windbg - 콜 스택의 "Call Site" 오프셋 값이 가리키는 위치
보통 call stack을 k 명령어로 보게 됩니다.
0:079> k
# Child-SP RetAddr Call Site
00 00000068`1e34e0e0 00007ffa`1fba4ca5 clr!AwareLock::Contention+0x169
01 00000068`1e34e1c0 00007ff9`c0f8a6ed clr!JITutil_MonContention+0xc5
02 00000068`1e34e350 00007ff9`c0c3627b 0x00007ff9`c0f8a6ed
03 00000068`1e34e3b0 00007ff9`c0eb2b25 0x00007ff9`c0c3627b
06 00000068`1e34e490 00007ff9`c0ea8230 0x00007ff9`c0ea895d
...[생략]...
23 00000068`1e34f690 00007ffa`1fa07b8c clr!UnManagedPerAppDomainTPCount::DispatchWorkItem+0x1b6
24 00000068`1e34f730 00007ffa`1fa078b5 clr!ThreadpoolMgr::ExecuteWorkRequest+0x64
25 00000068`1e34f760 00007ffa`1fa2b03f clr!ThreadpoolMgr::WorkerThreadStart+0xf5
26 00000068`1e34f800 00007ffa`2b0f13d2 clr!Thread::intermediateThreadProc+0x86
27 00000068`1e34fbc0 00007ffa`2d8754e4 kernel32!BaseThreadInitThunk+0x22
28 00000068`1e34fbf0 00000000`00000000 ntdll!RtlUserThreadStart+0x34
출력을 보면 "clr!AwareLock::Contention+0x169" 이 나오는데 이 위치를 찾기 위해 u(nassemble) 명령어를 이렇게 내릴 수 있습니다.
0:079> u clr!AwareLock::Contention
clr!AwareLock::Contention:
00007ffa`1fba4dd4 55 push rbp
00007ffa`1fba4dd5 53 push rbx
00007ffa`1fba4dd6 56 push rsi
00007ffa`1fba4dd7 57 push rdi
00007ffa`1fba4dd8 4154 push r12
00007ffa`1fba4dda 4155 push r13
00007ffa`1fba4ddc 4156 push r14
00007ffa`1fba4dde 4157 push r15
시작 주소로 00007ffa`1fba4dd4 값을 얻었으니 이제 0x169 위치의 코드를 얻어낼 수 있습니다.
0:079> ? 00007ffa`1fba4dd4 + 0x169
Evaluate expression: 140712250855229 = 00007ffa`1fba4f3d
0:079> u clr!AwareLock::Contention L60
clr!AwareLock::Contention:
...[생략]...
00007ffa`1fba4f18 0f8f7efeffff jg clr!AwareLock::Contention+0x172 (00007ffa`1fba4d9c)
00007ffa`1fba4f1e 8b7d67 mov edi,dword ptr [rbp+67h]
00007ffa`1fba4f21 440faf35e7907900 imul r14d,dword ptr [clr!g_SpinConstants+0x8 (00007ffa`2033e010)]
00007ffa`1fba4f29 443b35dc907900 cmp r14d,dword ptr [clr!g_SpinConstants+0x4 (00007ffa`2033e00c)]
00007ffa`1fba4f30 729a jb clr!AwareLock::Contention+0x11b (00007ffa`1fba4ecc)
00007ffa`1fba4f32 eb01 jmp clr!AwareLock::Contention+0x1ec (00007ffa`1fba4f35)
00007ffa`1fba4f34 cc int 3
00007ffa`1fba4f35 448a756f mov r14b,byte ptr [rbp+6Fh]
00007ffa`1fba4f39 488d4dc7 lea rcx,[rbp-39h]
00007ffa`1fba4f3d e80203e6ff call clr!GCCoop::GCCoop (00007ffa`1fa05244)
00007ffa`1fba4f42 90 nop
...[생략]...
그런데, 뭔가 이상합니다. 그냥 ^^; 직감적으로 좀 이상합니다. 그래서 현재 레지스터 정보를 봤더니 RIP 값과 출력된 00007ffa`1fba4f3d의 값이 맞지 않을 뿐더러 출력된 명령어도 위의 위치와는 다른 00007ffa`1fba4f13 지점을 가리키고 있습니다.
