SOS是什麼?
直觀來說,sos就是一個程序集文件。這個程序集的作用就是讓我們在使用windbg分析.net進程時,更加方便快捷。通過sos,我們可以清晰的查看CLR運行時的各類信息,輔助我們去理解託管內存的狀態和含義。
這個程序集是隨.NET Framework一起安裝的,一般不需要單獨安裝。在我本機自動安裝的位置如下:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll如何加載和使用
一般情況,使用windbg自帶的命令【.loadby sos clr】即可自動加載,使用【.chain】查看加載是否成功。
0:098> .loadby sos clr
0:098> .chain
Extension DLL search Path:
....省略....
Extension DLL chain:
....省略....
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sos.dll: image 4.8.9014.0, API 1.0.0, built Tue Oct 12 08:17:44 2021
[path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sos.dll]
....省略....此擴展提供的所有命令格式均爲:![command] [options],下面就根據命令作用分類,講解重要且常用的命令。
查看線程的命令
- Threads命令
- 作用:輸出全部託管線程信息
- Threads [-live] [-special]
- 默認輸出常規的工作線程信息
- -live 只輸出存活的線程
- -special 只輸出特殊線程信息,包含:GC線程、debugger輔助線程、finalizer線程、AppDomain unload線程、線程池定時器線程
- 輸出示例和解讀:
查看代碼
0:015> !Threads ThreadCount: 4 UnstartedThread: 0 BackgroundThread: 3 PendingThread: 0 DeadThread: 0 Hosted Runtime: no Lock ID OSID ThreadOBJ State GC Mode GC Alloc Context Domain Count Apt Exception 0 1 5320 0000024cdf5efd80 26020 Preemptive 0000024CE14ECC50:0000024CE14EDC30 0000024cdf5c4cf0 0 STA 5 2 7c74 0000024cdf618df0 2b220 Preemptive 0000000000000000:0000000000000000 0000024cdf5c4cf0 0 MTA (Finalizer) 15 3 5844 0000024cfedca6a0 3029220 Preemptive 0000024CE14CA048:0000024CE14CBC30 0000024cdf5c4cf0 0 MTA (Threadpool Worker) 16 4 7dc0 0000024cfed99a20 1029220 Preemptive 0000024CE14CBF38:0000024CE14CDC30 0000024cdf5c4cf0 0 MTA (Threadpool Worker) 0:098> !Threads -special OSID Special thread type 1 27d3c DbgHelper 2 22954 GC 3 2b168 GC 4 c478 GC 5 13778 GC 6 62ec GC 7 2dd1c GC 8 ec60 GC 9 138b8 GC 10 e988 Finalizer 11 9850 ProfilingAPIAttach 16 180c Timer 17 24960 ThreadpoolWorker 18 e70c ThreadpoolWorker 20 29e94 GC 21 2abdc GC 22 2d760 GC 23 22ad8 GC 24 2d288 GC 25 9750 GC 26 52e8 GC 27 2b9a4 GC 29 18340 Wait ....省略....- 空列 ID OSID:前三列分別是windbg自定義的線程序列、CLR線程ID、OS線程ID。XXXX代表線程已Dead。
- ThreadOBJ是線程的對象地址
- Domain列代表當前線程所在的AppDomain,Lock Count列代表當前線程持有的鎖數量,
- APT列代表線程的COM模式,有MTA、Ukn等值,能區分線程類型(Finalizer\Threadpool Worker\Threadpool Completion Port等)
- Exception列表示對應線程最新的異常對象。
- ThreadState命令
- 作用:查看線程狀態。
- ThreadState < State value field >,參數就是上個命令輸出的state值。
- 輸出示例和解讀:
-
0:015> !ThreadState 1029220 Legal to Join Background CLR Owns In Multi Threaded Apartment Fully initialized Thread Pool Worker Thread - 表明這是後臺線程、屬於CLR、初始化完成、是線程池工作線程。
- ThreadPool命令
- 作用:查看線程池信息。此命令沒有額外的控制選項。
- 輸出示例和解讀:
0:001> !threadpool CPU utilization: 32% Worker Thread: Total: 183 Running: 154 Idle: 29 MaxLimit: 1000 MinLimit: 100 Work Request in Queue: 0 -------------------------------------- Number of Timers: 1 -------------------------------------- Completion Port Thread:Total: 10 Free: 6 MaxFree: 16 CurrentLimit: 6 MaxLimit: 200 MinLimit: 20
