WinDbg get addresses of all functions from symbols

问题

Executing command x ShittyProject!* I am getting such output

<MSIL:00250014         > ShittyProject!Main (void)
<MSIL:00250098         > ShittyProject!.ctor (void)
<MSIL:00250037         > ShittyProject!.ctor (void)
<MSIL:002500ed         > ShittyProject!get_Default (void)
<MSIL:002500a1         > ShittyProject!get_ResourceManager (void)
<MSIL:002500f8         > ShittyProject!.cctor (void)
<MSIL:0025002a         > ShittyProject!Foo (void)
<MSIL:0025006e         > ShittyProject!InitializeComponent (void)
<MSIL:00250000         > ShittyProject!InitializeComponent (void)
<MSIL:002500da         > ShittyProject!get_Culture (void)
<MSIL:002500e5         > ShittyProject!set_Culture (void)

If I understand correct MSIL:* it is only adress of function in pdb file? Is it possible somehow to get addresses of the function to place breakpoints on them?

回答1:

Managed code is different from native code. To set breakpoints the "native way" (bp), you would need to wait until the method is JIT-compiled and then use the native address of the method.

Normally, one would not do that, but use .NET specific equivalents instead. There is SOS (Microsoft docs) !bpmd or SOSEX (probably no longer maintained) !mbm.

Given the code

using System;

namespace JittyProject
{
    class Program
    {
        static void Main()
        {
            Console.WriteLine("You want to stop before this shows up.");
            Console.ReadLine();
        }
    }
}

You want to stop at the initial breakpoint and tell it to wait until .NET is loaded, e.g.

0:000> sxe ld clr
0:000> g

Once the .NET runtime is loaded, you can load the SOS extension for .NET specific debugging commands.

0:000> .loadby sos clr

And the SOSEX extension:

0:000> .load c:\wherever\SOSEX.dll

And then add a breakpoint:

0:000> !mbm JittyProject.Program.Main

Using the regular g, you'll eventually hit the breakpoint:

0:000> g
ModLoad: 76650000 766e2000   C:\Windows\SysWOW64\OLEAUT32.dll
Breakpoint: JIT notification received for method JittyProject.Program.Main() in AppDomain 00960db0.
Breakpoint set at JittyProject.Program.Main() in AppDomain 00960db0.
Breakpoint 2 hit

0:000> !clrstack
OS Thread Id: 0x3ff8 (0)
Child SP       IP Call Site
003eeda0 77601ffc [PrestubMethodFrame: 003eeda0] JittyProject.Program.Main() [C:\...\JittyProject\Program.cs @ 8]
003eef74 77601ffc [GCFrame: 003eef74] 

来源：https://stackoverflow.com/questions/60262934/windbg-get-addresses-of-all-functions-from-symbols