0:079> r
rax=000000000000139f rbx=000000681af60ba0 rcx=0000000001029220
rdx=0000000000000000 rsi=000000000001f432 rdi=0000000000000000
rip=00007ffa1fba4f13 rsp=000000681e34e0e0 rbp=000000681e34e159
r8=0000000000000001 r9=0000000000000000 r10=00000000000f0456
r11=000000681af60ba0 r12=000000681af60b00 r13=00000000ffffffff
r14=0000000000050172 r15=0000006820185fa8
iopl=0 nv up ei pl nz ac po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000216
clr!AwareLock::Contention+0x169:
00007ffa`1fba4f13 ebf7 jmp clr!AwareLock::Contention+0x169 (00007ffa`1fba4f0c)
저도 정확히 해석은 안되지만 이런 경우 아마 컴파일러의 최적화로 인해 이런 식의 결과가 나온 듯합니다. 그래서 이럴 때는 "u" 명령어 보다는 함수 전체를 역어셈블 해주는 "uf" 명령어가 더 낫습니다. 그럼 다음과 같은 식으로 결과를 보여주고,
0:079> uf clr!AwareLock::Contention
clr!AwareLock::Contention+0x172:
00007ffa`1fba4d9c 418b07 mov eax,dword ptr [r15]
00007ffa`1fba4d9f a9feffffff test eax,0FFFFFFFEh
00007ffa`1fba4da4 0f8e53010000 jle clr!AwareLock::Contention+0x159 (00007ffa`1fba4efd) Branch
clr!AwareLock::Contention+0x17c:
00007ffa`1fba4daa f6059792790002 test byte ptr [clr!g_fHostConfig (00007ffa`2033e048)],2
00007ffa`1fba4db1 0f85df373000 jne clr!AwareLock::Contention+0x185 (00007ffa`1fea8596) Branch
clr!AwareLock::Contention+0x19c:
00007ffa`1fba4db7 488b3d9a937900 mov rdi,qword ptr [clr!CorHost2::m_HostTaskManager (00007ffa`2033e158)]
00007ffa`1fba4dbe 4885ff test rdi,rdi
00007ffa`1fba4dc1 0f85f4373000 jne clr!AwareLock::Contention+0x1a8 (00007ffa`1fea85bb) Branch
clr!AwareLock::Contention+0x1c1:
00007ffa`1fba4dc7 ff15f3685600 call qword ptr [clr!_imp_SwitchToThread (00007ffa`2010b6c0)]
00007ffa`1fba4dcd e92b010000 jmp clr!AwareLock::Contention+0x159 (00007ffa`1fba4efd) Branch
clr!AwareLock::Contention:
00007ffa`1fba4dd4 55 push rbp
00007ffa`1fba4dd5 53 push rbx
00007ffa`1fba4dd6 56 push rsi
00007ffa`1fba4dd7 57 push rdi
00007ffa`1fba4dd8 4154 push r12
00007ffa`1fba4dda 4155 push r13
00007ffa`1fba4ddc 4156 push r14
00007ffa`1fba4dde 4157 push r15
00007ffa`1fba4de0 488d6c24e1 lea rbp,[rsp-1Fh]
00007ffa`1fba4de5 4881ec98000000 sub rsp,98h
00007ffa`1fba4dec 48c745affeffffff mov qword ptr [rbp-51h],0FFFFFFFFFFFFFFFEh
00007ffa`1fba4df4 448bea mov r13d,edx
00007ffa`1fba4df7 4c8bf9 mov r15,rcx
00007ffa`1fba4dfa 33ff xor edi,edi
00007ffa`1fba4dfc 897d67 mov dword ptr [rbp+67h],edi
00007ffa`1fba4dff 83faff cmp edx,0FFFFFFFFh
00007ffa`1fba4e02 0f8521373000 jne clr!AwareLock::Contention+0x31 (00007ffa`1fea8529) Branch
clr!AwareLock::Contention+0x3c:
00007ffa`1fba4e08 4c8b05019b7900 mov r8,qword ptr [clr!PerfCounters::m_pPrivatePerf (00007ffa`2033e910)]
00007ffa`1fba4e0f 41ff8028010000 inc dword ptr [r8+128h]
00007ffa`1fba4e16 f7052093790000000100 test dword ptr [clr!Microsoft_Windows_DotNETRuntimeEnableBits (00007ffa`2033e140)],10000h
00007ffa`1fba4e20 0f8514373000 jne clr!AwareLock::Contention+0x56 (00007ffa`1fea853a) Branch
clr!AwareLock::Contention+0x6d:
00007ffa`1fba4e26 e875f0e5ff call clr!GetThread (00007ffa`1fa03ea0)
00007ffa`1fba4e2b 488945a7 mov qword ptr [rbp-59h],rax
00007ffa`1fba4e2f 418b5714 mov edx,dword ptr [r15+14h]
00007ffa`1fba4e33 0fbaf21f btr edx,1Fh
00007ffa`1fba4e37 4803d2 add rdx,rdx
00007ffa`1fba4e3a 488b0def947900 mov rcx,qword ptr [clr!g_pSyncTable (00007ffa`2033e330)]
00007ffa`1fba4e41 488b4cd108 mov rcx,qword ptr [rcx+rdx*8+8]
00007ffa`1fba4e46 48894d7f mov qword ptr [rbp+7Fh],rcx
00007ffa`1fba4e4a 4532e4 xor r12b,r12b
00007ffa`1fba4e4d 41b601 mov r14b,1
00007ffa`1fba4e50 4488756f mov byte ptr [rbp+6Fh],r14b
00007ffa`1fba4e54 f041ff4710 lock inc dword ptr [r15+10h]
00007ffa`1fba4e59 4533c9 xor r9d,r9d
00007ffa`1fba4e5c 458d4101 lea r8d,[r9+1]
00007ffa`1fba4e60 488d557f lea rdx,[rbp+7Fh]
00007ffa`1fba4e64 488d4dd7 lea rcx,[rbp-29h]
00007ffa`1fba4e68 e81b0ae6ff call clr!FrameWithCookie<GCFrame>::FrameWithCookie<GCFrame> (00007ffa`1fa05888)
00007ffa`1fba4e6d e82ef0e5ff call clr!GetThread (00007ffa`1fa03ea0)
00007ffa`1fba4e72 488bd8 mov rbx,rax
00007ffa`1fba4e75 488945b7 mov qword ptr [rbp-49h],rax
00007ffa`1fba4e79 4885c0 test rax,rax
00007ffa`1fba4e7c 0f84ec363000 je clr!AwareLock::Contention+0xf6 (00007ffa`1fea856e) Branch
