Advanced .NET Debugging

Question

I'm reading Advanced .NET Debugging book and I like it very much. However I have some problems with the examples. I would really appreciate if someone that has read it helped me.

I have two questions:

Versus what version of .NET framework are examples built? I cannot run them under windbg(x86) and they load under windbg(x64) so I assume it's 64 bit version of framework. But which framework? 2.0, 3, 3.5, 4?
When looking at type handle (method table) as described in Chapter 2 I had different results (my results and what book shows is shown below). Of course I'm not talking about addresses being different. For example when I dd on method table I see different values for Flags2 field, NumMethods field. I have no idea why. On page 56 author says that size of object is 0x14 (same at my machine) because object has 4 integers. But listing for 02TypeSample.cs shows only 3 integers, x, y, z. On my machine dd shows 4 methods when in example it shows 7. Book also says that compiler generated default ctor.

"The first thing to remember is that even though we did not explicitly define any constructors, the C# compiler automatically generated a default constructor for us.

When on listing you can see that TypeSample has ctor taking 3 integers as parameters. Either something is wrong with me, book or examples. What is it? ;)

Method table from the book:
0:000>dd 002930b0
002930b0 00040000 00000014 00070402 00000004
002930c0 790fd0f0 00292c3c 002930f8 00291244
002930d0 00000000 00000000 79371278 7936b3b0
002930e0 7936b3d0 793624d0 003400c8 0029c015
002930f0 0034007000000000 00000080 00000000
00293100 00000000 00000000 00000000 00000000
00293110 00000000 00000000 00000000 00000000
00293120 00000000 00000000 00000000 00000000

My method table:
0:000> dd 00223420 
00223420  00000000 00000014 00040011 00000004
00223430  68b70944 00222fe4 00223458 00221390
00223440  00000000 00000000 68ac6a90 68ac6ab0
00223450  68ac6b20 68b37700 00000080 00000000
00223460  00000000 00000000 00000000 00000000
00223470  00000000 00000000 00000000 00000000
00223480  00000000 00000000 00000000 00000000
00223490  00000000 00000000 00000000 00000000

it shows 4 methods when !dumpmt shows 7

0:000> !dumpmt -md 00223420 
EEClass: 00221390
Module: 00222fe4
Name: Advanced.NET.Debugging.Chapter2.TypeSample
mdToken: 02000002  (F:\Development\Advanced .NET Debugging\adndsrc\Chapter2\TypeSample\TypeSample\bin\Debug\TypeSample.exe)
BaseSize: 0x14
ComponentSize: 0x0
Number of IFaces in IFaceMap: 0
Slots in VTable: 7
--------------------------------------
MethodDesc Table
   Entry MethodDesc      JIT Name
68ac6a90   6894494c   PreJIT System.Object.ToString()
68ac6ab0   68944954   PreJIT System.Object.Equals(System.Object)
68ac6b20   68944984   PreJIT System.Object.GetHashCode()
68b37700   689449a8   PreJIT System.Object.Finalize()
003d00d8   00223398      JIT Advanced.NET.Debugging.Chapter2.TypeSample..ctor(Int32, Int32, Int32)
0022c015   002233a4     NONE Advanced.NET.Debugging.Chapter2.TypeSample.AddCoordinates()
003d0070   002233b0      JIT Advanced.NET.Debugging.Chapter2.TypeSample.Main(System.String[])

score 1 · Answer 1 · answered Feb 14 '13 at 04:36

1

The back of the book says it targets .NET CLR 4.0. However, the Sample Code section of the preface states that all the code is written using C# and .NET 2.0. There's a chapter at the end on .NET 4.0.

The output of the !dumpmt command above is clearly 32 bit (x86) as the Entry column is a pointer.

As for your second question. Could you please specify which example you're referring to.

answered Feb 14 '13 at 04:36

Brian Rasmussen

114,645
34
221
317

To get output similar to what's in book I downloaded sources and built them targeting x86. The binaries from books website wouldn't run under windbg x86. They work in windbg x64 but then all addresses are 64 bit and don't look at all like in book. In my second question I Listing 2-5 from page 43 and section on type handle starting from page 53. – Piotr Perak Feb 14 '13 at 08:12
also in all examples I see: .loadby sos.dll mscorwks. So it can't target CLR 4.0. I think mscorwks was renamed to clr in CLR 4.0. – Piotr Perak Feb 14 '13 at 08:52
Thanks for the update. I'll take a look at the book and see if I can make sense of it. I haven't look at the sources, so I cannot comment on that. However, I wrote the author when the book came out and he was very kind to answer the questions I had. You may want to try that. You're correct that the DLL was renamed to `clr.dll` in 4.0. `mscorwks.dll` was the dll for 2.0. That fits well with the info in the Sample Code section. – Brian Rasmussen Feb 14 '13 at 16:51
I tried to contact author before asking question here. But contact form on books web page isn't working unfortunately. – Piotr Perak Feb 15 '13 at 08:14
I'll see if I can ping him. – Brian Rasmussen Feb 15 '13 at 17:07
1

Please send me a mail (my email is listed on my profile) and I'll put you in contact with the author. Thanks. – Brian Rasmussen Feb 15 '13 at 17:26
When down voting please leave a comment. – Brian Rasmussen May 31 '13 at 03:26

score 1 · Answer 2 · answered Jan 12 '14 at 05:52

1

To build X86 assemblies you can modify the build XML. The provided XML seem to build the assemblies as X64 on 64 bit windows.

answered Jan 12 '14 at 05:52

dcrearer

1,972
4
24
48

Advanced .NET Debugging

2 Answers2