, To Quit and Detach
Alternatively, RUN@ windbg.exe -o C:\Windows\System32\mmc.exe C:\Windows\System32\eventvwr.msc → View → Command (Alt+1) → sxe ld clr; g; .loadby SOS clr; .chain; sxe ld clrjit; g; .reload; !SOS.DumpDomain; !SOS.DumpAssembly <Assembly Address>; !SOS.DumpModule -mt <Module Address>; !SOS.DumpMT -md <Method Table Address>; !SOS.DumpIL <Method Descriptor Address>; qd

Top Next Module

↓↑

AMD

Advanced Micro Devices

CDB

Console Debugger

CLR

Common Language Runtime

CUI

Character User Interface

DBG

Debugger

DEF

Definition

DESC

Descriptor

DLL

Dynamic Link Library

EE

Execution Engine

EXE

Executable

G

Go

IL

Intermediate Language

JIT

Just In Time

LD

Load

LDR

Loader

MD

Method Descriptor

MMC

Microsoft Management Console

MSC

Management Saved Console

MT

Method Table

NT

New Technology

NUM

Number

QD

Quit Detach

REF

Reference

SOS

Son Of Strike

SXE

Set Exception Enabled

VWR

Viewer

WIN

Windows

Home

About

Contact

Page Last Updated on 4th Nov 2024

© 2024