Get method name from delegate with WinDbg
Asked Answered
G

5

26

I have the following dump of delegate object:

Name: MyEventHandler  
MethodTable: 132648fc  
EEClass: 1319e2b4  
Size: 32(0x20) bytes  
Fields:  
     MT    Field   Offset                 Type VT     Attr    Value Name  
790fd0f0  40000ff        4        System.Object  0 instance 014037a4 _target  
7910ebc8  4000100        8 ...ection.MethodBase  0 instance 00000000 _methodBase  
791016bc  4000101        c        System.IntPtr  1 instance 2ef38748 _methodPtr  
791016bc  4000102       10        System.IntPtr  1 instance        0 _methodPtrAux  
790fd0f0  400010c       14        System.Object  0 instance 00000000 _invocationList  
791016bc  400010d       18        System.IntPtr  1 instance        0 _invocationCount  

How can I get the name of the method, pointed by the delegate?

Ginseng answered 8/9, 2010 at 14:17 Comment(0)
D
43

In my experience the suggestion offered by hakan doesn't work. Here's what I do.

The output shows that the attached handler is a member of the object pointed to by _target. By dumping that you'll get it's method table.

I have constructed a similar example, to illustrate:

0:000> !do 02844de4 
Name: System.EventHandler
MethodTable: 0067afa4
EEClass: 0052ef88
Size: 32(0x20) bytes
 (C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll)
Fields:
      MT    Field   Offset                 Type VT     Attr    Value Name
002e6d58  40000ff        4        System.Object  0 instance 02842d20 _target
0058df70  4000100        8 ...ection.MethodBase  0 instance 00000000 _methodBase
0058743c  4000101        c        System.IntPtr  1 instance   2cc060 _methodPtr
0058743c  4000102       10        System.IntPtr  1 instance        0 _methodPtrAux
002e6d58  400010c       14        System.Object  0 instance 00000000 _invocationList
0058743c  400010d       18        System.IntPtr  1 instance        0 _invocationCount

In this case, I'll look at the object at 02842d20.

0:000> !do 02842d20 
Name: app.Foo
MethodTable: 002c30bc
EEClass: 002c13d4
Size: 12(0xc) bytes
 (C:\workspaces\TestBench\app\bin\x86\Debug\app.exe)
Fields:
None

So the target type is app.Foo. Let's dump the methods for this type.

0:000> !dumpmt -md 002c30bc
EEClass: 002c13d4
Module: 002c2c5c
Name: app.Foo
mdToken: 02000002  (C:\workspaces\TestBench\app\bin\x86\Debug\app.exe)
BaseSize: 0xc
ComponentSize: 0x0
Number of IFaces in IFaceMap: 0
Slots in VTable: 6
--------------------------------------
MethodDesc Table
   Entry MethodDesc      JIT Name
002ec015   002e6cbc     NONE System.Object.ToString()
002ec019   002e6cc4     NONE System.Object.Equals(System.Object)
002ec029   002e6cf4     NONE System.Object.GetHashCode()
005f4930   002e6d1c      JIT System.Object.Finalize()
005f8238   002c30b4      JIT app.Foo..ctor()
005f8270   002c30a8      JIT app.Foo.Bar(System.Object, System.EventArgs)

Compare the values of the MethodDesc table with the original value of _methodPtr. No apparent match.

_methodPtr points to a piece of code which either does a jmp to the address of the function in question or calls a fix-up routine, so the next step is to use the !u command on the value of _methodPtr. If we see a jmp instruction, we have the address and by using !u on that, we get the method.

If, on the other hand, we see a call to clr!PrecodeFixupThunk we can get the MethodDesc by dumping the memory pointed to by _methodPtr like this

0:000> dd 2cc060 
002cc060  7e5d65e8 00005e6e 002c30a8 00000000
002cc070  00000000 00000000 00000000 00000000
002cc080  00000000 00000000 00000000 00000000

we see something that looks like a method table entry in as the third DWORD. By comparing the value 002c30a8 with the method table above, we see that the name of the method is app.Foo.Bar.