-
- 各項信息比較清楚,按照需要查看即可。
查看堆棧類的命令
- clrstack命令:
- 作用:查看當前線程的託管堆棧
- CLRStack [-a] [-l] [-p] [-n]
- -p:輸出內容包含堆棧中的方法入參
- -l:輸出內容包含堆棧中的方法的局部變量
- -a:等效同時使用-p和-l
- -n:輸出內容不包括源碼文件信息和行號。
- 輸出示例和解讀:
查看代碼
0:015> !clrstack -n -a OS Thread Id: 0x759c (15) Child SP IP Call Site 0000005c65ffef48 00007ffc73b82f14 [HelperMethodFrame: 0000005c65ffef48] System.Threading.Thread.SleepInternal(Int32) 0000005c65fff040 00007ffc5988b78b System.Threading.Thread.Sleep(Int32) PARAMETERS: millisecondsTimeout = <no data> 0000005c65fff070 00007ffbfc3c946b Tccc.WindbgDemoAPP.MainWindow+c.b__22_0(System.Object) PARAMETERS: this (0x0000005c65fff0a0) = 0x0000023f431ffd68 a (0x0000005c65fff0a8) = 0x0000000000000000 0000005c65fff0a0 00007ffc59853480 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) PARAMETERS: executionContext = <no data> callback = <no data> state = <no data> preserveSyncCtx = <no data> LOCALS: <no data> <no data> <no data> 0000005c65fff170 00007ffc59853305 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) PARAMETERS: executionContext = <no data> callback = <no data> state = <no data> preserveSyncCtx = <no data> 0000005c65fff1a0 00007ffc5987a506 System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() PARAMETERS: this = <no data> LOCALS: <no data> 0000005c65fff1e0 00007ffc59879746 System.Threading.ThreadPoolWorkQueue.Dispatch() LOCALS: 0x0000005c65fff230 = 0x0000023f431ffdc0 0x0000005c65fff25c = 0x000000002019e530 0x0000005c65fff258 = 0x0000000000000001 <no data> 0x0000005c65fff228 = 0x0000023f43201cb0 <no data> 0x0000005c65fff244 = 0x0000000000000000 <no data> <no data> 0000005c65fff678 00007ffc5b927873 [DebuggerU2MCatchHandlerFrame: 0000005c65fff678]- IP列代表當前方法的代碼地址入口,通過!U命令可以查看IL代碼和彙編代碼。Call Site列就是堆棧方法信息。
- PARAMETERS和LOCALS分別代表對應方法的入參和局部變量。其中入參可以正常顯示名稱,但是局部變量沒有實際變量名稱,而是通過變量地址來表示:<local address> = <value>。
- dumpstack命令
- 作用:查看線程的完整堆棧信息(包含託管、非託管)
- DumpStack [-EE] [-n] [top stack [bottom stack]]
- -ee:只顯示託管代碼的堆棧信息
- -n:同上,輸出信息屏蔽掉源碼文件信息和行號
- 輸出示例和解讀:
查看代碼
0:015> !dumpstack -ee OS Thread Id: 0x759c (15) Current frame: Child-SP RetAddr Caller, Callee 0000005c65fff030 00007ffc5988b78b (MethodDesc 00007ffc594b9090 +0xb System.Threading.Thread.Sleep(Int32)) 0000005c65fff060 00007ffbfc3c946b (MethodDesc 00007ffbfc45eb10 +0x2b Tccc.WindbgDemoAPP.MainWindow+<>c.<sleepBtn_Click>b__22_0(System.Object)) 0000005c65fff090 00007ffc59853480 (MethodDesc 00007ffc592f8a18 +0x170 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)) 0000005c65fff160 00007ffc59853305 (MethodDesc 00007ffc594c5248 +0x15 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)) 0000005c65fff190 00007ffc5987a506 (MethodDesc 00007ffc594e3570 +0x76 System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()) 0000005c65fff1d0 00007ffc59879746 (MethodDesc 00007ffc5965fbc0 +0x156 System.Threading.ThreadPoolWorkQueue.Dispatch())- RetAddr列代表當前方法的代碼地址入口,同上的IP列。Caller, Callee列包含方法MethodDesc值和方法簽名信息。
