前段时间有位朋友问我,如何从 dump 中提取出哪些和机器相关的信息?比如:机器内存大小,cpu核数,机器名,机器的环境变量 等等。
那如何提取到里面的信息呢?当然我也没说全部可以提取的到。。。这里就拿自己的机器举例吧:.
1. 如何提取 cpu 核数
windbg 中有一个 !cpuid 命令,可以提取出cpu的相关信息。
0:006> !cpuid
CP F/M/S Manufacturer MHz
0 6,5,2 GenuineIntel 2592
1 6,5,2 GenuineIntel 2592
2 6,5,2 GenuineIntel 2592
3 6,5,2 GenuineIntel 2592
4 6,5,2 GenuineIntel 2592
5 6,5,2 GenuineIntel 2592
6 6,5,2 GenuineIntel 2592
7 6,5,2 GenuineIntel 2592
8 6,5,2 GenuineIntel 2592
9 6,5,2 GenuineIntel 2592
10 6,5,2 GenuineIntel 2592
11 6,5,2 GenuineIntel 2592
可以看出,当前cpu为12核,厂家为intel,兆赫=2592。
2. 如何提取机器名
windbg中有一个命令叫 !envvar ,可用于获取指定的环境变量,比如这里的 COMPUTERNAME 啦。
0:006> !envvar COMPUTERNAME
COMPUTERNAME = SD-20210607OIBM
3. 如何提取机器环境变量
从上面的 !envvar 用法中你应该能感触到,既然能提取环境变量,那能不能获取到所有的环境变量呢?当然可以了哈。用 !peb,也就是 Process Environment Block。
0:006> !peb
PEB at 002af000
InheritedAddressSpace: No
ReadImageFileExecOptions: No
BeingDebugged: Yes
ImageBaseAddress: 00400000
NtGlobalFlag: 4070
NtGlobalFlag2: 0
Ldr 77975d80
Ldr.Initialized: Yes
Ldr.InInitializationOrderModuleList: 006e4f68 . 0075e630
Ldr.InLoadOrderModuleList: 006e5060 . 0075bae8
Ldr.InMemoryOrderModuleList: 006e5068 . 0075baf0
Base TimeStamp Module
400000 D:\net5\ConsoleApp4\ConsoleApp1\bin\Debug\ConsoleApp1.exe
77850000 5f641e44 Sep 18 10:41:08 2020 C:\Windows\SYSTEM32\ntdll.dll
7c570000 C:\Windows\SYSTEM32\MSCOREE.DLL
75ac0000 C:\Windows\System32\KERNEL32.dll
76900000 197b16c5 Jul 20 05:12:37 1983 C:\Windows\System32\KERNELBASE.dll
76880000 C:\Windows\System32\ADVAPI32.dll
75740000 7f567a50 Sep 12 21:10:40 2037 C:\Windows\System32\msvcrt.dll
76170000 56a91365 Jan 28 02:58:45 2016 C:\Windows\System32\sechost.dll
76c20000 C:\Windows\System32\RPCRT4.dll
7c5d0000 5e7d1df2 Mar 27 05:26:10 2020 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
758a0000 C:\Windows\System32\SHLWAPI.dll
76490000 3d49eb55 Aug 02 10:15:49 2002 C:\Windows\System32\kernel.appcore.dll
74b60000 C:\Windows\SYSTEM32\VERSION.dll
79a40000 5f7e61bb Oct 08 08:47:55 2020 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
76650000 1e757656 Mar 12 20:28:06 1986 C:\Windows\System32\USER32.dll
764d0000 55cf9768 Aug 16 03:47:52 2015 C:\Windows\System32\win32u.dll
75480000 1baae673 Sep 16 20:15:47 1984 C:\Windows\System32\GDI32.dll
764f0000 C:\Windows\System32\gdi32full.dll
7a210000 5bac17e1 Sep 27 07:36:01 2018 C:\Windows\SYSTEM32\ucrtbase_clr0400.dll
7a1f0000 5bac17e5 Sep 27 07:36:05 2018 C:\Windows\SYSTEM32\VCRUNTIME140_CLR0400.dll
75810000 C:\Windows\System32\msvcp_win.dll
77500000 73123758 Mar 06 22:27:36 2031 C:\Windows\System32\ucrtbase.dll
764a0000 39046a45 Apr 24 23:37:41 2000 C:\Windows\System32\IMM32.DLL
7a2c0000 5f7e60f6 Oct 08 08:44:38 2020 C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\218db16dceaef380c6daf35c6a48f313\mscorlib.ni.dll
