private Dictionary <int, string> GetManagedThreadNames(ClrHeap heap)
{
var result = new Dictionary <int, string>();
if (heap == null || !heap.CanWalkHeap)
{
return(result);
}
var threadObjects = from obj in heap.EnumerateObjectAddresses()
let type = heap.GetObjectType(obj)
where type != null && type.Name == "System.Threading.Thread"
select obj;
ClrType threadType = heap.GetTypeByName("System.Threading.Thread");
ClrInstanceField nameField = threadType.GetFieldByName("m_Name");
ClrInstanceField managedIdField = threadType.GetFieldByName("m_ManagedThreadId");
foreach (var threadObject in threadObjects)
{
string name = (string)nameField.GetValue(threadObject);
int id = (int)managedIdField.GetValue(threadObject);
result[id] = name;
}
return(result);
}
public override bool SupportTransformation([ClrObjAndTypeNotEmpty] ClrObject obj)
{
if (!obj.Type.Name.StartsWith("System.Collections.Generic.Dictionary<"))
{
return(false);
}
ClrInstanceField fld = obj.Type.GetFieldByName(entriesFldName);
#if TRACE
if (fld == null)
{
Trace.TraceInformation("{0} object {1} type does not have {2}", obj.Address.ToString("x8"), obj.Type.Name, entriesFldName);
}
#endif
return(fld != null);
/*
* if (fld == null)
* return false;
*
* var fldVal = obj.GetRefFld(entriesFldName);
* return !fldVal.IsNullObj;
*/
}
public ClrInstanceField GetField(string fieldName)
{
ClrInstanceField field = null;
string obfuscatedName;
if (m_deobfuscator.TryObfuscateField(fieldName, out obfuscatedName))
{
field = Type.GetFieldByName(obfuscatedName);
}
string backingFieldName = GetAutomaticPropertyField(fieldName);
if (m_deobfuscator.TryObfuscateField(backingFieldName, out obfuscatedName))
{
field = Type.GetFieldByName(obfuscatedName);
}
if (field == null)
{
field = Type.GetFieldByName(fieldName);
}
if (field == null)
{
field = Type.GetFieldByName(backingFieldName);
}
return(field);
}
private void GetThreadEntry(ref List <ClrThread> threads, ClrInstanceField threadId, ClrInstanceField next, ulong curr, bool interior)
{
if (curr == 0)
{
return;
}
int id = (int)threadId.GetValue(curr, interior);
ClrThread thread = GetThreadById(id);
if (thread != null)
{
if (threads == null)
{
threads = new List <ClrThread>();
}
threads.Add(thread);
}
curr = (ulong)next.GetValue(curr, interior);
if (curr != 0)
{
GetThreadEntry(ref threads, threadId, next, curr, false);
}
}
public static StructFieldsEx GetStructFields(StructFields sf, ClrType type)
{
Debug.Assert(type.IsValueClass);
var flds = type.Fields;
var cnt = flds.Count;
StructFieldsEx[] structFields = null;
var types = new ClrType[cnt];
var fields = new ClrInstanceField[cnt];
for (int i = 0; i < cnt; ++i)
{
var fld = flds[i];
var kind = TypeExtractor.GetElementKind(fld.Type);
if (TypeExtractor.IsUnknownStruct(kind))
{
fields[i] = fld;
types[i] = fld.Type;
if (structFields == null)
{
structFields = new StructFieldsEx[cnt];
}
Debug.Assert(sf.Structs[i] != null);
structFields[i] = GetStructFields(sf.Structs[i], fld.Type);
}
else
{
fields[i] = fld;
types[i] = fld.Type;
}
}
return(new StructFieldsEx(sf, types, fields, structFields));
}
public static object GetFieldValueImpl(ulong address, ClrType type, ClrInstanceField field)
{
ClrObject obj = new ClrObject(address, type);
var fieldValue = obj[field];