- eestack命令
- 作用:查看所有線程的堆棧,完全等價於每個線程執行dumpstack命令
- EEStack [-short] [-EE]
- -EE同上
- -short:只輸出符合條件的線程堆棧:持有鎖的線程、GC掛起的線程、正在執行託管代碼的線程。
- 輸出示例和解讀:同上,略。
- dso命令
- 作用:查看當前線程的全部託管對象。
- DSO [-verify] [top stack [bottom stack]]
- 輸出示例和解讀:
-
0:015> !dso OS Thread Id: 0x759c (15) RSP/REG Object Name 0000005C65FFEF58 0000023f43200628 System.Threading.QueueUserWorkItemCallback 0000005C65FFEF78 0000023f43200690 System.Threading.ExecutionContext 0000005C65FFEF80 0000023f43200650 System.Threading.ContextCallback 0000005C65FFEF98 0000023f43200650 System.Threading.ContextCallback 0000005C65FFEFC0 0000023f43201fe8 System.Threading.Thread 0000005C65FFF000 0000023f43200690 System.Threading.ExecutionContext 0000005C65FFF020 0000023f43201fe8 System.Threading.Thread 0000005C65FFF028 0000023f43200628 System.Threading.QueueUserWorkItemCallback 0000005C65FFF048 0000023f43200650 System.Threading.ContextCallback 0000005C65FFF050 0000023f43200690 System.Threading.ExecutionContext 0000005C65FFF060 0000023f43200690 System.Threading.ExecutionContext 0000005C65FFF088 0000023f43200628 System.Threading.QueueUserWorkItemCallback 0000005C65FFF0A0 0000023f431ffd68 Tccc.WindbgDemoAPP.MainWindow+<>c 0000005C65FFF0E0 0000023f43201fe8 System.Threading.Thread 0000005C65FFF140 0000023f43200628 System.Threading.QueueUserWorkItemCallback 0000005C65FFF148 0000023f43200690 System.Threading.ExecutionContext 0000005C65FFF1E0 0000023f43200628 System.Threading.QueueUserWorkItemCallback 0000005C65FFF228 0000023f43201cb0 System.Threading.ThreadPoolWorkQueueThreadLocals 0000005C65FFF230 0000023f431ffdc0 System.Threading.ThreadPoolWorkQueue 0000005C65FFF250 0000023f43200628 System.Threading.QueueUserWorkItemCallback - Object列是對象地址,Name列時對象類型名稱。
查看鎖的命令
- syncblk命令
- 作用:查看進程中同步塊鎖的持有情況和等待情況。常用於分析死鎖問題。
- SyncBlk [-all | <syncblk number>]
- 默認輸出被線程持有的鎖信息
- -all:輸出全部的SyncBlock對象信息
- syncblk number:指定鎖編號
- 輸出示例和解讀:
-
0:098> !syncblk Index SyncBlock MonitorHeld Recursion Owning Thread Info SyncBlock Owner 510 000002bb0513d4a8 79 1 000002bb073568c0 f9e8 177 000002be7520adb0 System.Object 530 000002bb0513a1f8 219 1 000002bb06a17770 26bdc 112 000002bd74f07d30 System.Object 567 000002bb0513e148 5 1 000002bb06ce6f40 24ce0 113 000002be74f320b8 System.Object 1343 000002bb0513c2b8 7 1 000002bb06a17770 26bdc 112 000002bd7515b158 ServiceStack.Redis.RedisSentinelWorker ----------------------------- Total 1369 CCW 3 RCW 2 ComClassFactory 0 Free 507 - Index列是編號,SyncBlock列是鎖地址,MonitorHeld是等待計數器,Recursion代表持有此鎖的線程數量,Owning Thread Info這3列代表持有鎖的線程信息,SyncBlock Owner代表鎖對象地址和類型。