clr!AwareLock::Contention+0xc5:
00007ffa`1fba4e82 8b480c mov ecx,dword ptr [rax+0Ch]
00007ffa`1fba4e85 894dbf mov dword ptr [rbp-41h],ecx
00007ffa`1fba4e88 85c9 test ecx,ecx
00007ffa`1fba4e8a 0f84d5363000 je clr!AwareLock::Contention+0xf0 (00007ffa`1fea8565) Branch
clr!AwareLock::Contention+0xcf:
00007ffa`1fba4e90 c7400c00000000 mov dword ptr [rax+0Ch],0
00007ffa`1fba4e97 488b45b7 mov rax,qword ptr [rbp-49h]
00007ffa`1fba4e9b 8b4808 mov ecx,dword ptr [rax+8]
00007ffa`1fba4e9e 488b5db7 mov rbx,qword ptr [rbp-49h]
00007ffa`1fba4ea2 f6c15f test cl,5Fh
00007ffa`1fba4ea5 0f85ad363000 jne clr!AwareLock::Contention+0xe6 (00007ffa`1fea8558) Branch
clr!AwareLock::Contention+0xfa:
00007ffa`1fba4eab 83657700 and dword ptr [rbp+77h],0
00007ffa`1fba4eaf 833d5e91790000 cmp dword ptr [clr!g_SpinConstants+0xc (00007ffa`2033e014)],0
00007ffa`1fba4eb6 0f8600010000 jbe clr!AwareLock::Contention+0x2be (00007ffa`1fba4fbc) Branch
clr!AwareLock::Contention+0x10b:
00007ffa`1fba4ebc 4584f6 test r14b,r14b
00007ffa`1fba4ebf 0f84f3000000 je clr!AwareLock::Contention+0x2ba (00007ffa`1fba4fb8) Branch
clr!AwareLock::Contention+0x114:
00007ffa`1fba4ec5 448b353c917900 mov r14d,dword ptr [clr!g_SpinConstants (00007ffa`2033e008)]
clr!AwareLock::Contention+0x11b:
00007ffa`1fba4ecc 33d2 xor edx,edx
00007ffa`1fba4ece 498bcf mov rcx,r15
00007ffa`1fba4ed1 e866feffff call clr!AwareLock::TryEnter (00007ffa`1fba4d3c)
00007ffa`1fba4ed6 85c0 test eax,eax
00007ffa`1fba4ed8 0f8545010000 jne clr!AwareLock::Contention+0x2b7 (00007ffa`1fba5023) Branch
clr!AwareLock::Contention+0x12d:
00007ffa`1fba4ede 833dd392790001 cmp dword ptr [clr!g_SystemInfo+0x20 (00007ffa`2033e1b8)],1
00007ffa`1fba4ee5 0f869e363000 jbe clr!AwareLock::Contention+0x1e3 (00007ffa`1fea8589) Branch
clr!AwareLock::Contention+0x13a:
00007ffa`1fba4eeb 4183fdff cmp r13d,0FFFFFFFFh
00007ffa`1fba4eef 0f8583363000 jne clr!AwareLock::Contention+0x140 (00007ffa`1fea8578) Branch
clr!AwareLock::Contention+0x151:
00007ffa`1fba4ef5 418bf6 mov esi,r14d
00007ffa`1fba4ef8 4585f6 test r14d,r14d
00007ffa`1fba4efb 7e24 jle clr!AwareLock::Contention+0x1cc (00007ffa`1fba4f21) Branch
clr!AwareLock::Contention+0x159:
00007ffa`1fba4efd b8204e0000 mov eax,4E20h
00007ffa`1fba4f02 3bf0 cmp esi,eax
00007ffa`1fba4f04 0f4cc6 cmovl eax,esi
00007ffa`1fba4f07 2bf0 sub esi,eax
00007ffa`1fba4f09 eb01 jmp clr!AwareLock::Contention+0x169 (00007ffa`1fba4f0c) Branch
clr!AwareLock::Contention+0x169:
00007ffa`1fba4f0c 83e801 sub eax,1
00007ffa`1fba4f0f 7405 je clr!AwareLock::Contention+0x16e (00007ffa`1fba4f16) Branch
clr!AwareLock::Contention+0x167:
00007ffa`1fba4f11 f390 pause
00007ffa`1fba4f13 ebf7 jmp clr!AwareLock::Contention+0x169 (00007ffa`1fba4f0c) Branch
clr!AwareLock::Contention+0x16e:
00007ffa`1fba4f16 85f6 test esi,esi
00007ffa`1fba4f18 0f8f7efeffff jg clr!AwareLock::Contention+0x172 (00007ffa`1fba4d9c) Branch
clr!AwareLock::Contention+0x1c9:
00007ffa`1fba4f1e 8b7d67 mov edi,dword ptr [rbp+67h]
clr!AwareLock::Contention+0x1cc:
00007ffa`1fba4f21 440faf35e7907900 imul r14d,dword ptr [clr!g_SpinConstants+0x8 (00007ffa`2033e010)]
00007ffa`1fba4f29 443b35dc907900 cmp r14d,dword ptr [clr!g_SpinConstants+0x4 (00007ffa`2033e00c)]
00007ffa`1fba4f30 729a jb clr!AwareLock::Contention+0x11b (00007ffa`1fba4ecc) Branch
clr!AwareLock::Contention+0x1e1:
00007ffa`1fba4f32 eb01 jmp clr!AwareLock::Contention+0x1ec (00007ffa`1fba4f35) Branch
clr!AwareLock::Contention+0x1ec:
00007ffa`1fba4f35 448a756f mov r14b,byte ptr [rbp+6Fh]
clr!AwareLock::Contention+0x1f0:
00007ffa`1fba4f39 488d4dc7 lea rcx,[rbp-39h]
00007ffa`1fba4f3d e80203e6ff call clr!GCCoop::GCCoop (00007ffa`1fa05244)
00007ffa`1fba4f42 90 nop
00007ffa`1fba4f43 33d2 xor edx,edx
00007ffa`1fba4f45 488b4da7 mov rcx,qword ptr [rbp-59h]
00007ffa`1fba4f49 e8b2cfffff call clr!Thread::HandleThreadAbort (00007ffa`1fba1f00)
00007ffa`1fba4f4e 90 nop
00007ffa`1fba4f4f 488b4dc7 mov rcx,qword ptr [rbp-39h]
00007ffa`1fba4f53 837dcf00 cmp dword ptr [rbp-31h],0
00007ffa`1fba4f57 8b410c mov eax,dword ptr [rcx+0Ch]
