Find address of static field in WinDbg w/ SOS

StackOverflow https://stackoverflow.com/questions/13016553

Question

I'm having trouble figuring out how to get to the address of a static .NET class member using WinDBG w/ SOS. Given an input program like this: 

namespace windg_static_test
{
    class StaticTest
    {
        public static bool static_bool_field = true;
        public void show_and_set()
        {
            while (static_bool_field)
            {
                Console.WriteLine("static_bool_field = " + static_bool_field + "\nEnter new value: ");
                static_bool_field = Console.ReadLine()[0] == '0' ? false : true;
            }
        }
    }

    class Program
    {
        static void Main(string[] args)
        {
            StaticTest st = new StaticTest();
            st.show_and_set();
        }
    }
}

I can find the EEClass using !name2ee, and I can view the values using !dumpclass w/ the name2ee value.

0:004> !dumpclass 1c12e0
Class Name:      windg_static_test.StaticTest
mdToken:         02000002
File:            C:\Develop\Projects\windg static test\bin\Release\windg static test.exe
Parent Class:    64f84920
Module:          001c2e94
Method Table:    001c3844
Vtable Slots:    4
Total Method Slots:  6
Class Attributes:    100000  
Transparency:        Critical
NumInstanceFields:   0
NumStaticFields:     1
      MT    Field   Offset                 Type VT     Attr    Value Name
65377208  4000001       1f       System.Boolean  1   static        1 static_bool_field

But I can't seem to figure out how to get the address that the value is actually stored at. How is this done, in general?

Thanks, Eglin

Was it helpful?

Solution 3

Poking around the disassembly allowed me to see the static values being picked up from the .data segment. I wasn't able to figure out how to formulate a general-purpose solution to get the correct location from the offset that !dumpclass/!dumpobj give you for value-types, but the indexes do work fine for static reference type members on the heap once you figure out the base pointer. I'm guessing I'd have to delve into the details of the PE format to get better information on how information is stored in the .data segments, although I'm not exactly sure where to start or if it's worth pursuing at this point.

Thanks for the help, everyone.

OTHER TIPS

SOS does not display the address of the field. Use !sosex.mdt instead. !sosex.mdt windbg_static_test.StaticTest.

SOS displays the address only if it is a reference type object. For int,bool it directly shows the value since they are value type

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top