- MonitorHeld值的含義:當一個線程持有了鎖的時候 MonitorHeld+1 ,當一個線程在等待鎖的時候 MonitorHeld+2。因此示例中510號鎖的等待線程數量=(79-1)/2=39。
查看進程信息、內存分佈的命令
- EEVersion命令
- 作用:查看CLR版本信息
- 輸出示例和解讀:
-
0:001> !eeversion 4.8.4380.0 free Server mode with 8 gc heaps SOS Version: 4.8.4380.0 retail build
- DumpDomain命令
- 作用:查看應用程序域信息
- DumpDomain [<domain address>],參數爲指定程序域的地址,不帶參數輸出全部程序域信息。
- 輸出示例和解讀:
查看代碼
0:015> !dumpdomain -------------------------------------- System Domain: 00007ffc5c3006e0 LowFrequencyHeap: 00007ffc5c300c58 HighFrequencyHeap: 00007ffc5c300ce8 StubHeap: 00007ffc5c300d78 Stage: OPEN Name: None -------------------------------------- Shared Domain: 00007ffc5c300110 LowFrequencyHeap: 00007ffc5c300c58 HighFrequencyHeap: 00007ffc5c300ce8 StubHeap: 00007ffc5c300d78 Stage: OPEN Name: None Assembly: 0000024cdf62db80 [C:\WINDOWS\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll] ClassLoader: 0000024cdf62dca0 Module Name 00007ffc592f1000 C:\WINDOWS\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll -------------------------------------- Domain 1: 0000024cdf5c4cf0 LowFrequencyHeap: 0000024cdf5c54e8 HighFrequencyHeap: 0000024cdf5c5578 StubHeap: 0000024cdf5c5608 Stage: OPEN SecurityDescriptor: 0000024cdf5c7300 Name: Tccc.WindbgDemoAPP.exe Assembly: 0000024cdf62db80 [C:\WINDOWS\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll] ClassLoader: 0000024cdf62dca0 SecurityDescriptor: 0000024cdf6317c0 Module Name 00007ffc592f1000 C:\WINDOWS\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll Assembly: 0000024cdf640bb0 [D:\50LearningSln\Tccc\Tccc.WindbgDemoAPP\bin\x64\Debug\Tccc.WindbgDemoAPP.exe] ClassLoader: 0000024cdf640cd0 SecurityDescriptor: 0000024cdf640ac0 Module Name 00007ffbfc2a4140 D:\50LearningSln\Tccc\Tccc.WindbgDemoAPP\bin\x64\Debug\Tccc.WindbgDemoAPP.exe- 輸出內容包含系統程序域、共享程序域、Domain1等。同時,程序域中加載的程序集信息也打印出來。這裏的程序集路徑可以準確判斷程序加載的文件位置,非常有用。
- eeheap命令
- 作用:查看進程內的CLR內存分佈。
- EEHeap [-gc] [-loader],默認輸出全部內存分佈信息。
- -gc只輸出gc堆和大對象堆
- -loader只輸出加載器相關的內存分佈
- 輸出示例和解讀:
查看代碼
0:015> !eeheap Loader Heap: -------------------------------------- System Domain: 00007ffc5c3006e0 LowFrequencyHeap: 00007ffbfc290000(3000:3000) Size: 0x3000 (12288) bytes. HighFrequencyHeap: 00007ffbfc294000(9000:3000) Size: 0x3000 (12288) bytes. StubHeap: 00007ffbfc29d000(3000:3000) 00007ffbfc450000(10000:1000) Size: 0x4000 (16384) bytes. Virtual Call Stub Heap: IndcellHeap: 00007ffbfc340000(6000:1000) Size: 0x1000 (4096) bytes. LookupHeap: 00007ffbfc34c000(4000:1000) Size: 0x1000 (4096) bytes. ResolveHeap: 