00007ffa`1fba4f5a 0f8578363000 jne clr!AwareLock::Contention+0x213 (00007ffa`1fea85d8) Branch
clr!AwareLock::Contention+0x233:
00007ffa`1fba4f60 85c0 test eax,eax
00007ffa`1fba4f62 7417 je clr!AwareLock::Contention+0x253 (00007ffa`1fba4f7b) Branch
clr!AwareLock::Contention+0x237:
00007ffa`1fba4f64 c7410c00000000 mov dword ptr [rcx+0Ch],0
00007ffa`1fba4f6b 488b45c7 mov rax,qword ptr [rbp-39h]
00007ffa`1fba4f6f 8b4808 mov ecx,dword ptr [rax+8]
00007ffa`1fba4f72 f6c15f test cl,5Fh
00007ffa`1fba4f75 0f8589363000 jne clr!AwareLock::Contention+0x24a (00007ffa`1fea8604) Branch
clr!AwareLock::Contention+0x253:
00007ffa`1fba4f7b f605c690790002 test byte ptr [clr!g_fHostConfig (00007ffa`2033e048)],2
00007ffa`1fba4f82 0f858c363000 jne clr!AwareLock::Contention+0x25c (00007ffa`1fea8614) Branch
clr!AwareLock::Contention+0x273:
00007ffa`1fba4f88 488b3dc9917900 mov rdi,qword ptr [clr!CorHost2::m_HostTaskManager (00007ffa`2033e158)]
00007ffa`1fba4f8f 4885ff test rdi,rdi
00007ffa`1fba4f92 0f85a1363000 jne clr!AwareLock::Contention+0x27f (00007ffa`1fea8639) Branch
clr!AwareLock::Contention+0x298:
00007ffa`1fba4f98 ff1522675600 call qword ptr [clr!_imp_SwitchToThread (00007ffa`2010b6c0)]
clr!AwareLock::Contention+0x29e:
00007ffa`1fba4f9e 8b7577 mov esi,dword ptr [rbp+77h]
00007ffa`1fba4fa1 ffc6 inc esi
00007ffa`1fba4fa3 897577 mov dword ptr [rbp+77h],esi
00007ffa`1fba4fa6 3b3568907900 cmp esi,dword ptr [clr!g_SpinConstants+0xc (00007ffa`2033e014)]
00007ffa`1fba4fac 8b7d67 mov edi,dword ptr [rbp+67h]
00007ffa`1fba4faf 0f8207ffffff jb clr!AwareLock::Contention+0x10b (00007ffa`1fba4ebc) Branch
clr!AwareLock::Contention+0x2b5:
00007ffa`1fba4fb5 eb01 jmp clr!AwareLock::Contention+0x2ba (00007ffa`1fba4fb8) Branch
clr!AwareLock::Contention+0x2ba:
00007ffa`1fba4fb8 488b5db7 mov rbx,qword ptr [rbp-49h]
clr!AwareLock::Contention+0x2be:
00007ffa`1fba4fbc 837dbf00 cmp dword ptr [rbp-41h],0
00007ffa`1fba4fc0 0f849e363000 je clr!AwareLock::Contention+0x2e7 (00007ffa`1fea8664) Branch
clr!AwareLock::Contention+0x2c4:
00007ffa`1fba4fc6 8b430c mov eax,dword ptr [rbx+0Ch]
00007ffa`1fba4fc9 85c0 test eax,eax
00007ffa`1fba4fcb 7515 jne clr!AwareLock::Contention+0x30f (00007ffa`1fba4fe2) Branch
clr!AwareLock::Contention+0x2cb:
00007ffa`1fba4fcd c7430c01000000 mov dword ptr [rbx+0Ch],1
00007ffa`1fba4fd4 8b05ee907900 mov eax,dword ptr [clr!g_TrapReturningThreads (00007ffa`2033e0c8)]
00007ffa`1fba4fda 85c0 test eax,eax
00007ffa`1fba4fdc 0f8574363000 jne clr!AwareLock::Contention+0x2dc (00007ffa`1fea8656) Branch
clr!AwareLock::Contention+0x30f:
00007ffa`1fba4fe2 488b4dff mov rcx,qword ptr [rbp-1]
00007ffa`1fba4fe6 488b45e7 mov rax,qword ptr [rbp-19h]
00007ffa`1fba4fea 48894110 mov qword ptr [rcx+10h],rax
00007ffa`1fba4fee f041ff4f10 lock dec dword ptr [r15+10h]
00007ffa`1fba4ff3 4584e4 test r12b,r12b
00007ffa`1fba4ff6 0f84a3363000 je clr!AwareLock::Contention+0x325 (00007ffa`1fea869f) Branch
clr!AwareLock::Contention+0x336:
00007ffa`1fba4ffc f7053a91790000000100 test dword ptr [clr!Microsoft_Windows_DotNETRuntimeEnableBits (00007ffa`2033e140)],10000h
00007ffa`1fba5006 0f85ae363000 jne clr!AwareLock::Contention+0x342 (00007ffa`1fea86ba) Branch
clr!AwareLock::Contention+0x359:
00007ffa`1fba500c 418ac4 mov al,r12b
00007ffa`1fba500f 4881c498000000 add rsp,98h
00007ffa`1fba5016 415f pop r15
00007ffa`1fba5018 415e pop r14
00007ffa`1fba501a 415d pop r13
00007ffa`1fba501c 415c pop r12
00007ffa`1fba501e 5f pop rdi
00007ffa`1fba501f 5e pop rsi
00007ffa`1fba5020 5b pop rbx
00007ffa`1fba5021 5d pop rbp
00007ffa`1fba5022 c3 ret
clr!AwareLock::Contention+0x2b7:
00007ffa`1fba5023 41b401 mov r12b,1
00007ffa`1fba5026 eb90 jmp clr!AwareLock::Contention+0x2ba (00007ffa`1fba4fb8) Branch
clr!AwareLock::Contention+0x31:
00007ffa`1fea8529 ff15712f2600 call qword ptr [clr!_imp_GetTickCount (00007ffa`2010b4a0)]
00007ffa`1fea852f 8bf8 mov edi,eax
00007ffa`1fea8531 894567 mov dword ptr [rbp+67h],eax
00007ffa`1fea8534 e9cfc8cfff jmp clr!AwareLock::Contention+0x3c (00007ffa`1fba4e08) Branch
clr!AwareLock::Contention+0x56:
00007ffa`1fea853a 440fb70d3ee74900 movzx r9d,word ptr [clr!g_nClrInstanceId (00007ffa`20346c80)]
