성태의 닷넷 이야기
홈 주인
모아 놓은 자료
프로그래밍
질문/답변
사용자 관리
사용자
메뉴
아티클
외부 아티클
유용한 코드
온라인 기능
MathJax 입력기
최근 덧글
[정성태] Detecting blocking calls using asyn...
[정성태] 아쉽게도, 커뮤니티는 아니고 개인 블로그입니다. ^^
[정성태] 질문이 잘 이해가 안 됩니다. 우선, 해당 소스코드에서 ILis...
[양승조
] var대신 dinamic으로 선언해서 해결은 했습니다. 맞는 해...
[양승조
] 또 막혔습니다. ㅠㅠ var list = props[i].Ge...
[양승조
] 아. 감사합니다. 어제는 안됐던것 같은데....정신을 차려야겠네...
[정성태] "props[i].GetValue(props[i])" 코드에서 ...
[정성태] 저렇게 조각 코드 말고, 실제로 재현이 되는 예제 프로젝트를 압...
[정성태] Modules 창(Ctrl+Shift+U)을 띄워서, 해당 Op...
[정성태] 만드실 수 있습니다. 단지, Unity 엔진 내의 스크립트와 W...
글쓰기
제목
이름
암호
전자우편
HTML
홈페이지
유형
제니퍼 .NET
닷넷
COM 개체 관련
스크립트
VC++
VS.NET IDE
Windows
Team Foundation Server
디버깅 기술
오류 유형
개발 환경 구성
웹
기타
Linux
Java
DDK
Math
Phone
Graphics
사물인터넷
부모글 보이기/감추기
내용
<div style='display: inline'> <h1 style='font-family: Malgun Gothic, Consolas; font-size: 20pt; color: #006699; text-align: center; font-weight: bold'>windbg - 닷넷 개발자를 위한 MEX Debugging Extension 소개</h1> <p> 초기 버전 때 써 보고는 그동안 소홀하다가 최근에 다시 다운로드해,<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > MEX Debugging Extension ; <a target='tab' href='https://www.microsoft.com/en-us/download/details.aspx?id=53304'>https://www.microsoft.com/en-us/download/details.aspx?id=53304</a> </pre> <br /> 실습해 봤습니다. ^^<br /> <br /> 로드하고,<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > 0:000> <span style='color: blue; font-weight: bold'>.load d:\wext\x64\mex.dll</span> Mex External 3.0.0.7172 Loaded! </pre> <br /> help를 보니, 명령어가 너무 많이 추가되어 다 해 볼 엄두가 안 날 정도입니다. ^^;<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > !mex.help </pre> <br /> 몇 개 골라서 출력을 해볼까요? ^^<br /> <br /> 우선 aspnetcache는 신선하긴 하지만 출력 결과가 너무 많고 asp.net 자체가 쓰는 캐시도 많아서 실제 업무 프로그램을 대상으로 쓰게 될지는 잘 모르겠습니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > 0:074> <span style='color: blue; font-weight: bold'>!aspnetcache</span> CacheItem: 00000000ff2a2cc0 Key: 00000000ff2a2c48 "AResources.Resource" [19] (System.String) Value: 00000000ff2a2ca0 (System.Web.Compilation.GlobalResXResourceProvider) CacheItem: 00000000ff36e2c0 Key: 00000000ff36e280 "yapp_web_ymh0rpgj" [17] (System.String) Value: 00000000ff36db00 (System.Reflection.RuntimeAssembly) CacheItem: 00000000ff36e878 Key: 00000000ff36e810 "document.aspx.ac17e5c6" [37] (System.String) Value: 00000001af315bc0 (System.Web.Compilation.BuildResultCompiledTemplateType) CacheItem: 00000000ff400fd0 Key: 00000000ff400f90 "yapp_web_lfsxrg55" [17] (System.String) Value: 00000000ff400600 (System.Reflection.RuntimeAssembly) ...[생략]... </pre> <br /> <hr style='width: 50%' /><br /> <br /> "Dump All Exceptions"라는 의미의 "dae" 명령어도 예외가 제법 발생하는 현업 응용 프로그램에서는 시스템의 성능을 파악하기에는 너무 많은 출력에 난감할 수 있습니다. 단지 좋은 것은 예외 타입 별로 발생 빈도 수를 함께 출력해 주는 정도!<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > 0:074> !dae 1 exceptions: 0x000000010f618470 In Generation: 0 from .NET v4.0.30319.296 HResult: 0x80131904 Type: System.Data.SqlClient.SqlException Message: ...[생략]... Stack Trace: ...[생략]... <span style='color: blue; font-weight: bold'>29 exceptions</span>: 0x00000000ff4acd00 0x00000000ff54a8e8 0x000000010fffc9e8 0x000000011f47fe90 0x000000011f4c3db0 0x000000012f4043a8 0x000000012f43bba8 0x000000012f469418 0x000000012f484fd8 0x000000013f5dfa20 ... In Generation: 0 from .NET v4.0.30319.296 HResult: 0x80131530 Type: System.Threading.ThreadAbortException Message: 스레드가 중단되었습니다. Stack Trace: SP IP Function 000000001b6ee820 0000000000000000 System.Threading.Thread.AbortInternal() 000000001b6ee820 000007ff029341c9 System.Threading.Thread.Abort(System.Object) 000000001b6ee870 000007ff0293402d System.Web.HttpResponse.End() 000000001b6ee8c0 000007ff02933eba DevExpress.Web.ASPxClasses.Internal.HttpUtils.EndResponse() </pre> <br /> <hr style='width: 50%' /><br /> <br /> 기존에 있던 sos 명령어에 "2"만 붙인 것은 외우기도 쉬우니 한번 써볼만합니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > 0:074> <span style='color: blue; font-weight: bold'>!clrstack2</span> DbgId ThreadId Apartment Kind CLR GC Mode GC Suspending? 