00007ffbfc376000(3a000:2000) Size: 0x2000 (8192) bytes. DispatchHeap: 00007ffbfc350000(26000:1000) Size: 0x1000 (4096) bytes. CacheEntryHeap: 00007ffbfc346000(6000:1000) Size: 0x1000 (4096) bytes. Total size: Size: 0x10000 (65536) bytes. -------------------------------------- Shared Domain: 00007ffc5c300110 LowFrequencyHeap: 00007ffbfc290000(3000:3000) Size: 0x3000 (12288) bytes. HighFrequencyHeap: 00007ffbfc294000(9000:3000) Size: 0x3000 (12288) bytes. StubHeap: 00007ffbfc29d000(3000:3000) 00007ffbfc450000(10000:1000) Size: 0x4000 (16384) bytes. Virtual Call Stub Heap: IndcellHeap: 00007ffbfc340000(6000:1000) Size: 0x1000 (4096) bytes. LookupHeap: 00007ffbfc34c000(4000:1000) Size: 0x1000 (4096) bytes. ResolveHeap: 00007ffbfc376000(3a000:2000) Size: 0x2000 (8192) bytes. DispatchHeap: 00007ffbfc350000(26000:1000) Size: 0x1000 (4096) bytes. CacheEntryHeap: 00007ffbfc346000(6000:1000) Size: 0x1000 (4096) bytes. Total size: Size: 0x10000 (65536) bytes. -------------------------------------- Domain 1: 0000024cdf5c4cf0 LowFrequencyHeap: 00007ffbfc2a0000(3000:3000) 00007ffbfc430000(10000:d000) Size: 0x10000 (65536) bytes. HighFrequencyHeap: 00007ffbfc2a3000(a000:9000) 00007ffbfc440000(10000:f000) Size: 0x18000 (98304) bytes total, 0x1000 (4096) bytes wasted. StubHeap: 00007ffbfc2ad000(3000:1000) Size: 0x1000 (4096) bytes. Virtual Call Stub Heap: IndcellHeap: 00007ffbfc2b0000(4000:1000) Size: 0x1000 (4096) bytes. LookupHeap: 00007ffbfc2bb000(2000:1000) Size: 0x1000 (4096) bytes. ResolveHeap: 00007ffbfc2ec000(54000:8000) Size: 0x8000 (32768) bytes. DispatchHeap: 00007ffbfc2bd000(2f000:3000) Size: 0x3000 (12288) bytes. CacheEntryHeap: 00007ffbfc2b4000(7000:1000) Size: 0x1000 (4096) bytes. Total size: Size: 0x37000 (225280) bytes total, 0x1000 (4096) bytes wasted. -------------------------------------- Jit code heap: LoaderCodeHeap: 0000000000000000(0:0) Size: 0x0 (0) bytes. Total size: Size: 0x0 (0) bytes. -------------------------------------- Module Thunk heaps: Module 00007ffc592f1000: Size: 0x0 (0) bytes. Module 00007ffbfc2a4140: Size: 0x0 (0) bytes. Module 00007ffc192a1000: Size: 0x0 (0) bytes. Module 00007ffc1aa31000: Size: 0x0 (0) bytes. Module 00007ffc54e51000: Size: 0x0 (0) bytes. Module 00007ffc18d91000: Size: 0x0 (0) bytes. Module 00007ffc4e2d1000: Size: 0x0 (0) bytes. Module 00007ffc36e51000: Size: 0x0 (0) bytes. Module 00007ffc4c0d1000: Size: 0x0 (0) bytes. Module 00007ffc4b821000: Size: 0x0 (0) bytes. Module 00007ffc17241000: Size: 0x0 (0) bytes. Module 00007ffbfc44bce8: Size: 0x0 (0) bytes. Module 00007ffbfc44c6a8: Size: 0x0 (0) bytes. Module 00007ffbfc44d2b8: Size: 0x0 (0) bytes. Module 00007ffc13541000: Size: 0x0 (0) bytes. Module 00007ffc22ef1000: Size: 0x0 (0) bytes. Total size: Size: 0x0 (0) bytes. -------------------------------------- Module Lookup Table heaps: Module 00007ffc592f1000: Size: 0x0 (0) bytes. Module 00007ffbfc2a4140: Size: 0x0 (0) bytes. Module 00007ffc192a1000: Size: 0x0 (0) bytes. Module 00007ffc1aa31000: Size: 0x0 (0) bytes. Module 00007ffc54e51000: Size: 0x0 (0) bytes. Module 00007ffc18d91000: Size: 0x0 (0) bytes. Module 00007ffc4e2d1000: Size: 0x0 (0) bytes. Module 00007ffc36e51000: Size: 0x0 (0) bytes. Module 00007ffc4c0d1000: Size: 0x0 (0) bytes. Module 00007ffc4b821000: Size: 0x0 (0) bytes. Module 00007ffc17241000: Size: 0x0 (0) bytes. Module 00007ffbfc44bce8: Size: 0x0 (0) bytes. Module 00007ffbfc44c6a8: Size: 0x0 (0) bytes. Module 00007ffbfc44d2b8: Size: 0x0 (0) bytes. Module 00007ffc13541000: Size: 0x0 (0) bytes. Module 00007ffc22ef1000: Size: 0x0 (0) bytes. Total size: Size: 0x0 (0) bytes. -------------------------------------- Total LoaderHeap size: Size: 0x57000 (356352) bytes total, 0x1000 (4096) bytes wasted. ======================================= Number of GC Heaps: 1 generation 0 starts at 0x0000024ce1407c30 generation 1 starts at 0x0000024ce12a1018 generation 2 starts at 0x0000024ce12a1000 ephemeral segment allocation context: none segment begin allocated size 0000024ce12a0000 0000024ce12a1000 0000024ce14edc48 0x24cc48(2411592) Large object heap starts at 0x0000024cf12a1000 segment begin allocated size 0000024cf12a0000 0000024cf12a1000 0000024cf12c31f0 0x221f0(139760) Total Size: Size: 0x26ee38 (2551352) bytes. ------------------------------ GC Heap Size: Size: 0x26ee38 (2551352) bytes.- 輸出內容包含各個程序域內存信息、JIT堆、GC堆、加載器堆等地址信息。
- dumpheap命令
- 作用:查看內存中的對象信息,非常有用。
- DumpHeap [-stat] [-mt <MethodTable address>] [-type <partial type name>]
- 默認輸出全部的對象明細,數據量大,一般都會帶參數限制輸出大小。
- -stat:按照對象的類型,彙總輸出,最常用的選項。
- -mt <MethodTable address>:根據MethodTable地址過濾對象。
- -type <partial type name>:根據類型名稱過濾對象,區分大小寫,不需要提供完整類型。
- 輸出示例和解讀:
-
0:001> !dumpheap -stat -mt 00007ffbee0abd78 Statistics: MT Count TotalSize Class Name 00007ffbee0abd78 34150 1366000 System.Net.SocketAddress Total 34150 objects 0:001> !dumpheap -stat -type Net.SocketAddress Statistics: MT Count TotalSize Class Name 00007ffbee0abd78 34150 1366000 System.Net.SocketAddress Total 34150 objects
- dumpobj命令
- 作用:查看對象信息
- DumpObj <object address>
- 輸出示例和解讀:
查看代碼