return(fieldValue.IsNull ? null : fieldValue.HasSimpleValue?fieldValue.SimpleValue : fieldValue.Address);
}
public void InnerStructSizeTest()
{
// https://github.com/microsoft/clrmd/issues/101
using DataTarget dt = TestTargets.Types.LoadFullDump();
using ClrRuntime runtime = dt.ClrVersions.Single().CreateRuntime();
ClrModule sharedLibrary = runtime.GetModule("sharedlibrary.dll");
ClrType structTestClass = sharedLibrary.GetTypeByName("StructTestClass");
ClrType structTest = sharedLibrary.GetTypeByName("Struct");
Assert.NotNull(structTest);
ClrInstanceField field = structTestClass.GetFieldByName("s");
if (dt.CacheOptions.CacheTypes)
{
Assert.Same(structTest, field.Type);
}
else
{
Assert.Equal(structTest, field.Type);
}
Assert.Equal(sizeof(int), field.Size);
ClrInstanceField nes = structTestClass.GetFieldByName("nes");
Assert.Equal(0, nes.Size);
ClrInstanceField es = nes.Type.GetFieldByName("es");
Assert.Equal(0, es.Size);
}
public static string GetDisplayValue(this ClrInstanceField self, ClrObject clrObject)
{
if (self.IsObjectReference)
{
var obj = clrObject.GetObjectField(self.Name);
if (obj.IsNull)
{
return("null");
}
return($"0x{obj.Address:X} [{obj.Type.Name}:0x{obj.Type.MethodTable:X}]");
}
else if (self.HasSimpleValue)
{
return(self.GetValue(clrObject.Address).ToString());
}
else if (self.IsValueClass)
{
var vt = clrObject.GetValueClassField(self.Name);
return($"0x{vt.Address:X} [struct {vt.Type.Name}:0x{vt.Type.MethodTable:X}]");
}
else
{
return("<unknown value>");
}
}
public override ClrType GetRuntimeType(ulong obj)
{
if (!IsRuntimeType)
{
return(null);
}
ClrInstanceField field = GetFieldByName("m_handle");
if (field == null)
{
return(null);
}
ulong methodTable = 0;
if (field.ElementType == ClrElementType.NativeInt)
{
methodTable = (ulong)(long)field.GetValue(obj);
}
else if (field.ElementType == ClrElementType.Struct)
{
ClrInstanceField ptrField = field.Type.GetFieldByName("m_ptr");
methodTable = (ulong)(long)ptrField.GetValue(field.GetAddress(obj, false), true);
}
return(DesktopHeap.GetTypeByMethodTable(methodTable, 0, obj));
}
public unsafe void InternalSetMember(string name, object value)
{
ClrInstanceField field = SearchFieldRecursively(Type, name);
if (field is null)
{
throw new ArgumentException($"No such field: {name} in ", nameof(name));
}
Type valueType = value.GetType();
nuint addr = field.GetAddress(OffsetBase);
if (value is ClrObject obj)
{
Context.DataAccess.Write(addr, obj.Address);
}
else if (value is ClrValue val)
{
Context.DataAccess.WriteBytes(addr,
Context.DataAccess.ReadBytes(val.Address, field.Type.BaseSize - 2 * (uint)sizeof(nuint)));
}
else if (valueType.IsValueType)
{
Context.DataAccess.Write(addr, value);
}
}
public ClrObject this[ClrInstanceField field]
{
get
{
return(GetInnerObject(field.GetAddress(Address, IsInterior), field.Type));
}
}
public static object GetFieldValue(ClrHeap heap, ulong address, string fieldName)
{
var type = heap.GetObjectType(address);
ClrInstanceField field = type.GetFieldByName(fieldName);
return(field?.GetValue(address));
}
public static ulong GetLastObjectInHierarchy(ClrHeap heap, ulong heapobject, string[] hierarchy, int currentIndex)
{
ClrType type = heap.GetObjectType(heapobject);
ClrInstanceField field = type.GetFieldByName(hierarchy[currentIndex]);
