Case, You get a Dump from a live proudction Server, (which has some performance problem for some real cusomters. ), at first you want to dump out all the requests that the server is handling.
Her is a how to tutorial.
#List all Requests
0:030> !DumpHeap -type System.Web.HttpRequest -short
026a0a78
026d6510
026da4dc
0676ea70
0a6dad80
0a6dd820
0a8044d0
0a805efc
0a808d88
0a810c04
0e72b648
0e76e80c
0e76f228
0e7707ec
0e7780bc
0e77ebb0 |
here , we get the Request address. let’s pick any of them. like 0e7810bc
!do 0e7810bc
# Dump the object WebRequest
0:030> !do 0e77ebb0
Name: System.Web.HttpRequest
MethodTable: 6614c58c
EEClass: 65f50b50
Size: 172(0xac) bytes
(C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll)
Fields:
MT Field Offset Type VT Attr Value Name
6614e9b8 4001079 4 ...HttpWorkerRequest 0 instance 0e77e3ec _wr
6614ab4c 400107a 8 ...m.Web.HttpContext 0 instance 0e77eaf0 _context
793308ec 400107b c System.String 0 instance 0e77e61c _httpMethod
66126cf0 400107c 98 System.Int32 1 instance 2 _httpVerb
793308ec 400107d 10 System.String 0 instance 00000000 _requestType
6614776c 400107e 14 ...m.Web.VirtualPath 0 instance 0e77f92c _path
793308ec 400107f 18 System.String 0 instance 00000000 _rewrittenUrl
793043b8 4001080 a0 System.Boolean 1 instance 0 _computePathInfo
6614776c 4001081 1c ...m.Web.VirtualPath 0 instance 0e77ed34 _filePath
6614776c 4001082 20 ...m.Web.VirtualPath 0 instance 00000000 _currentExecutionFilePath
6614776c 4001083 24 ...m.Web.VirtualPath 0 instance 00000000 _pathInfo
793308ec 4001084 28 System.String 0 instance 0e781028 _queryStringText
793043b8 4001085 a1 System.Boolean 1 instance 0 _queryStringOverriden
7933335c 4001086 2c System.Byte[] 0 instance 0e780e00 _queryStringBytes
793308ec 4001087 30 System.String 0 instance 0e77e670 _pathTranslated
793308ec 4001088 34 System.String 0 instance 00000000 _contentType
79332b38 4001089 9c System.Int32 1 instance -1 _contentLength
793308ec 400108a 38 System.String 0 instance 00000000 _clientTarget
793040bc 400108b 3c System.Object[] 0 instance 00000000 _acceptTypes
793040bc 400108c 40 System.Object[] 0 instance 00000000 _userLanguages
660fe570 400108d 44 ...owserCapabilities 0 instance 0a7f9178 _browsercaps
7a5ec77c 400108e 48 System.Uri 0 instance 0e7810bc _url
7a5ec77c 400108f 4c System.Uri 0 instance 00000000 _referrer
66153a28 4001090 50 ...b.HttpInputStream 0 instance 00000000 _inputStream
660fefa4 4001091 54 ...ClientCertificate 0 instance 00000000 _clientCertificate
79328f08 4001092 58 ...l.WindowsIdentity 0 instance 00000000 _logonUserIdentity
660fe224 4001093 5c ...tpValueCollection 0 instance 00000000 _params
660fe224 4001094 60 ...tpValueCollection 0 instance 0e780e10 _queryString
660fe224 4001095 64 ...tpValueCollection 0 instance 00000000 _form
66153264 4001096 68 ...pHeaderCollection 0 instance 00000000 _headers
660fe2f4 4001097 6c ...verVarsCollection 0 instance 00000000 _serverVariables
661519e4 4001098 70 ...pCookieCollection 0 instance 00000000 _cookies
66119620 4001099 74 ...ttpFileCollection 0 instance 00000000 _files
66153618 400109a 78 ...awUploadedContent 0 instance 00000000 _rawContent
793043b8 400109b a2 System.Boolean 1 instance 0 _readEntityBody
793040bc 400109c 7c System.Object[] 0 instance 00000000 _multipartContentElements
7933325c 400109d 80 System.Text.Encoding 0 instance 06698c34 _encoding
66113a6c 400109e 84 ...treamFilterSource 0 instance 00000000 _filterSource
7932e5e8 400109f 88 System.IO.Stream 0 instance 00000000 _installedFilter
6610b028 40010a0 a4 ...SimpleBitVector32 1 instance 0e77ec54 _flags
793308ec 40010a3 8c System.String 0 instance 00000000 _AnonymousId
6614776c 40010a4 90 ...m.Web.VirtualPath 0 instance 0e77ed34 _clientFilePath
6614776c 40010a5 94 ...m.Web.VirtualPath 0 instance 00000000 _clientBaseDir
79330508 40010a1 d8 System.Object 0 shared static s_browserLock
>> Domain:Value 000d5050:NotInit 000f8758:0a6c8f30 00157af8:0a6db934 <<
793043b8 40010a2 7e0 System.Boolean 1 shared static s_browserCapsEvaled
>> Domain:Value 000d5050:NotInit 000f8758:1 00157af8:1 << |
in this request 0e77ebb0 , the _Url in red above is not null. the Address of the Url is
0e7810bc , this space is stored as the base object address 0e77ebb0 +48 Offset.