74 b398 MTA Background v4.0.30319.296 <a target='tab' href='http://www.sysnet.pe.kr/2/0/11475'>Preemptive</a> no Failed to evaluate rule SocketRule: Object reference not set to an instance of an object. SP IP Function Source 000000001b91cf38 0000000000000000 NDirectMethodFrameStandalone 000000001b91cf00 000007ff02870992 DomainNeutralILStubClass.IL_STUB_PInvoke(IntPtr, Byte*, Int32, System.Net.Sockets.SocketFlags) 000000001b91cfe0 000007ff02872890 System.Net.Sockets.Socket.Receive(Byte[], Int32, Int32, System.Net.Sockets.SocketFlags, System.Net.Sockets.SocketError ByRef) 000000001b91d0b0 000007ff028725b4 System.Net.Sockets.Socket.Receive(Byte[], Int32, Int32, System.Net.Sockets.SocketFlags) ...[생략]... 000000001b91d3b0 000007ff00f205f8 System.Threading.ExecutionContext.runTryCode(System.Object) 000000001b91dad8 0000000000000000 HelperMethodFrame_PROTECTOBJ [System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)] 000000001b91dc00 000007ff00f1efe6 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) 000000001b91dc60 000007ff00f1eebb System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) 000000001b91dcb0 000007ff011264dd System.Threading.ThreadHelper.ThreadStart() 000000001b91e108 0000000000000000 GCFrame 000000001b91e4f0 0000000000000000 DebuggerU2MCatchHandlerFrame 000000001b91e6c8 0000000000000000 ContextTransitionFrame </pre> <br /> "2"가 붙은 명령어 중에 sos.do에 대한 것도 있습니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > 0:074> <span style='color: blue; font-weight: bold'>!do2</span> 00000001bf2fc148 0x00000001bf2fc148 TestApp.Timer 0000 _timer : 000000013f2e1ff0 (TestApp.Startup) 0008 _thread : 00000001bf2fc218 (System.Threading.Thread) 0010 _Packet : 00000001bf2fc180 (System.Collections.Generic.Dictionary<System.Int32,System.Int32>) 0018 _timeout : 60000 (System.Int32) 0020 _lastTick : 00000001bf2fc170 <span style='color: blue; font-weight: bold'>2018-07-30 오후 9:39:02 (System.DateTime)</span> </pre> <br /> sos.do에서는 DateTime 값을 알아내는 게 번거로웠는데,<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > windbg - 메모리 덤프로부터 DateTime 형식의 값을 알아내는 방법 ; <a target='tab' href='http://www.sysnet.pe.kr/2/0/11313'>http://www.sysnet.pe.kr/2/0/11313</a> </pre> <br /> do2에서는 출력 결과에 DateTime을 풀어서 출력해 주므로 요긴하게 써먹을 수 있을 것 같습니다.<br /> <br /> <hr style='width: 50%' /><br /> <br /> 예전에 닷넷 모듈을 저장하는 방법을 python 스크립트를 이용해 설명하기도 했는데요,<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > windbg - 풀 덤프 파일로부터 .NET DLL을 추출/저장하는 방법 ; <a target='tab' href='http://www.sysnet.pe.kr/2/0/10943'>http://www.sysnet.pe.kr/2/0/10943</a> windbg - 풀 덤프에 포함된 모든 닷넷 모듈을 파일로 저장하는 방법 ; <a target='tab' href='http://www.sysnet.pe.kr/2/0/11297'>http://www.sysnet.pe.kr/2/0/11297</a> </pre> <br /> mex에 이를 위한 명령어가 있으니 활용하면 되겠습니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > <span style='color: blue; font-weight: bold'>!mex.writemodule</span> -a -p "destination path" </pre> <br /> 그런데 아쉽게도 닷넷 모듈에 대해서는 "<a target='tab' href='http://www.sysnet.pe.kr/2/0/10943'>windbg - 풀 덤프 파일로부터 .NET DLL을 추출/저장하는 방법</a>" 글에서 설명한 lm 명령어의 결과로 나오는 모듈만 저장하는 한계가 있습니다. 따라서 특별한 경우가 아니라면 결국 "<a target='tab' href='http://www.sysnet.pe.kr/2/0/11297'>windbg - 풀 덤프에 포함된 모든 닷넷 모듈을 파일로 저장하는 방법</a>" 글의 내용대로 pykd를 이용해 저장하는 것이 더 좋습니다.<br /> <br /> <hr style='width: 50%' /><br /> <br /> SQL Connection 객체의 현황을 파악해 주는 명령어도 있습니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > 0:074> <span style='color: blue; font-weight: bold'>!sqlcn</span> Searching .NET Heap for SQL Pool Objects.. Pool Address Connections Active Connections Max Pool Size Min Pool Size Connection Info ================ =========== ================== ============= ============= ======================================================= 000000010f328600 1 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB (more) 000000011f328178 1 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB (more) 000000013f428d10 2 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB2 (more) 000000018f333af0 1 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB (more) 00000001af2cf420 7 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB2 (more) 00000001bf32c910 1 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB2 (more) 00000001cf31a250 3 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB (more) 00000001cf393070 1 0 100 0 DataSource=TestDB;InitialCatalog=UnitTestDB2 (more) 8 connection pools holding 17 connections 0 connections are active, where active means that Close() has not been called </pre> <br /> 서버 프로그램의 성능을 가장 크게 좌우하는 항목이다 보니 아마 제일 먼저 실행하고 싶은 명령어가 될 것입니다.