if (field == null)
{
Console.WriteLine($"ERROR: type '{type.Name}' does not have a field '{hierarchy[currentIndex]}'");
return(0L);
}
ulong fieldValue = (ulong)field.GetValue(heapobject, false, false);
if (fieldValue == 0)
{
Console.WriteLine($"ERROR: the field value for '{hierarchy[currentIndex]}' was null on type '{type.Name}' ");
return(0L);
}
currentIndex++;
if (currentIndex == hierarchy.Length)
{
return(fieldValue);
}
return(GetLastObjectInHierarchy(heap, fieldValue, hierarchy, currentIndex));
}
public static KcpUserAccount GetKcpUserAccountInfo(ulong KcpUserAccountAddr, ClrType KcpUserAccountType, ClrHeap Heap, string databaseLocation)
{
KcpUserAccount UserAccountInfo = new KcpUserAccount();
// Get the embedded ProtectedBinary
ClrInstanceField KcpProtectedBinaryField = KcpUserAccountType.GetFieldByName("m_pbKeyData");
ulong KcpProtectedBinaryAddr = KcpProtectedBinaryField.GetAddress(KcpUserAccountAddr);
ulong KcpProtectedBinaryObjAddr = (ulong)KcpProtectedBinaryField.GetValue(KcpUserAccountAddr);
ClrInstanceField EncDataField = KcpProtectedBinaryField.Type.GetFieldByName("m_pbData");
ulong EncDataAddr = EncDataField.GetAddress(KcpProtectedBinaryObjAddr);
ulong EncDataArrayAddr = (ulong)EncDataField.GetValue(KcpProtectedBinaryObjAddr);
ClrType EncDataArrayType = Heap.GetObjectType(EncDataArrayAddr);
int len = EncDataField.Type.GetArrayLength(EncDataArrayAddr);
if (len <= 0 || len % 16 != 0) // Small sanity check to make sure everything's ok
{
return(null);
}
byte[] EncData = new byte[len];
for (int i = 0; i < len; i++)
{
EncData[i] = (byte)EncDataArrayType.GetArrayElementValue(EncDataArrayAddr, i);
}
UserAccountInfo.databaseLocation = databaseLocation;
UserAccountInfo.encryptedBlob = EncData;
UserAccountInfo.encryptedBlobAddress = (IntPtr)KcpUserAccountType.GetArrayElementAddress(EncDataArrayAddr, 0);
UserAccountInfo.encryptedBlobLen = len;
return(UserAccountInfo);
}
private DesktopBlockingObject CreateRWSObject(ulong obj, ClrType type)
{
if (type == null)
{
return(new DesktopBlockingObject(obj, false, 0, null, BlockingReason.None));
}
ClrInstanceField field = type.GetFieldByName("writeLockOwnerId");
if (field != null && field.ElementType == ClrElementType.Int32)
{
int id = (int)field.GetValue(obj);
ClrThread thread = GetThreadById(id);
if (thread != null)
{
return(new DesktopBlockingObject(obj, true, 0, thread, BlockingReason.WriterAcquired));
}
}
field = type.GetFieldByName("upgradeLockOwnerId");
if (field != null && field.ElementType == ClrElementType.Int32)
{
int id = (int)field.GetValue(obj);
ClrThread thread = GetThreadById(id);
if (thread != null)
{
return(new DesktopBlockingObject(obj, true, 0, thread, BlockingReason.WriterAcquired));
}
}
field = type.GetFieldByName("rwc");
if (field != null)
{
List <ClrThread> threads = null;
ulong rwc = (ulong)field.GetValue(obj);
ClrType rwcArrayType = _heap.GetObjectType(rwc);
if (rwcArrayType != null && rwcArrayType.IsArray && rwcArrayType.ComponentType != null)
{
ClrType rwcType = rwcArrayType.ComponentType;
ClrInstanceField threadId = rwcType.GetFieldByName("threadid");
ClrInstanceField next = rwcType.GetFieldByName("next");
if (threadId != null && next != null)
{
int count = rwcArrayType.GetArrayLength(rwc);
for (int i = 0; i < count; ++i)
{