when you run dd 0e77ebb0 +48 l 1
| 0:030> dd 0e77ebb0 +48 l 1
0e77ebf8 0e7810bc
So, we can get the address of the url by run the caculating the baseaddress of request plus the offset. |
then Inspect the Url object which is located in 0e7810bc
!do 0e7810bc
0:030> !do 0e7810bc
Name: System.Uri
MethodTable: 7a5ec77c
EEClass: 7a4554f8
Size: 40(0x28) bytes
(C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll)
Fields:
MT Field Offset Type VT Attr Value Name
793308ec 4001b52 c System.String 0 instance 0e781110 m_String
793308ec 4001b53 10 System.String 0 instance 00000000 m_originalUnicodeString
7a5ec934 4001b54 14 System.UriParser 0 instance 0669fc44 m_Syntax
793308ec 4001b55 18 System.String 0 instance 00000000 m_DnsSafeHost
7aa1303c 4001b56 4 System.UInt64 1 instance 37624152064 m_Flags
7a5ec9fc 4001b57 1c System.Uri+UriInfo 0 instance 0e78117c m_Info
793043b8 4001b58 20 System.Boolean 1 instance 0 m_iriParsing
793308ec 4001b47 644 System.String 0 shared static UriSchemeFile
>> Domain:Value 000d5050:NotInit 000f8758:0e6a1434 00157af8:0e6a1434 <<
793308ec 4001b48 648 System.String 0 shared static UriSchemeFtp
>> Domain:Value 000d5050:NotInit 000f8758:0e6a141c 00157af8:0e6a141c <<
793308ec 4001b49 64c System.String 0 shared static UriSchemeGopher
>> Domain:Value 000d5050:NotInit 000f8758:0e6a1450 00157af8:0e6a1450 <<
793308ec 4001b4a 650 System.String 0 shared static UriSchemeHttp
>> Domain:Value 000d5050:NotInit 000f8758:0e6a13e4 00157af8:0e6a13e4 <<
793308ec 4001b4b 654 System.String 0 shared static UriSchemeHttps
>> Domain:Value 000d5050:NotInit 000f8758:0e6a1400 00157af8:0e6a1400 << |
then dumpobject
0e781110 , which you can get this value from base address+C
| 0:030> !do 0e781110
Name: System.String
MethodTable: 793308ec
EEClass: 790ed64c
Size: 106(0x6a) bytes
(C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll)
String: http://localhost:88/WebSite/Default.aspx?q=1
Fields:
MT Field Offset Type VT Attr Value Name
79332b38 4000096 4 System.Int32 1 instance 45 m_arrayLength
79332b38 4000097 8 System.Int32 1 instance 44 m_stringLength
793315cc 4000098 c System.Char 1 instance 68 m_firstChar
793308ec 4000099 10 System.String 0 shared static Empty
>> Domain:Value 000d5050:0a6901d0 000f8758:0a6901d0 00157af8:0a6901d0 <<
7933151c 400009a 14 System.Char[] 0 shared static WhitespaceChars
>> Domain:Value 000d5050:0a690728 000f8758:0e690a0c 00157af8:02697aac <<
|
here we get url. whole process is get the addressof Request, then get the address of URL by inspecting the memory offset 48. Get the URl Address B. then inspect B+offset c, get the string value.
When can put all into a foreach command.
| 0:030> .foreach (req {!DumpHeap -type System.Web.HttpRequest -short}) { .foreach /pS 1 (a {dd ${req}+48 l 1}) {.echo ${a}; !do poi(${a}+c)} }
026d342c
Name: System.String
MethodTable: 793308ec
EEClass: 790ed64c
Size: 106(0x6a) bytes
(C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll)
String: http://localhost:88/WebSite/Default.aspx?q=1
Fields:
MT Field Offset Type VT Attr Value Name
79332b38 4000096 4 System.Int32 1 instance 45 m_arrayLength
79332b38 4000097 8 System.Int32 1 instance 44 m_stringLength
793315cc 4000098 c System.Char 1 instance 68 m_firstChar
793308ec 4000099 10 System.String 0 shared static Empty
>> Domain:Value 000d5050:0a6901d0 000f8758:0a6901d0 00157af8:0a6901d0 <<
7933151c 400009a 14 System.Char[] 0 shared static WhitespaceChars
>> Domain:Value 000d5050:0a690728 000f8758:0e690a0c 00157af8:02697aac <<
00000000
Invalid parameter poi(00000000+c)
026dc358
Name: System.String
MethodTable: 793308ec
EEClass: 790ed64c
Size: 106(0x6a) bytes
(C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll)
String: http://localhost:88/WebSite/Default.aspx?q=3
Fields:
MT Field Offset Type VT Attr Value Name
79332b38 4000096 4 System.Int32 1 instance 45 m_arrayLength
79332b38 4000097 8 System.Int32 1 instance 44 m_stringLength
793315cc 4000098 c System.Char 1 instance 68 m_firstChar
793308ec 4000099 10 System.String 0 shared static Empty
>> Domain:Value 000d5050:0a6901d0 000f8758:0a6901d0 00157af8:0a6901d0 <<
7933151c 400009a 14 System.Char[] 0 shared static WhitespaceChars
>> Domain:Value 000d5050:0a690728 000f8758:0e690a0c 00157af8:02697aac <<
067705a8
Name: System.String
MethodTable: 793308ec
EEClass: 790ed64c
Size: 98(0x62) bytes |
here we get all the ongoing request urls.
if you get errors like
00000000
Invalid parameter poi(00000000+c)
00000000
Invalid parameter poi(00000000+c)
00000000
Invalid parameter poi(00000000+c)
00000000
Invalid parameter poi(00000000+c)
that means the application itself never query the url of the request. by default the _Url is keeped as binary format in the IISworkrequest.
No comments:
Post a Comment