Reflector!! Windows debugging

Managed Callstack 에서 보면, 단지 !u를 통해 얻어낸 assembly code만으로 코드를 이해하는 것은 쉽지 않은 일입니다. .NET은 reflection의 기능을 제공하기 때문에 Code를 역으로 generation할 수 있는 데, Reflector(-http://www.aisto.com/roeder/dotnet/ )라는 Tool은 상당히 유용한 Tool입니다.

0:000> !dumpstack -EE
OS Thread Id: 0x754 (0)
Current frame:
ChildEBP RetAddr  Caller,Callee
. . .

 
0012f044 039003b9 (MethodDesc 0x8c64a8 +0x51 FCallTest.A.Foo(System.String, Int32, Int32, Int32))
0012f064 03900319 (MethodDesc 0x8c5928 +0x49 FCallTest.Form1.button1_Click(System.Object, System.EventArgs))

. . .
 
0:000> !dumpmd 0x8c64a8
Method Name: FCallTest.A.Foo(System.String, Int32, Int32, Int32)
Class: 03a50688
MethodTable:
008c64c0
mdToken: 06000009
Module: 008c2c14
IsJitted: yes
m_CodeOrIL: 03900368


0:000> !dumpmt 008c64c0
EEClass: 03a50688
Module: 008c2c14
Name: FCallTest.A
mdToken: 02000004  (C:FCallTest.exe)
BaseSize: 0xc
ComponentSize: 0x0
Number of IFaces in IFaceMap: 0
Slots in VTable: 7

 
0:000> lm
start    end        module name
00400000 00408000   FCallTest   (deferred)            
00a00000 00c46000   shell32    (deferred)

. . .

!SaveModule 00400000 c:FCallTest2.exe

하여, 얻어진 FCallTest2.exe를 reflector를 통해서 확인해보면 Code generation된 정보를 얻을 수 있습니다.

internal void Foo(string s, int param1, int param2, int param3)
{
  string text1 = s.ToString();
  int num1 = param1;
  int num2 = param2;
  int num3 = param3;
  MessageBox.Show(text1);
}


아래의 assembly code와 같이 Check해 본다면, Debugging시 상당히 도움이 될 것입니다.

0:000> !u 0x8c64a8
Normal JIT generated code
FCallTest.A.Foo(System.String, Int32, Int32, Int32)
Begin 03900368, size 5d
03900368 57              push    edi
03900369 56              push    esi
0390036a 53              push    ebx
0390036b 55              push    ebp
0390036c 83ec0c          sub     esp,0Ch
0390036f 890c24          mov     dword ptr [esp],ecx
03900372 8bda            mov     ebx,edx
03900374 833dc82d8c0000  cmp     dword ptr ds:[8C2DC8h],0
0390037b 7405            je      FCallTest!FCallTest.A.Foo(System.String, Int32, Int32, Int32)+0x1a (03900382)
0390037d e87c1f7976      call    mscorwks!JIT_DbgIsJustMyCode (7a0922fe)
03900382 33ff            xor     edi,edi
03900384 33d2            xor     edx,edx
03900386 89542404        mov     dword ptr [esp+4],edx
0390038a 33d2            xor     edx,edx
0390038c 89542408        mov     dword ptr [esp+8],edx
03900390 33ed            xor     ebp,ebp
03900392 90              nop
03900393 8bcb            mov     ecx,ebx
03900395 8b01            mov     eax,dword ptr [ecx]
03900397 ff5028          call    dword ptr [eax+28h]
0390039a 8bf0            mov     esi,eax
0390039c 8bfe            mov     edi,esi
0390039e 8b442428        mov     eax,dword ptr [esp+28h]
039003a2 89442404        mov     dword ptr [esp+4],eax
039003a6 8b442424        mov     eax,dword ptr [esp+24h]
039003aa 89442408        mov     dword ptr [esp+8],eax
039003ae 8b6c2420        mov     ebp,dword ptr [esp+20h]
039003b2 8bcf            mov     ecx,edi
039003b4 e8cfe89677      call    System_Windows_Forms_ni!System.Windows.Forms.MessageBox.Show(System.String) (7b26ec88)
039003b9 90              nop
039003ba 90              nop
039003bb 83c40c          add     esp,0Ch
039003be 5d              pop     ebp
039003bf 5b              pop     ebx
039003c0 5e              pop     esi
039003c1 5f              pop     edi
039003c2 c20c00          ret     0Ch

덧글

댓글 입력 영역