<br /> <br /> <hr style='width: 50%' /><br /> <br /> DebugDaig Analysis로 분석 시 호출 스택 별 스레드 모아주기 기능도 "unique stack"이라는 의미의 명령어로 제공하고 있습니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > 0:074> <span style='color: blue; font-weight: bold'>!us</span> <span style='color: blue; font-weight: bold'>1 thread [stats]: 0</span> 000000007748f6fa ntdll!NtWaitForSingleObject+0xa 000007fefd6c10dc KERNELBASE!WaitForSingleObjectEx+0x79 000007fef9eb41bc w3wphost!AppHostInitialize+0x278 00000000ff273c60 w3wp!wmain+0x470 00000000ff2711f1 w3wp!PerfStopProvider+0x19b 000000007733f34d kernel32!BaseThreadInitThunk+0xd 0000000077472ca1 ntdll!RtlUserThreadStart+0x1d <span style='color: blue; font-weight: bold'>4 threads [stats]: 22 23 24 25</span> 000000007748f74a ntdll!NtRemoveIoCompletion+0xa 000007fefd6c162d KERNELBASE!GetQueuedCompletionStatus+0x39 000000007732bbd1 kernel32!GetQueuedCompletionStatusStub+0x11 000007fef3f752d3 iisfcgi!TRANSPORT::WorkerThread+0x2b 000000007733f34d kernel32!BaseThreadInitThunk+0xd 0000000077472ca1 ntdll!RtlUserThreadStart+0x1d ...[생략]... </pre> <br /> <hr style='width: 50%' /><br /> <br /> 프로세스의 다양한 정보와 명령행 인자를 확인하는 것도 가능합니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > 0:074> <span style='color: blue; font-weight: bold'>!mex.p</span> Name Ses PID PEB Mods Handle Thrd ======== === ============== ================ ==== ====== ==== w3wp.exe 0 6488 (0n25736) 000007fffffdb000 322 2755 126 CommandLine: c:\windows\system32\inetsrv\w3wp.exe -ap "AppPool_TestApp" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipmffbc8bd0-f622-4b2e-a64d-f27c02bca3c3 -h "C:\inetpub\temp\apppools\AppPool_TestApp.config" -w "" -m 0 -t 20 Last event: 6488.4da0: Break instruction exception - code 80000003 (first/second chance not available) Show Threads: Unique Stacks !listthreads (!lt) ~*kv </pre> <br /> 부가적으로 환경 변수를 알고 싶을 땐 다음의 글을 참조하시고.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > windbg - 덤프 파일로부터 PID와 환경 변수 등의 정보를 구하는 방법 ; <a target='tab' href='http://www.sysnet.pe.kr/2/0/11478'>http://www.sysnet.pe.kr/2/0/11478</a> </pre> <br /> <hr style='width: 50%' /><br /> <br /> 이외에도 다음과 같은 명령어가 있으니... 틈틈이 실행해 보시면 좋을 것입니다. ^^<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > 0:074> <span style='color: blue; font-weight: bold'>!mex.help -all</span> Command Description Category Owner =========================================== ======================================================================================================================================================== ============ =========== addr Display information about an address Kernel mexfeedback afd Afd Command Help Networking mexfeedback aspnetcache (!aspnetcache) Display the ASP.NET Cache DotNet mexfeedback aspxpagesext Like !aspxpages, but more powerful DotNet mexfeedback atom Dumps user mode atom table Utility mexfeedback backtrace (!bt) Displays the stack backtrace for the specified index into ntdll!RtlpStackTraceDatabase General mexfeedback base64 (!b64) Displays or saves base64 data General mexfeedback beep Beeps Utility mexfeedback bin Displays binary information located at the given address Utility mexfeedback bits2 (!b2) Executes a command with all possible values of a single bit flip Utility mexfeedback bl Replaces the built in breakpoint list (bl) command with DML'd version Utility mexfeedback bp Replaces the built