00007ffa`1fea8542 4533c0 xor r8d,r8d
00007ffa`1fea8545 488d150cb82d00 lea rdx,[clr!ContentionStart_V1 (00007ffa`20183d58)]
00007ffa`1fea854c e8db17e6ff call clr!CoTemplate_ch (00007ffa`1fd09d2c)
00007ffa`1fea8551 90 nop
00007ffa`1fea8552 e9cfc8cfff jmp clr!AwareLock::Contention+0x6d (00007ffa`1fba4e26) Branch
clr!AwareLock::Contention+0xe6:
00007ffa`1fea8558 488bcb mov rcx,rbx
00007ffa`1fea855b e824a1cfff call clr!Thread::RareEnablePreemptiveGC (00007ffa`1fba2684)
00007ffa`1fea8560 e946c9cfff jmp clr!AwareLock::Contention+0xfa (00007ffa`1fba4eab) Branch
clr!AwareLock::Contention+0xf0:
00007ffa`1fea8565 488b5db7 mov rbx,qword ptr [rbp-49h]
00007ffa`1fea8569 e93dc9cfff jmp clr!AwareLock::Contention+0xfa (00007ffa`1fba4eab) Branch
clr!AwareLock::Contention+0xf6:
00007ffa`1fea856e 8365bf00 and dword ptr [rbp-41h],0
00007ffa`1fea8572 e934c9cfff jmp clr!AwareLock::Contention+0xfa (00007ffa`1fba4eab) Branch
clr!AwareLock::Contention+0x140:
00007ffa`1fea8578 ff15222f2600 call qword ptr [clr!_imp_GetTickCount (00007ffa`2010b4a0)]
00007ffa`1fea857e 2bc7 sub eax,edi
00007ffa`1fea8580 413bc5 cmp eax,r13d
00007ffa`1fea8583 0f826cc9cfff jb clr!AwareLock::Contention+0x151 (00007ffa`1fba4ef5) Branch
clr!AwareLock::Contention+0x1e3:
00007ffa`1fea8589 4532f6 xor r14b,r14b
00007ffa`1fea858c 4488756f mov byte ptr [rbp+6Fh],r14b
00007ffa`1fea8590 e9a4c9cfff jmp clr!AwareLock::Contention+0x1f0 (00007ffa`1fba4f39) Branch
clr!AwareLock::Contention+0x185:
00007ffa`1fea8596 e805b9b5ff call clr!GetThread (00007ffa`1fa03ea0)
00007ffa`1fea859b 4885c0 test rax,rax
00007ffa`1fea859e 0f8413c8cfff je clr!AwareLock::Contention+0x19c (00007ffa`1fba4db7) Branch
clr!AwareLock::Contention+0x18f:
00007ffa`1fea85a4 8b4808 mov ecx,dword ptr [rax+8]
00007ffa`1fea85a7 f6c140 test cl,40h
00007ffa`1fea85aa 0f8407c8cfff je clr!AwareLock::Contention+0x19c (00007ffa`1fba4db7) Branch
clr!AwareLock::Contention+0x197:
00007ffa`1fea85b0 f0836008bf lock and dword ptr [rax+8],0FFFFFFBFh
00007ffa`1fea85b5 e9fdc7cfff jmp clr!AwareLock::Contention+0x19c (00007ffa`1fba4db7) Branch
clr!AwareLock::Contention+0x1a8:
00007ffa`1fea85bb 488b07 mov rax,qword ptr [rdi]
00007ffa`1fea85be 488b5830 mov rbx,qword ptr [rax+30h]
00007ffa`1fea85c2 488bcb mov rcx,rbx
00007ffa`1fea85c5 ff150d3b2600 call qword ptr [clr!_guard_check_icall_fptr (00007ffa`2010c0d8)]
00007ffa`1fea85cb 33d2 xor edx,edx
00007ffa`1fea85cd 488bcf mov rcx,rdi
00007ffa`1fea85d0 ffd3 call rbx
00007ffa`1fea85d2 e926c9cfff jmp clr!AwareLock::Contention+0x159 (00007ffa`1fba4efd) Branch
clr!AwareLock::Contention+0x213:
00007ffa`1fea85d8 85c0 test eax,eax
00007ffa`1fea85da 0f859bc9cfff jne clr!AwareLock::Contention+0x253 (00007ffa`1fba4f7b) Branch
clr!AwareLock::Contention+0x217:
00007ffa`1fea85e0 c7410c01000000 mov dword ptr [rcx+0Ch],1
00007ffa`1fea85e7 8b05db5a4900 mov eax,dword ptr [clr!g_TrapReturningThreads (00007ffa`2033e0c8)]
00007ffa`1fea85ed 85c0 test eax,eax
00007ffa`1fea85ef 0f8486c9cfff je clr!AwareLock::Contention+0x253 (00007ffa`1fba4f7b) Branch
clr!AwareLock::Contention+0x228:
00007ffa`1fea85f5 488b4dc7 mov rcx,qword ptr [rbp-39h]
00007ffa`1fea85f9 e8d2ffb9ff call clr!Thread::RareDisablePreemptiveGC (00007ffa`1fa485d0)
00007ffa`1fea85fe e978c9cfff jmp clr!AwareLock::Contention+0x253 (00007ffa`1fba4f7b) Branch
clr!AwareLock::Contention+0x24a:
00007ffa`1fea8604 488b4dc7 mov rcx,qword ptr [rbp-39h]
00007ffa`1fea8608 e877a0cfff call clr!Thread::RareEnablePreemptiveGC (00007ffa`1fba2684)
00007ffa`1fea860d 90 nop
00007ffa`1fea860e e968c9cfff jmp clr!AwareLock::Contention+0x253 (00007ffa`1fba4f7b) Branch
clr!AwareLock::Contention+0x25c:
00007ffa`1fea8614 e887b8b5ff call clr!GetThread (00007ffa`1fa03ea0)
00007ffa`1fea8619 4885c0 test rax,rax
00007ffa`1fea861c 0f8466c9cfff je clr!AwareLock::Contention+0x273 (00007ffa`1fba4f88) Branch
clr!AwareLock::Contention+0x266:
00007ffa`1fea8622 8b4808 mov ecx,dword ptr [rax+8]
00007ffa`1fea8625 f6c140 test cl,40h
00007ffa`1fea8628 0f845ac9cfff je clr!AwareLock::Contention+0x273 (00007ffa`1fba4f88) Branch
