How can I view disassembly of a JITted method in a .NET program when attaching to it with WinDbg?

Question

Similar to this question asking the same but in VS, I'd like to ask how can I use WinDbg to view diassembly of a JITted method?

Breaking this into two parts, in both cases there's the same SomeNamespace.SomeClass.Foo() method that I want to disassemble.

1. We only have the executable program.exe, and want to run it via WinDbg's Open Executable.
2. There's an already running process in which I want to inspect the same JITted method. (Say that we can't control how the process gets started)

Now from my understanding, JIT runs the first time a method is called. If this is true, in 2. it might be the case that the method wasn't JITted yet. Is there a way to force the JIT to run on the method in that case, so that we can inspect the result?

TL;DR: How do I disassemble a JITted method with WinDbg?

Answer 1

You can force JIT compilation by calling PrepareMethod

You can view disassembly with u command in WinDbg and SOS. See example here.

Finally, maybe you can try DumpMiner. This UI tool, let you view disassembly of jitted method without knowing how to use WinDbg

Answer 2

I don't know a way of forcing the JIT compilation of a method, but sosex' command !sosex.mbp (set managed breakpoint) also works when the method has not been jitted yet and it will break as soon as it was JIT-compiled.

After that, the SOS commands !ip2md, !dumpil and !u may be helpful. If you know the JITted code address, you can also do a native u on it.

As mentioned by @Steve Johnson, author of SOSEX, in the comments, SOSEX also has commands !mu ("managed unassemble") and !muf ("managed unassemble function") that can help with already JITted functions.