0:015> !DumpObj /d 0000024ce12acc98 Name: System.Threading.Thread MethodTable: 00007ffc59304e08 EEClass: 00007ffc59481748 Size: 96(0x60) bytes File: C:\WINDOWS\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll Fields: MT Field Offset Type VT Attr Value Name 00007ffc5938ea98 400192d 8 ....Contexts.Context 0 instance 0000000000000000 m_Context 00007ffc5930c3a0 400192e 10 ....ExecutionContext 0 instance 0000024ce12d30a0 m_ExecutionContext 00007ffc59303db8 400192f 18 System.String 0 instance 0000000000000000 m_Name 00007ffc59306628 4001930 20 System.Delegate 0 instance 0000000000000000 m_Delegate 00007ffc59308090 4001931 28 ...ation.CultureInfo 0 instance 0000000000000000 m_CurrentCulture 00007ffc59308090 4001932 30 ...ation.CultureInfo 0 instance 0000000000000000 m_CurrentUICulture 00007ffc593041d0 4001933 38 System.Object 0 instance 0000000000000000 m_ThreadStartArg 00007ffc5930d260 4001934 40 System.IntPtr 1 instance 24cdf5efd80 DONT_USE_InternalThread 00007ffc59306ad8 4001935 48 System.Int32 1 instance 2 m_Priority 00007ffc59306ad8 4001936 4c System.Int32 1 instance 1 m_ManagedThreadId 00007ffc5930a420 4001937 50 System.Boolean 1 instance 0 m_ExecutionContextBelongsToOuterScope 00007ffc59326f88 4001938 e30 ...LocalDataStoreMgr 0 shared static s_LocalDataStoreMgr >> Domain:Value 0000024cdf5c4cf0:NotInit << 00007ffc5a588408 400193a e38 ...eInfo, mscorlib]] 0 shared static s_asyncLocalCurrentCulture >> Domain:Value 0000024cdf5c4cf0:NotInit << 00007ffc5a588408 400193b e40 ...eInfo, mscorlib]] 0 shared static s_asyncLocalCurrentUICulture >> Domain:Value 0000024cdf5c4cf0:NotInit << 00007ffc59328a18 4001939 18 ...alDataStoreHolder 0 shared TLstatic s_LocalDataStore >> Thread:Value << 00007ffc59306ad8 400193c d10 System.Int32 1 shared TLstatic t_currentProcessorIdCache >> Thread:Value <<- 其中Attr列的instance代表當前行是實例字段,Value是Field的值,Name是當前Field的名稱。
查看異常的命令
- pe命令
- 作用:查看當前線程的異常。
- 輸出示例和解讀:
查看代碼
0:098> !pe Exception object: 000002bbf5127940 Exception type: ServiceStack.Redis.RedisException Message: Host:10.201.107.xxx,Port:26379 Exceeded timeout of 00:00:03 InnerException: System.Net.Sockets.SocketException, Use !PrintException 000002bef5278f08 to see more. StackTrace (generated): SP IP Function 000000D8D77FC260 00007FFB92F54063 UNKNOWN!ServiceStack.Redis.RedisNativeClient.SendReceive[[System.__Canon, mscorlib]](Byte[][], System.Func`1<System.__Canon>, System.Action`1<System.Func`1<System.__Canon>>, Boolean)+0x2b3 000000D8D77FE510 00007FFB92F596C4 UNKNOWN!ServiceStack.Redis.RedisNativeClient.SendExpectMultiData(Byte[][])+0xd4 ...省略.... 000000D8D77FE8A0 00007FFB92F5D681 UNKNOWN!ServiceStack.Redis.RedisSubscription.SubscribeToChannelsMatching(System.String[])+0x51 000000D8D77FE8D0 00007FFB92F5CFC5 UNKNOWN!ServiceStack.Redis.RedisPubSubServer.RunLoop()+0x1d5 StackTraceString: <none> HResult: 80131500- 輸出內容包含了完整的異常信息,比如異常對象地址、Message內容、異常堆棧,甚至連InnerException也有提示。
總結
本文不僅是教程,也是一份手冊。SOS提供了非常多的命令,需要逐步摸索實踐,這些命令只有親自實踐後才能夠真正掌握。
參考資料
SOS.dll (SOS Debugging Extension) - .NET Framework | Microsoft Docs