clr!AwareLock::Contention+0x26e:
00007ffa`1fea862e f0836008bf lock and dword ptr [rax+8],0FFFFFFBFh
00007ffa`1fea8633 e950c9cfff jmp clr!AwareLock::Contention+0x273 (00007ffa`1fba4f88) Branch
clr!AwareLock::Contention+0x27f:
00007ffa`1fea8639 488b07 mov rax,qword ptr [rdi]
00007ffa`1fea863c 488b5830 mov rbx,qword ptr [rax+30h]
00007ffa`1fea8640 488bcb mov rcx,rbx
00007ffa`1fea8643 ff158f3a2600 call qword ptr [clr!_guard_check_icall_fptr (00007ffa`2010c0d8)]
00007ffa`1fea8649 33d2 xor edx,edx
00007ffa`1fea864b 488bcf mov rcx,rdi
00007ffa`1fea864e ffd3 call rbx
00007ffa`1fea8650 e949c9cfff jmp clr!AwareLock::Contention+0x29e (00007ffa`1fba4f9e) Branch
clr!AwareLock::Contention+0x2dc:
00007ffa`1fea8656 488b4db7 mov rcx,qword ptr [rbp-49h]
00007ffa`1fea865a e871ffb9ff call clr!Thread::RareDisablePreemptiveGC (00007ffa`1fa485d0)
00007ffa`1fea865f e97ec9cfff jmp clr!AwareLock::Contention+0x30f (00007ffa`1fba4fe2) Branch
clr!AwareLock::Contention+0x2e7:
00007ffa`1fea8664 4885db test rbx,rbx
00007ffa`1fea8667 0f8475c9cfff je clr!AwareLock::Contention+0x30f (00007ffa`1fba4fe2) Branch
clr!AwareLock::Contention+0x2ec:
00007ffa`1fea866d 8b430c mov eax,dword ptr [rbx+0Ch]
00007ffa`1fea8670 85c0 test eax,eax
00007ffa`1fea8672 0f846ac9cfff je clr!AwareLock::Contention+0x30f (00007ffa`1fba4fe2) Branch
clr!AwareLock::Contention+0x2f3:
00007ffa`1fea8678 c7430c00000000 mov dword ptr [rbx+0Ch],0
00007ffa`1fea867f 488b45b7 mov rax,qword ptr [rbp-49h]
00007ffa`1fea8683 8b4808 mov ecx,dword ptr [rax+8]
00007ffa`1fea8686 f6c15f test cl,5Fh
00007ffa`1fea8689 0f8453c9cfff je clr!AwareLock::Contention+0x30f (00007ffa`1fba4fe2) Branch
clr!AwareLock::Contention+0x306:
00007ffa`1fea868f 488b4db7 mov rcx,qword ptr [rbp-49h]
00007ffa`1fea8693 e8ec9fcfff call clr!Thread::RareEnablePreemptiveGC (00007ffa`1fba2684)
00007ffa`1fea8698 90 nop
00007ffa`1fea8699 e944c9cfff jmp clr!AwareLock::Contention+0x30f (00007ffa`1fba4fe2) Branch
clr!AwareLock::Contention+0x325:
00007ffa`1fea869f 4183fdff cmp r13d,0FFFFFFFFh
00007ffa`1fea86a3 0f8553c9cfff jne clr!AwareLock::Contention+0x336 (00007ffa`1fba4ffc) Branch
clr!AwareLock::Contention+0x32b:
00007ffa`1fea86a9 498bcf mov rcx,r15
00007ffa`1fea86ac e80396cfff call clr!AwareLock::Enter (00007ffa`1fba1cb4)
00007ffa`1fea86b1 41b401 mov r12b,1
00007ffa`1fea86b4 e943c9cfff jmp clr!AwareLock::Contention+0x336 (00007ffa`1fba4ffc) Branch
clr!AwareLock::Contention+0x342:
00007ffa`1fea86ba 440fb70dbee54900 movzx r9d,word ptr [clr!g_nClrInstanceId (00007ffa`20346c80)]
00007ffa`1fea86c2 4533c0 xor r8d,r8d
00007ffa`1fea86c5 488d15fcb52d00 lea rdx,[clr!ContentionStop (00007ffa`20183cc8)]
00007ffa`1fea86cc e85b16e6ff call clr!CoTemplate_ch (00007ffa`1fd09d2c)
00007ffa`1fea86d1 90 nop
00007ffa`1fea86d2 e935c9cfff jmp clr!AwareLock::Contention+0x359 (00007ffa`1fba500c) Branch
그럼 분할된 구간을 통해 함수의 프롤로그와,
clr!AwareLock::Contention:
00007ffa`1fba4dd4 55 push rbp
00007ffa`1fba4dd5 53 push rbx
00007ffa`1fba4dd6 56 push rsi
00007ffa`1fba4dd7 57 push rdi
00007ffa`1fba4dd8 4154 push r12
00007ffa`1fba4dda 4155 push r13
00007ffa`1fba4ddc 4156 push r14
00007ffa`1fba4dde 4157 push r15
00007ffa`1fba4de0 488d6c24e1 lea rbp,[rsp-1Fh]
00007ffa`1fba4de5 4881ec98000000 sub rsp,98h
00007ffa`1fba4dec 48c745affeffffff mov qword ptr [rbp-51h],0FFFFFFFFFFFFFFFEh
00007ffa`1fba4df4 448bea mov r13d,edx
00007ffa`1fba4df7 4c8bf9 mov r15,rcx
00007ffa`1fba4dfa 33ff xor edi,edi
00007ffa`1fba4dfc 897d67 mov dword ptr [rbp+67h],edi
00007ffa`1fba4dff 83faff cmp edx,0FFFFFFFFh
00007ffa`1fba4e02 0f8521373000 jne clr!AwareLock::Contention+0x31 (00007ffa`1fea8529) Branch
에필로그도 찾을 수 있고,
clr!AwareLock::Contention+0x359:
00007ffa`1fba500c 418ac4 mov al,r12b
00007ffa`1fba500f 4881c498000000 add rsp,98h
00007ffa`1fba5016 415f pop r15
00007ffa`1fba5018 415e pop r14
00007ffa`1fba501a 415d pop r13
00007ffa`1fba501c 415c pop r12
00007ffa`1fba501e 5f pop rdi
00007ffa`1fba501f 5e pop rsi
00007ffa`1fba5020 5b pop rbx
00007ffa`1fba5021 5d pop rbp
00007ffa`1fba5022 c3 ret
우리가 찾으려 했던 clr!AwareLock::Contention+0x169 오프셋 위치도 정확히 볼 수 있습니다.