ulong entry = (ulong)rwcArrayType.GetArrayElementValue(rwc, i);
GetThreadEntry(ref threads, threadId, next, entry, false);
}
}
}
if (threads != null)
{
return(new DesktopBlockingObject(obj, true, 0, BlockingReason.ReaderAcquired, threads.ToArray()));
}
}
return(new DesktopBlockingObject(obj, false, 0, null, BlockingReason.None));
}
private bool FindThread(ulong start, ulong stop, out ulong threadAddr, out ClrThread target)
{
ClrHeap heap = _runtime.Heap;
foreach (ulong obj in EnumerateObjectsOfType(start, stop, "System.Threading.Thread"))
{
ClrType type = heap.GetObjectType(obj);
ClrInstanceField threadIdField = type.GetFieldByName("m_ManagedThreadId");
if (threadIdField != null && threadIdField.ElementType == ClrElementType.Int32)
{
int id = (int)threadIdField.GetValue(obj);
ClrThread thread = GetThreadById(id);
if (thread != null)
{
threadAddr = obj;
target = thread;
return(true);
}
}
}
threadAddr = 0;
target = null;
return(false);
}
private static ulong GetTaskStateFromAddress(ulong address)
{
var type = Runtime.Heap.GetObjectType(address);
if ((type != null) && (type.Name.StartsWith("System.Threading.Task")))
{
// try to get the m_stateFlags field value
ClrInstanceField field = type.GetFieldByName("m_stateFlags");
if (field != null)
{
var val = field.GetValue(address);
if (val != null)
{
try
{
return((ulong)(int)val);
}
catch (InvalidCastException)
{
}
}
}
}
return(0);
}
public static TimeSpan Read(ClrObject obj)
{
ClrInstanceField dateDataField = obj.Type.GetFieldByName("_ticks");
var rawDateTimeData = (long)dateDataField.GetValue(obj.Address, true);
var ts = new TimeSpan(rawDateTimeData);
return(ts);
}
public static T GetObjectAs <T>(ClrHeap heap, ulong heapobject, string fieldName)
{
ClrType type = heap.GetObjectType(heapobject);
ClrInstanceField field = type.GetFieldByName(fieldName);
T fieldValue = (T)field.GetValue(heapobject);
return(fieldValue);
}
public void SetField(ClrType parent)
{
if (parent.Fields != null && _fldIndex >= 0 && _fldIndex < parent.Fields.Count)
{
_field = parent.Fields[_fldIndex];
_kind = TypeExtractor.GetElementKind(_field.Type);
}
}
public ClrObject this[string fieldName]
{
get
{
ClrInstanceField field = GetField(fieldName);
return(field == null ? throw new ArgumentException($"Field '{fieldName}' not found in Type '{Type.Name}'") : this[field]);
}
}
private DesktopBlockingObject CreateRWLObject(ulong obj, ClrType type)
{
if (type == null)
{
return(new DesktopBlockingObject(obj, false, 0, null, BlockingReason.None));
}
ClrInstanceField writerID = type.GetFieldByName("_dwWriterID");
if (writerID != null && writerID.ElementType == ClrElementType.Int32)
{
int id = (int)writerID.GetValue(obj);
if (id > 0)
{
ClrThread thread = GetThreadById(id);
if (thread != null)
{
return(new DesktopBlockingObject(obj, true, 0, thread, BlockingReason.ReaderAcquired));
}
}
}
ClrInstanceField uLock = type.GetFieldByName("_dwULockID");
ClrInstanceField lLock = type.GetFieldByName("_dwLLockID");
if (uLock != null && uLock.ElementType == ClrElementType.Int32 && lLock != null && lLock.ElementType == ClrElementType.Int32)
{
int uId = (int)uLock.GetValue(obj);
int lId = (int)lLock.GetValue(obj);
List <ClrThread> threads = null;
foreach (ClrThread thread in _runtime.Threads)
{
foreach (IRWLockData l in _runtime.EnumerateLockData(thread.Address))