in breakpoint (bp) command with a DML'd version Utility mexfeedback cache (!c) Cache the output of a command to replay later Utility mexfeedback chkall Shortcut for !chkimg against all modules Binaries mexfeedback classtype (!ct) Tries to determine the C++ class type of a pointer General mexfeedback clipboard2 Gets/Sets text on the clipboard, or enable/disable clipboard access Utility mexfeedback clrstack2 (!ck2) Prints the stack trace of a managed thread DotNet mexfeedback clusdisk Shows all the disk cluster is aware of for W2k3 - W28R2 General mexfeedback codescope Prints all available code analysis checklists Decompile mexfeedback commandline (!cl) Prints out the command line of a process General mexfeedback comment Displays the comments for the dump Utility mexfeedback computername (!cn) Computer Name Command Help Utility mexfeedback conhost (!con) Displays console host (conhost.exe) info Process mexfeedback context (!w) Prints out the current implicit process and thread context (e.g. where am I) General mexfeedback cordll (!cordll) Displays available CLR versions DotNet mexfeedback count Counts the number of lines returned by a command Utility mexfeedback criticalsection (!cs) CS - Displays details for a critical section General mexfeedback cut Filters output, removing unwanted areas Utility mexfeedback da Displays an ANSI string Utility mexfeedback dae (!DumpAllExceptions) Replacement for !dae DotNet mexfeedback ddt Wrapper for dt that adds some DML Utility mexfeedback decodeoplockstate (!dols) Decode an OpLockState to human readable values General mexfeedback decompilemember Decompile and print psuedo-C# source code for the given [MemberName] Decompile mexfeedback decompiletype Decompile and print psuedo-C# source code for the given [TypeName] Decompile mexfeedback deferredready (!dfr) Shows the current deferredready threads Thread mexfeedback delegaterefs (!drefs) Displays information about objects referenced by delegates DotNet mexfeedback desktop (!desktops) Displays the desktops for the Windows Stations Kernel mexfeedback deviceobject (!devo) Displays information about a device object Kernel mexfeedback dhcp Displays information for the DHCP server process Networking mexfeedback diffimg Compares the process' loaded module list with a scan of memory and displays any differences Binaries mexfeedback displayobj (!do2) Display a managed object structure DotNet mexfeedback dnsclient (!dnsc) Displays the DNS client cache, and includes many other features for the DNS Client service. Networking mexfeedback dr Displays registers showing volatile registers highlighted with (*) General mexfeedback driverobject (!drvo) Displays details about a driver object Kernel mexfeedback dtpool (!dtp) Displays information about a pool allocation, if it is a known pooltag we will 1. Try to run the correct extension, or 2. Just dt the structure for you. Kernel mexfeedback du Displays a Unicode string Utility mexfeedback dumpaspnetsession Prints information on ASP.NET InProc Sessions DotNet mexfeedback dumpdataset Dumps a list of all DataSet objects DotNet mexfeedback dumpdotsourcedfiles Outputs any dot sourced Powershell files optionally with their accompanying script blocks PowerShell mexfeedback dumpdynamicassemblies2 (!dda2) Like !DumpDynamicAssemblies, but better DotNet mexfeedback dumphttpruntime2 Dumps the HttpRuntime objects on the heap DotNet mexfeedback dumpinfo (!di) Display dump information Utility mexfeedback dumppsvariables Outputs the Powershell Variables of the currently running script on the current thread PowerShell mexfeedback dumpstackpscommands Outputs the commands, cmdlets, etc. found on the current thread including those referenced by other objects on the thread. PowerShell mexfeedback dumpstackpsobjects Outputs the PSObjects found on the current thread including those referenced by other objects on the thread. PowerShell mexfeedback dumpstackstrings (!dss) Displays all the strings on the stack Thread mexfeedback dumptime Time Information Utility mexfeedback dumpwcfmessage (!wcfmsg) Dumps information about a WCF buffered message DotNet mexfeedback dumpwindowsurfaces (!dws) Dump window surfaces to a directory Kernel mexfeedback eresource (!eres) Displays details for a nt!