Since this is a constructed example, I know that I have found the method, I was looking for in this case.

Actually it may be bit more complicated that the above example shows, as the fields are used differently depending on the actual usage of the event. However, in my experience the approach above will work in the general publisher/subscriber scenario.

For more details on the implementation details check out the file comdelegate.cpp of the shared source CLI.

Diffractometer answered 10/9, 2010 at 6:16 Comment(2)
Instead of manually comparing to the method table, you could also use the !DumpMD command with the method descriptor.Winthorpe
Looks bad on x64, just a jump to a registerRoney
F
6

I believe you can use !ip2md on the value of the methodPtr. That should give the method description.

Faltboat answered 8/9, 2010 at 14:29 Comment(2)
That will not always work. But in my experience, no method works all the time, so you have to know and try different techniques to get the method nameJamarjamb
You guys are probably right, quick googling showed that this might not work if the method is not JITted yet. But I would still first try this and if it doesn't work other approaches. Brian's solution, dumping the methods of the target object, looks very convenient actually.Faltboat
J
5

Another way is to disassemble the data at _methodPtr.

Lets say our EventHandler looks like this:

      MT    Field   Offset                 Type VT     Attr    Value Name
6da484dc  40000ff        4        System.Object  0 instance 02d8ff64 _target
6da4d0ac  4000100        8 ...ection.MethodBase  0 instance 00000000 _methodBase
6da4b188  4000101        c        System.IntPtr  1 instance  d955840 _methodPtr

Let's look at the disassembly of d955840

!U d955840
Unmanaged code
08577a50 b884f8a007      mov     eax,7A0F884h
08577a55 90              nop
08577a56 e855b4d665      call    mscorwks+0x2eb0 (6e2e2eb0)
08577a5b e9ac8de4f7      jmp     003c080c
08577a60 b8d4f9a007      mov     eax,7A0F9D4h
08577a65 90              nop
08577a66 e845b4d665      call    mscorwks+0x2eb0 (6e2e2eb0)
08577a6b e99c8de4f7      jmp     003c080c
08577a70 00b000eb0cb0    add     byte ptr [eax-4FF31500h],dh
08577a76 03eb            add     ebp,ebx

We see a mov to 7A0F884 here, so this could be the method we are looking for:

!dumpmd 7A0F884 
Method Name: DemoClass.OnDemoEvent(System.Object, System.EventArgs)
Class: 07c079e8
MethodTable: 07c10034
mdToken: 060010ee
Module: 07a0b7ac
IsJitted: no
CodeAddr: ffffffff

bingo!

There are different ways to get the name of the method, and not all will work in all situations

Jamarjamb answered 16/9, 2010 at 13:51 Comment(0)
W
5

I have creatd a littel Windbg script to resolve the stored method directly from a methodPtr value. You can read more about here.

The Script is:

r $t0 = ${$arg1}+5
r $t1 = $t0 + 8*by($t0+2) + 3
r $t2 = 8*by($t0+1)
r $t3 = poi($t1) + $t2
!DumpMD $t3

Store it in a file and execute it with the _methodPtr value of your delegate like

$$>a< "c:\source\DelegateTest\Resolve.txt" 2ef38748 

That should do the trick on all platforms and for .NET 2.0 up to .NET 4.5.

Wolpert answered 20/5, 2012 at 22:49 Comment(1)
By looking at the generated assembler code. It is as easy as that. I might note that there are actually two delegate call types. Action, Func, ... are fast. But "old" stlye delgates which you explicitely declare go into very different code path (e.g. MethodInvoker for WndProc delegates) is a quite common one.Wolpert
P
1

With the help of ClrMd, I'm working on a tool to explore .Net dump file with a user friendly GUI. There is a feature to find delegates and display its invocation list and method names.

Pursuance answered 2/1, 2017 at 13:47 Comment(1)
Please don't post links here but copy the relevant code.Verner

© 2022 - 2024 — McMap. All rights reserved.