In my experience the suggestion offered by hakan doesn't work. Here's what I do.
The output shows that the attached handler is a member of the object pointed to by _target
. By dumping that you'll get it's method table.
I have constructed a similar example, to illustrate:
0:000> !do 02844de4
Name: System.EventHandler
MethodTable: 0067afa4
EEClass: 0052ef88
Size: 32(0x20) bytes
(C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll)
Fields:
MT Field Offset Type VT Attr Value Name
002e6d58 40000ff 4 System.Object 0 instance 02842d20 _target
0058df70 4000100 8 ...ection.MethodBase 0 instance 00000000 _methodBase
0058743c 4000101 c System.IntPtr 1 instance 2cc060 _methodPtr
0058743c 4000102 10 System.IntPtr 1 instance 0 _methodPtrAux
002e6d58 400010c 14 System.Object 0 instance 00000000 _invocationList
0058743c 400010d 18 System.IntPtr 1 instance 0 _invocationCount
In this case, I'll look at the object at 02842d20
.
0:000> !do 02842d20
Name: app.Foo
MethodTable: 002c30bc
EEClass: 002c13d4
Size: 12(0xc) bytes
(C:\workspaces\TestBench\app\bin\x86\Debug\app.exe)
Fields:
None
So the target type is app.Foo
. Let's dump the methods for this type.
0:000> !dumpmt -md 002c30bc
EEClass: 002c13d4
Module: 002c2c5c
Name: app.Foo
mdToken: 02000002 (C:\workspaces\TestBench\app\bin\x86\Debug\app.exe)
BaseSize: 0xc
ComponentSize: 0x0
Number of IFaces in IFaceMap: 0
Slots in VTable: 6
--------------------------------------
MethodDesc Table
Entry MethodDesc JIT Name
002ec015 002e6cbc NONE System.Object.ToString()
002ec019 002e6cc4 NONE System.Object.Equals(System.Object)
002ec029 002e6cf4 NONE System.Object.GetHashCode()
005f4930 002e6d1c JIT System.Object.Finalize()
005f8238 002c30b4 JIT app.Foo..ctor()
005f8270 002c30a8 JIT app.Foo.Bar(System.Object, System.EventArgs)
Compare the values of the MethodDesc
table with the original value of _methodPtr
. No apparent match.
_methodPtr points to a piece of code which either does a jmp
to the address of the function in question or calls a fix-up routine, so the next step is to use the !u
command on the value of _methodPtr
. If we see a jmp
instruction, we have the address and by using !u
on that, we get the method.
If, on the other hand, we see a call
to clr!PrecodeFixupThunk
we can get the MethodDesc by dumping the memory pointed to by _methodPtr
like this
0:000> dd 2cc060
002cc060 7e5d65e8 00005e6e 002c30a8 00000000
002cc070 00000000 00000000 00000000 00000000
002cc080 00000000 00000000 00000000 00000000
we see something that looks like a method table entry in as the third DWORD. By comparing the value 002c30a8
with the method table above, we see that the name of the method is app.Foo.Bar
.
Since this is a constructed example, I know that I have found the method, I was looking for in this case.
Actually it may be bit more complicated that the above example shows, as the fields are used differently depending on the actual usage of the event. However, in my experience the approach above will work in the general publisher/subscriber scenario.
For more details on the implementation details check out the file comdelegate.cpp
of the shared source CLI.