{
if (l.LLockID == lId && l.ULockID == uId && l.Level > 0)
{
if (threads == null)
{
threads = new List <ClrThread>();
}
threads.Add(thread);
break;
}
}
}
if (threads != null)
{
return(new DesktopBlockingObject(obj, true, 0, BlockingReason.ReaderAcquired, threads.ToArray()));
}
}
return(new DesktopBlockingObject(obj, false, 0, null, BlockingReason.None));
}
private KeyValuePair <string, string?> ReadStringString(
ulong elementAddress,
ClrInstanceField keyField,
ClrInstanceField valueField)
{
var key = keyField.ReadString(elementAddress, true);
var value = valueField.ReadString(elementAddress, true);
return(new KeyValuePair <string, string?>(key !, value));
}
private static void CheckField(ClrType type, string fieldName, ClrElementType element, string typeName, int size)
{
ClrInstanceField field = type.GetFieldByName(fieldName);
Assert.NotNull(field);
Assert.NotNull(field.Type);
Assert.Equal(element, field.ElementType);
Assert.Equal(typeName, field.Type.Name);
Assert.Equal(size, field.Size);
}
public NetFrameworkClrDriver(ClrRuntime runtime) : base(runtime)
{
typeTimerQueue = heap.GetTypeByName("System.Threading.TimerQueue");
fieldSQueue = typeTimerQueue.GetStaticFieldByName("s_queue");
fieldTimers = typeTimerQueue.GetFieldByName("m_timers");
typeTimerQueueTimer = heap.GetTypeByName("System.Threading.TimerQueueTimer");
fieldNext = typeTimerQueueTimer.GetFieldByName("m_next");
fieldState = typeTimerQueueTimer.GetFieldByName("m_state");
typeMoveNextRunner = heap.GetTypeByName("System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner");
fieldStateMachine = typeMoveNextRunner.GetFieldByName("m_stateMachine");
}
public ClrType GetDictionaryKeyType()
{
dynamic entries = ((dynamic)this).entries;
ClrInstanceField key = ((ClrType)entries).ArrayComponentType.GetFieldByName("key");
if (key == null)
{
return(null);
}
return(key.Type);
}
public ClrType GetDictionaryValueType()
{
dynamic entries = ((dynamic)this).entries;
ClrInstanceField value = ((ClrType)entries).ArrayComponentType.GetFieldByName("value");
if (value == null)
{
return(null);
}
return(value.Type);
}
// // based on https://stackoverflow.com/questions/33290941/how-to-inspect-weakreference-values-with-windbg-sos-and-clrmd
// private static readonly ClrType WeakRefType = Heap.GetTypeByName("System.WeakReference");
// private static readonly ClrInstanceField WeakRefHandleField = WeakRefType.GetFieldByName("m_handle");
// private static readonly ClrType IntPtrType = Heap.GetTypeByName("System.IntPtr");
// private static readonly ClrInstanceField IntPtrValueField = IntPtrType.GetFieldByName("m_value");
//
// private static ulong GetWeakRefValue(ulong weakRefAddr)
// {
// var handleAddr = (long) WeakRefHandleField.GetValue(weakRefAddr);
// var value = (ulong) IntPtrValueField.GetValue((ulong) handleAddr, true);
//
// return value;
// }
// based on https://stackoverflow.com/questions/33290941/how-to-inspect-weakreference-values-with-windbg-sos-and-clrmd
public ulong GetWeakRefValue(ClrObject weakRefObject)
{
var weakRefHandleField = weakRefObject.Type.GetFieldByName("m_handle");
ClrType intPtrType = Heap.GetTypeByName("System.IntPtr");
var valueField = IsCoreRuntime ? "_value" : "m_value";