_ERESOURCE Kernel mexfeedback evt Show detail for a nt!_KEVENT Kernel mexfeedback exec Runs a series of commands. Use this instead of using semicolons Utility mexfeedback executive Displays details on threads waiting on the executive Thread mexfeedback fileobject (!fo) Displays information about a given file object Kernel mexfeedback fileserver (!fs) Displays thread running the SRV.sys or SRV2.sys drivers, excluding threads waiting on inbound work General mexfeedback finalizable (!finalizable) Displays information about finalizable objects in the GC Heap DotNet mexfeedback fixthis Preface a broken command with this one to open an email and send it to the Mex team (e.g. !fixthis !otherMexCommandThatDidNotWork Mex mexfeedback foreachcpu (!fec) Executes a command on each processor Kernel mexfeedback foreachframe (!fef) An implementation of !for_each_frame that supports filtering and sets the context before executing Thread mexfeedback foreachitem (!fei) Iterates through a list, executing a command for each item. Utility mexfeedback foreachline (!fel) Runs a command against every line of data Utility mexfeedback foreachmatchingstack (!fems) Run a command against identical stacks Thread mexfeedback foreachmodule (!fem) An implementation of !for_each_module that supports filtering Binaries mexfeedback foreachobject (!feo) Runs a command against each CLR object DotNet mexfeedback foreachprocess (!fep) An implementation of !for_each_process that supports filtering and sets the context before executing Kernel mexfeedback foreachthread (!fet) An implementation of .for_each_thread that works in user and kernel mode Thread mexfeedback gatewait Shows threads with a state of GateWait Thread mexfeedback gchandleinfo (!gchandle) Displays information on GC Handles DotNet mexfeedback gcheapinfo (!gchi) Get info on the managed GC Heap DotNet mexfeedback grep Search the output of a command for a specific string or pattern Utility mexfeedback handlefind (!hf) Find handles for a given kernel object General mexfeedback) head Displays the first X lines of a command's output Utility mexfeedback help Help General mexfeedback httpheaders Print the contents of an HttpHeaderCollection DotNet mexfeedback if (!mif) Condition detection based on command output Utility mexfeedback il Prints the IL for the specified method Decompile mexfeedback ilspy Automatically extracts the module from the dump, and launches ILSpy DotNet mexfeedback imports Displays the import table for a module Binaries mexfeedback initialized (!init) Shows the current threads in the initialized state Thread mexfeedback interpretrawstack (!irs) This command dumps the raw stack and interprets the values as symbols, and as unicode and ansi strings. It will also highlight start and end of frames General mexfeedback ip Converts an address into an IP address format Networking mexfeedback irpbyfilename (!ibfn) Dump any IRP containing the specified text in filename General mexfeedback ldap Displays LDAP client or server details Process mexfeedback listthreads (!lt) Displays a list of threads Thread mexfeedback listticks (!lticks) Show tick counts for threads Kernel mexfeedback loop Loops either forwards or backwards through a series of numbers with variable replacement Utility mexfeedback managedthreads (!mthreads) A !threads look-alike, with !aspxpagexext-like output DotNet mexfeedback mappeddrives (!mdrives) Displays mapped drives Process mexfeedback messagequeue (!mq) Displays message queue Kernel mexfeedback mheap A DML'd version of !heap. Process mexfeedback mirp Displays IRP details (replaces !irp) Kernel mexfeedback mirpfind