The !DumpArray command does not have the -short flag like !DumpHeap. Now, I have an array of objects, i.e. an array of addresses. How can one iterate over all of them using .foreach (or any other way)?
I can probably treat the array as an unmanaged object - figure out the layout and get to the contiguous memory part where the 64 bits addresses are stored. But I really hope there is a better way.
I ended up noticing that a managed array of 64 bits pointers have its items start at the offset 0x10.
So, the code to iterate over the items would be:
.foreach /pS1 /ps1 (x {dq /c1 <The Array Address>+0x10 L<Count>}){.echo x }
Where <The Array Address> is the array address and <Count> is the count of array items to visit.
In my case, I actually deal with a List<T> object. It contains the array reference at the offset 8 (_items) and the count of items at the offset 0x18 (_size)
So, given X the address of a List<T> object, where T is a reference type in a 64 bits system, we can iterate the items of the list like this:
r @$t0 = wo(X+0x18)
.foreach /pS1 /ps1 (x {dq /c1 poi(X+8)+0x10 L@$t0}){.echo x }