In WinDbg, I used !name2ee to find a baseclass's EEClass and MethodTable. How can I find all instances that inherit from that specific type?
Find all instances that inherit from base class
706 Views Asked by avivr At
1
There are 1 best solutions below
Related Questions in DEBUGGING
- Eclipse find source file from library
- Debug native code in Android Studio
- Breakpoint "concurrency" in Intellij
- PhpStorm IDE. Collapse custom/debug code
- How does one debug infinite recursion in Haskell?
- Android Studio missing exception stacktrace in Logcat
- java FileNotFoundException wont locate a file in the same project
- How can I debug scala.js unit tests?
- Why Eclipse Debugger does not stop on scoped exception breakpoint (how to stop on handled exception)
- Suggestions for my Selection Sort / Java
- Fortran Debugging
- Debug Excel VSTO add-in when launched by double-clicking existing file
- Starting GDB with interpreter mi via .gdbinit file
- How to print call stack in Swift?
- Preventing threads in Xcode
Related Questions in CLR
- Windows Error Reporting doesn't generate mini dump for a .NET 4 application sometimes
- Where exactly is .NET Runtime (CLR), JIT Compiler located?
- SQL CLR Exception when trying to convert PDF
- Obtain non-explicit field offset
- Test if a given object reference is valid
- msclr is not being used
- Mixed mode assembly is built against version xxxx
- “CLR detected an Invalid Program” when compiling a constructor for List<T>
- Set only second argument type in generic method
- Where would the code produced by the JIT would reside
- .NET Framework compatibility issue
- Using the new source provided by microsoft would it be possible to create a variant of the CLR?
- Deadlocked in w3wp for a WCF website. Unable to find source of Issue
- At what point in time does an instance of a C# class with a generic Type parameter lose awareness of its "generic"-ness?
- Type '<Module>' from assembly ... contains more methods than the current implementation allows
Related Questions in WINDBG
- BindingExpression error displayed in WinDbg
- What is ntdll!_SEH_epilog ? Is the first occurence of it the place where the real issue is?
- Windbg Crash Dump Stack Trace Keeps Every Over Function
- Reading ntdll.dll + offset results in an access violation
- WinDbg MEM_COMMIT is at 1GB, eeheap is showing 150MB, can't find remaining memory
- WinDbg symbol proxy
- Deadlocked in w3wp for a WCF website. Unable to find source of Issue
- Windbg for memory analysis using mimikatz ERROR [CRYPTO] acquire keys
- Analizing crash dump
- How to debug Access Violation that it thrown from windows library ucrtbase?
- Problems using dbgrpc on Windows7
- .NET application handle leak, how to locate the source?
- Source code lines number in stack trace for asp.net application in WinDbg
- How to check if the Microsoft symbol server is available, and contact them if not?
- Failed to find runtime clr.dll to use sos
Related Questions in SOS
- Is there a way to check if garbage collection was triggered while analyzing dump file through SOS.dll
- Android app to app communication
- Failed to find runtime clr.dll to use sos
- Lot of System.Invalidoperation - SOS has no stack trace
- Date Difference Query
- How to load SOS in Windbg for a 32bit app running on a 64bit server
- Memory Dump in Visual Studio
- Comparing two dump files for report on objects with highest growth
- windbg: version of loaded assemblies
- SOS commands fail while live debugging a process which has multiple versions of CLR loaded
- How to read a string with SOS?
- Windbg: psscor4 doesn't work
- How to make PANIC BUTTON working on bluetooth
- Automating WinDBG or otherwise extracting information from Dump Files?
- How to display managed objects with certain value in one of the fields in WinDbg using SOS (or SOSEX)?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I wish there is an easy answer and someone else can solve it easier than this.
Background information
dump all objects in a way you can get the addresses from the output:
!dumpheap -shortloop over all those objects
.foreach ( adr {!dumpheap -short}) { ... }The method table will be the first pointer size bytes at the address of the object, so instead of
!do <address>to find the method table, you can also do? poi(<address>).!dumpmtdoes not list the base class, so you need to find it yourself. On 64 bit, the base class is 16 bytes away, so to get the type of a base class from an object address, you can do!dumpmt poi(poi(<address>)+0x10). You can repeat that to get the base-base class:!dumpmt poi(poi(<address>)+0x10)+0x10).You can repeat this until the pointer is 0x00000000, which means you have reached System.Object and there is no more base class.
Since you want to automate this process, you need to put that into a loop as well:
r$t0 =poi(<address>); .while(@$t0) { .if(@$t0 == <basemt>) {...}; r$t0=poi(@$t0+0x10);}Do whatever you want with the address, e.g. just list it:
.echo ${adr}or dump it:!do ${adr}.Put it all together.
Example
Since I don't know what you're looking for, I'll use
Exceptionas an example. And since there's always aStackOverflowException,OutOfMemoryExceptionandExecutionEngineExceptionin any .NET program, it should at least find three objects if you try it.So the
<basemt>parameter which I'm looking for is000007fef2776738.The full statement is now (formatted for readability):
or (formatted for copy & paste):