Mex version of IRPFIND Kernel mexfeedback mods Displays modules loaded in a process Binaries mexfeedback more Runs a command in paged mode, asking for input every X lines Utility mexfeedback mreg This is a DML'd version of !reg Kernel mexfeedback mrmsg (!msg) Interprets a Windows message Utility mexfeedback mup Displays info for the Multiple UNC Provider (MUP) Networking mexfeedback ncsi Displays Network Connectivity Status Indicator (NCSI) configuration Networking mexfeedback ndao Native Dump ALL Objects - Potentially very slow General mexfeedback ndro Native Dump Register Objects General mexfeedback ndso Native Dump Stack Objects Thread mexfeedback net Net Command Help Networking mexfeedback obj Displays details for a given kernel object (object manager) Kernel mexfeedback objectsummary Outputs object analysis summary DotNet mexfeedback obtrace Dumps the trace information for an object Kernel mexfeedback oracleclientperfcounters Display System.Data.OracleClient performance counters DotNet mexfeedback outline (!ol) Outlines the calls inside a given function Utility mexfeedback p Displays process details Process mexfeedback parsemem Walks a range of memory and counts unique byte sequences Kernel mexfeedback phandles (!ph) Shows a list of currently open printer handles General mexfeedback pingtrack Pingtrack command Networking mexfeedback printdbcommand Prints information about a DBCommand object DotNet mexfeedback printexception2 (!pe2) Like !PrintException, with DML DotNet mexfeedback printmanifest Prints the assembly manifest for the specified module Decompile mexfeedback printmembers Scans specified module and type [Module!TypeName] and prints all members Decompile mexfeedback printtypes Scans specified [Module] and prints all types Decompile mexfeedback psrunspace Outputs the runspaces in the process. PowerShell mexfeedback psscriptblock Outputs the script blocks in the process. PowerShell mexfeedback rasmans Displays the rasmans!ConnectionBlockList Networking mexfeedback readfile Read a file from the filesystem and display the output in the debugger Utility mexfeedback ready (!rdy) Shows the currently ready threads Thread mexfeedback rollup (!ru) Takes an input value and rolls it up to the appropriate bucket (e.g. bytes to GB) Utility mexfeedback runaway2 Runaway2.. Replacement for !runaway General mexfeedback runcheck (!runchecks) runs the specified check(s) on the specified module(s) Decompile mexfeedback runchecklist runs the specified checklist(s) on the specified module(s) Decompile mexfeedback running (!cpu) (Kernel mode only) A brief overview of currently executing threads Thread mexfeedback rxirps Displays the list of IRPs stored in rdbss!RxIrpsList Kernel mexfeedback sccm SCCM SystemCenter mexfeedback scom (!om) Utilities for SC Operations Manager. SystemCenter mexfeedback scsm (!sm) Utilities for SC Service Manager SystemCenter mexfeedback searchthreadstacks (!sts) Searches thread stacks for a value Thread mexfeedback services (!service) Displays details about services. Requires access to the usermode address space of services.exe (userdump of services.exe or complete memory dump) General mexfeedback settings Mex Settings Mex mexfeedback sort Sort command Utility mexfeedback spdisposecheck Executes the SharePoint Dispose and Do Not Dispose Checklist items Decompile mexfeedback sqlclientperfcounters Display System.Data.SqlClient performance counters DotNet mexfeedback sqlcmd Provides information about ADO.NET Commands to SQL Server DotNet mexfeedback sqlcn Provides an overview of ADO.NET connections to SQL Server DotNet mexfeedback sqlports (!sqlports) Gets the local and remote TCP ports from a SqlConnection object DotNet mexfeedback srvnet Displays info on SRVNET Networking mexfeedback standby (!sby) Shows the current standby threads Thread mexfeedback staticfields Display static fields of a managed type DotNet mexfeedback strings Prints out readable