clr!AwareLock::Contention+0x169:
00007ffa`1fba4f0c 83e801 sub eax,1
00007ffa`1fba4f0f 7405 je clr!AwareLock::Contention+0x16e (00007ffa`1fba4f16) Branch
물론, 모든 함수가 이런 식으로 복잡하게 찢어져 있는 것은 아닙니다. 일례로 이 글의 처음에 나왔던 콜 스택에서 clr!AwareLock::Contention 함수를 호출한 clr!JITutil_MonContention의 경우,
0:079> k
# Child-SP RetAddr Call Site
00 00000068`1e34e0e0 00007ffa`1fba4ca5 clr!AwareLock::Contention+0x169
01 00000068`1e34e1c0 00007ff9`c0f8a6ed clr!JITutil_MonContention+0xc5
...[생략]...
u 명령어로도 (uf와는 약간 다르지만) 함수 결과가 잘 나오기 때문에 0xc5 위치를 얻을 수 있습니다. 그래도 테스트 해볼까요? ^^
우선 u 명령어로 시작 주소를 확인하고,
0:079> u clr!JITutil_MonContention
clr!JITutil_MonContention:
00007ffa`1fba4be0 488bc4 mov rax,rsp
00007ffa`1fba4be3 48895010 mov qword ptr [rax+10h],rdx
00007ffa`1fba4be7 48894808 mov qword ptr [rax+8],rcx
00007ffa`1fba4beb 56 push rsi
00007ffa`1fba4bec 57 push rdi
00007ffa`1fba4bed 4156 push r14
00007ffa`1fba4bef 4881ec70010000 sub rsp,170h
00007ffa`1fba4bf6 48c7442448feffffff mov qword ptr [rsp+48h],0FFFFFFFFFFFFFFFEh
이 값을 Call Site에 출력된 0xc5 오프셋과 합치면,
0:079> ? 00007ffa`1fba4be0 + 0xc5
Evaluate expression: 140712250854565 = 00007ffa`1fba4ca5
k 출력 결과에서 clr!AwareLock::Contention의 "RetAddr"로 보였던 값과 일치합니다.
0:079> k
# Child-SP RetAddr Call Site
00 00000068`1e34e0e0 00007ffa`1fba4ca5 clr!AwareLock::Contention+0x169
01 00000068`1e34e1c0 00007ff9`c0f8a6ed clr!JITutil_MonContention+0xc5
...[생략]...
또한 u 명령어로 확인을 해도,
0:079> u clr!JITutil_MonContention L4c
clr!JITutil_MonContention:
00007ffa`1fba4be0 488bc4 mov rax,rsp
00007ffa`1fba4be3 48895010 mov qword ptr [rax+10h],rdx
00007ffa`1fba4be7 48894808 mov qword ptr [rax+8],rcx
00007ffa`1fba4beb 56 push rsi
00007ffa`1fba4bec 57 push rdi
00007ffa`1fba4bed 4156 push r14
00007ffa`1fba4bef 4881ec70010000 sub rsp,170h
00007ffa`1fba4bf6 48c7442448feffffff mov qword ptr [rsp+48h],0FFFFFFFFFFFFFFFEh
00007ffa`1fba4bff 48895818 mov qword ptr [rax+18h],rbx
00007ffa`1fba4c03 488bf9 mov rdi,rcx
00007ffa`1fba4c06 488d1da3dae5ff lea rbx,[clr!JIT_MonEnter (00007ffa`1fa026b0)]
00007ffa`1fba4c0d 48895c2428 mov qword ptr [rsp+28h],rbx
00007ffa`1fba4c12 488d05971c5700 lea rax,[clr!HelperMethodFrame::`vftable' (00007ffa`201168b0)]
00007ffa`1fba4c19 4889842498000000 mov qword ptr [rsp+98h],rax
00007ffa`1fba4c21 c78424b000000020000000 mov dword ptr [rsp+0B0h],20h
00007ffa`1fba4c2c 48899c24c0000000 mov qword ptr [rsp+0C0h],rbx
00007ffa`1fba4c34 488d8c24c8000000 lea rcx,[rsp+0C8h]
00007ffa`1fba4c3c e84f01e6ff call clr!LazyMachStateCaptureState (00007ffa`1fa04d90)
00007ffa`1fba4c41 488d8c2498000000 lea rcx,[rsp+98h]
00007ffa`1fba4c49 e88201e6ff call clr!HelperMethodFrame::Push (00007ffa`1fa04dd0)
00007ffa`1fba4c4e 488b8c24b8000000 mov rcx,qword ptr [rsp+0B8h]
00007ffa`1fba4c56 33f6 xor esi,esi
00007ffa`1fba4c58 4532f6 xor r14b,r14b
00007ffa`1fba4c5b 8a05cf937900 mov al,byte ptr [clr!g_StackProbingEnabled (00007ffa`2033e030)]
00007ffa`1fba4c61 84c0 test al,al
00007ffa`1fba4c63 741a je clr!JITutil_MonContention+0x9f (00007ffa`1fba4c7f)
00007ffa`1fba4c65 e856511600 call clr!DefaultRetailStackProbeWorker (00007ffa`1fd09dc0)
00007ffa`1fba4c6a 8a05c0937900 mov al,byte ptr [clr!g_StackProbingEnabled (00007ffa`2033e030)]
00007ffa`1fba4c70 84c0 test al,al
00007ffa`1fba4c72 740b je clr!JITutil_MonContention+0x9f (00007ffa`1fba4c7f)