ClrInstanceField intPtrValueField = intPtrType.GetFieldByName(valueField);
var handleAddr = weakRefHandleField.Read <long>(weakRefObject.Address, true);
var value = intPtrValueField.Read <ulong>((ulong)handleAddr, true);
return(value);
}
private object GetFieldValue(ClrHeap heap, ulong address, string fieldName)
{
var type = heap.GetObjectType(address);
ClrInstanceField field = type.GetFieldByName(fieldName);
if (field == null)
{
return(null);
}
return(field.GetValue(address));
}
public override bool GetFieldForOffset(int fieldOffset, bool inner, out ClrInstanceField childField, out int childFieldOffset)
{
throw new NotImplementedException();
}
private void GetThreadEntry(ref List<ClrThread> threads, ClrInstanceField threadId, ClrInstanceField next, ulong curr, bool interior)
{
if (curr == 0)
return;
int id = (int)threadId.GetValue(curr, interior);
ClrThread thread = GetThreadById(id);
if (thread != null)
{
if (threads == null)
threads = new List<ClrThread>();
threads.Add(thread);
}
curr = (ulong)next.GetValue(curr, interior);
if (curr != 0)
GetThreadEntry(ref threads, threadId, next, curr, false);
}
public override bool GetFieldForOffset(int fieldOffset, bool inner, out ClrInstanceField childField, out int childFieldOffset)
{
int ps = (int)DesktopHeap.PointerSize;
int offset = fieldOffset;
if (!IsArray)
{
if (!inner)
offset -= ps;
foreach (ClrInstanceField field in Fields)
{
if (field.Offset <= offset)
{
int size = field.Size;
if (offset < field.Offset + size)
{
childField = field;
childFieldOffset = offset - field.Offset;
return true;
}
}
}
}
if (BaseType != null)
return BaseType.GetFieldForOffset(fieldOffset, inner, out childField, out childFieldOffset);
childField = null;
childFieldOffset = 0;
return false;
}
public override bool GetFieldForOffset(int fieldOffset, bool inner, out ClrInstanceField childField, out int childFieldOffset)
{
childField = null;
childFieldOffset = 0;
return false;
}
public void GetValue(ClrHeap heap, ulong address, Queue <ValueTuple <TypeValue, ulong> > que)
{
que.Clear();
que.Enqueue((this, address));
while (que.Count > 0)
{
(TypeValue val, ulong addr) = que.Dequeue();
if (val._type == null)
{
ClrType clrType = heap.GetObjectType(addr);
if (clrType == null)
{
continue;
}
val._type = clrType;
val._kind = TypeExtractor.GetElementKind(clrType);
val.SetValue(addr);
}
if (val._children != null)
{
for (int i = 0, icnt = val._children.Length; i < icnt; ++i)
{
TypeValue fldVal = val._children[i];
if (fldVal._fieldName != null && fldVal._field == null)
{
ClrInstanceField f = val._type.GetFieldByName(fldVal._fieldName);
if (f == null)
{
continue;
}
fldVal._field = f;
fldVal._type = f.Type;
fldVal._kind = TypeExtractor.GetElementKind(f.Type);
}
object v = ValueExtractor.GetFieldValue(heap, addr, fldVal._type.IsValueClass, fldVal._field, fldVal._kind);
ulong a = (v is ulong) ? (ulong)v : Constants.InvalidAddress;
fldVal.SetValue(v);
que.Enqueue((val._children[i], (ulong)val._value));
}
}
else
{
if (val._fieldName != null && val._field == null)
{
ClrInstanceField f = val._type.GetFieldByName(val._fieldName);
val._field = f;
val._type = f.Type;
val._kind = TypeExtractor.GetElementKind(f.Type);
}
object v = ValueExtractor.GetFieldValue(heap, addr, val._type.IsValueClass, val._field, val._kind);
val.SetValue(v);
}
}
}