strings in an address range Utility mexfeedback sum (!sum) Sums the output returned by a command Utility mexfeedback suspended Displays details on suspended threads Thread mexfeedback svcreg Dumps the passed in service/driver registry key General mexfeedback svcthreads (!svcthreads) Find threads executing WCF services DotNet mexfeedback t A new implementation of !thread for user & kernel mode Thread mexfeedback tac Writes input to console, last line first. Utility mexfeedback tag Searches kernel modules for a given pooltag Kernel mexfeedback tail Displays the final X lines of a command's output Utility mexfeedback tasklist (!tl) Displays information about running tasks (processes) Kernel mexfeedback tasktriage (!tasks) Analyzes the System.Threading.Tasks.Task objects still on the heap. DotNet mexfeedback tcpip (!tcp) TCP/IP - Gets TCP and UDP ports from Kernel Memory Networking mexfeedback threadpool (!tp) Displays information regarding NTDLL thread pools Thread mexfeedback threadreport (!trep) Displays a thread report. Thread mexfeedback time Time how long a command takes to execute Utility mexfeedback tr (!replace) Search and Replace. Translate a char/string into another char/string. Utility mexfeedback transition (!trans) Shows the current threads in the transition state Thread mexfeedback udescan (!manalyze) Scans dump for known issues and displays them in human-readable format. Utility mexfeedback uniqlines (!ul) Prints each line of output and a count of how many times they appeared Utility mexfeedback uniquestacks (!us) Like the built-in !uniqstacks except it associates thread IDs with the stack traces Thread mexfeedback userrequest Displays details on threads with a wait reason of UserRequest Thread mexfeedback vadmodules (!vadm) Lists the vads of a process. Kernel mexfeedback ver Displays OS version info Utility mexfeedback vss Vss Command Help Kernel mexfeedback wcfperfcounters Dumps performance counters for WCF services DotNet mexfeedback wcftcpconnectionpools (!wtcp) Display WCF Net.TCP connection pools DotNet mexfeedback whocalls Scans all loaded managed modules and finds methods that call [MethodName] Decompile mexfeedback whoimplements Scans all loaded managed modules and finds types that implement [InterfaceName] Decompile mexfeedback whoinherits Scans all loaded managed modules and finds types that inherit [TypeName] Decompile mexfeedback whonews Scans all loaded managed modules and finds methods that construct [TypeName] Decompile mexfeedback whopins Scans managed modules and all finds methods that pin objects of a given [TypeName] or all types Decompile mexfeedback window (!wnd) Displays windows for each desktop. You must be in the context of a given session to see that session's windows Kernel mexfeedback windowstation (!winsta) Display details for windows station(s) Kernel mexfeedback winnsi winnsi Command Help Networking mexfeedback wq Displays executive work queue threads Kernel mexfeedback wrcpuratecontrol Displays details on threads with a wait reason of WrCpuRateControl Thread mexfeedback wrexecutive Displays details on threads waiting on the executive Thread mexfeedback wrfastmutex Displays details on threads waiting for a Fast Mutex Thread mexfeedback wrfreepage Displays details on threads with a wait reason of WrFreePage Thread mexfeedback writefile Runs a command and writes the data to a file Utility mexfeedback writemodule Writes a module to your temp directory Binaries mexfeedback wrlpcreceive (!lpcs) Displays details on LPC/ALPC server threads Thread mexfeedback wrresource Displays details on threads with a wait reason of WrResource Thread mexfeedback x Wrapper for x that adds some DML General mexfeedback xx (!x2) Replacement for !x General mexfeedback </pre> </p><br /> <br /><hr /><span style='color: Maroon'>[이 글에 대해서 여러분들과 의견을 공유하고 싶습니다. 틀리거나 미흡한 부분 또는 의문 사항이 있으시면 언제든 댓글 남겨주십시오.]</span> </div>
첨부파일
스팸 방지용 인증 번호
1266
(왼쪽의 숫자를 입력해야 합니다.)