00007ffa`1fba4c74 488d4c2438 lea rcx,[rsp+38h]
00007ffa`1fba4c79 e8e6671600 call clr!SOIntolerantTransitionHandler::CtorImpl (00007ffa`1fd0b464)
00007ffa`1fba4c7e 90 nop
00007ffa`1fba4c7f 41b901000000 mov r9d,1
00007ffa`1fba4c85 458bc1 mov r8d,r9d
00007ffa`1fba4c88 488d942498010000 lea rdx,[rsp+198h]
00007ffa`1fba4c90 488d4c2458 lea rcx,[rsp+58h]
00007ffa`1fba4c95 e8ee0be6ff call clr!FrameWithCookie<GCFrame>::FrameWithCookie<GCFrame> (00007ffa`1fa05888)
00007ffa`1fba4c9a 83caff or edx,0FFFFFFFFh
00007ffa`1fba4c9d 488bcf mov rcx,rdi
00007ffa`1fba4ca0 e82f010000 call clr!AwareLock::Contention (00007ffa`1fba4dd4)
00007ffa`1fba4ca5 488b842498010000 mov rax,qword ptr [rsp+198h]
00007ffa`1fba4cad 4885c0 test rax,rax
00007ffa`1fba4cb0 7403 je clr!JITutil_MonContention+0xd5 (00007ffa`1fba4cb5)
00007ffa`1fba4cb2 c60001 mov byte ptr [rax],1
00007ffa`1fba4cb5 488b8c2480000000 mov rcx,qword ptr [rsp+80h]
00007ffa`1fba4cbd 488b442468 mov rax,qword ptr [rsp+68h]
00007ffa`1fba4cc2 48894110 mov qword ptr [rcx+10h],rax
00007ffa`1fba4cc6 c644243800 mov byte ptr [rsp+38h],0
00007ffa`1fba4ccb 803d5e93790000 cmp byte ptr [clr!g_StackProbingEnabled (00007ffa`2033e030)],0
00007ffa`1fba4cd2 740b je clr!JITutil_MonContention+0xff (00007ffa`1fba4cdf)
00007ffa`1fba4cd4 488d4c2438 lea rcx,[rsp+38h]
00007ffa`1fba4cd9 e8be671600 call clr!SOIntolerantTransitionHandler::DtorImpl (00007ffa`1fd0b49c)
00007ffa`1fba4cde 90 nop
00007ffa`1fba4cdf eb17 jmp clr!JITutil_MonContention+0x118 (00007ffa`1fba4cf8)
00007ffa`1fba4ce1 488bbc2490010000 mov rdi,qword ptr [rsp+190h]
00007ffa`1fba4ce9 488b5c2428 mov rbx,qword ptr [rsp+28h]
00007ffa`1fba4cee 488b742430 mov rsi,qword ptr [rsp+30h]
00007ffa`1fba4cf3 448a742420 mov r14b,byte ptr [rsp+20h]
00007ffa`1fba4cf8 4584f6 test r14b,r14b
00007ffa`1fba4cfb 7409 je clr!JITutil_MonContention+0x126 (00007ffa`1fba4d06)
00007ffa`1fba4cfd 488bd6 mov rdx,rsi
00007ffa`1fba4d00 e8bf0a2a00 call clr!UnwindAndContinueRethrowHelperAfterCatch (00007ffa`1fe457c4)
00007ffa`1fba4d05 cc int 3
00007ffa`1fba4d06 488d8c2498000000 lea rcx,[rsp+98h]
00007ffa`1fba4d0e e8f900e6ff call clr!HelperMethodFrame::Pop (00007ffa`1fa04e0c)
00007ffa`1fba4d13 488d8c24c8000000 lea rcx,[rsp+0C8h]
00007ffa`1fba4d1b e8e0f4e5ff call clr!HelperMethodFrameRestoreState (00007ffa`1fa04200)
00007ffa`1fba4d20 85c0 test eax,eax
00007ffa`1fba4d22 0f85eafeffff jne clr!JITutil_MonContention+0x32 (00007ffa`1fba4c12)
00007ffa`1fba4d28 488b9c24a0010000 mov rbx,qword ptr [rsp+1A0h]
00007ffa`1fba4d30 4881c470010000 add rsp,170h
00007ffa`1fba4d37 415e pop r14
00007ffa`1fba4d39 5f pop rdi
00007ffa`1fba4d3a 5e pop rsi
00007ffa`1fba4d3b c3 ret
00007ffa`1fba4ca5 위치의 명령어 바로 위에서 clr!AwareLock::Contention 함수 호출이 있는 것을 확인할 수 있습니다.
00007ffa`1fba4c9a 83caff or edx,0FFFFFFFFh
00007ffa`1fba4c9d 488bcf mov rcx,rdi
00007ffa`1fba4ca0 e82f010000 call clr!AwareLock::Contention (00007ffa`1fba4dd4)
00007ffa`1fba4ca5 488b842498010000 mov rax,qword ptr [rsp+198h]
기타...
Windbg - 비정상 종료된 닷넷 프로그램의 StackTrace에서 보여지는 offset 값 의미
; https://www.sysnet.pe.kr/2/0/1095
windbg - 분석 예: 시작하자마자 비정상 종료하는 프로세스 - NullReferenceException
; https://www.sysnet.pe.kr/2/0/996
Visual Studio의 .NET Disassembly 창의 call 호출에 사용되는 주소의 의미는?
; https://www.sysnet.pe.kr/2/0/1019
[이 글에 대해서 여러분들과 의견을 공유하고 싶습니다. 틀리거나 미흡한 부분 또는 의문 사항이 있으시면 언제든 댓글 남겨주십시오.]