762a0000 4f8dda94 Apr 18 05:03:16 2012 C:\Windows\System32\ole32.dll
754b0000 2f680839 Mar 16 17:43:21 1995 C:\Windows\System32\combase.dll
76b80000 C:\Windows\System32\bcryptPrimitives.dll
7b6d0000 5f7e60c1 Oct 08 08:43:45 2020 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
77750000 C:\Windows\System32\OLEAUT32.dll
SubSystemData: 00000000
ProcessHeap: 006e0000
ProcessParameters: 006e29b8
CurrentDirectory: 'C:\Windows\system32\'
WindowTitle: 'D:\net5\ConsoleApp4\ConsoleApp1\bin\Debug\ConsoleApp1.exe'
ImageFile: 'D:\net5\ConsoleApp4\ConsoleApp1\bin\Debug\ConsoleApp1.exe'
CommandLine: 'D:\net5\ConsoleApp4\ConsoleApp1\bin\Debug\ConsoleApp1.exe'
DllPath: '< Name not readable >'
Environment: 006e0b80
=::=::\
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Administrator\AppData\Roaming
ASPNETCORE_ENVIRONMENT=Development
CLASSPATH=.;C:\Program Files\Java\jdk1.8.0_121\lib\dt.jar;C:\Program Files\Java\jdk1.8.0_121\lib\tools.jar;
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=SD-20210607OIBM
ComSpec=C:\Windows\system32\cmd.exe
DBGENG_OVERRIDE_DBGSRV_PATH=C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps\Microsoft.WinDbg_8wekyb3d8bbwe\dbgsrv32.exe
DBGHELP_HOMEDIR=C:\ProgramData\Dbg
DriverData=C:\Windows\System32\Drivers\DriverData
HOMEDRIVE=C:
HOMEPATH=\Users\Administrator
JAVA_HOME=C:\Program Files\Java\jdk1.8.0_121
LOCALAPPDATA=C:\Users\Administrator\AppData\Local
LOGONSERVER=\\SD-20210607OIBM
MOZ_PLUGIN_PATH=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\
NUMBER_OF_PROCESSORS=12
OneDrive=C:\Users\Administrator\OneDrive
OS=Windows_NT
Path=C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2107.13001.0_neutral__8wekyb3d8bbwe\x86;C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2107.13001.0_neutral__8wekyb3d8bbwe\amd64;C:\Program Files (x86)\VMware\VMware Workstation\bin\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files\Git\cmd;C:\soft\procdump;C:\Program Files\Java\jdk1.8.0_121\bin;C:\Program Files\Java\jdk1.8.0_121\jre\bin;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files\Microsoft SQL Server\150\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn\;C:\Program Files\Azure Data Studio\bin;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Visual Leak Detector\bin\Win32;C:\Program Files (x86)\Visual Leak Detector\bin\Win64;C:\Program Files\TortoiseGit\bin;C:\Program Files\Microsoft\Web Platform Installer\;C:\soft\nginx;C:\Program Files (x86)\dotnet\;C:\Program Files (x86)\NetSarang\Xshell 7\;C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps;C:\Users\Administrator\.dotnet\tools;C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\bin;C:\Users\Administrator\AppData\Roaming\npm
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 165 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=a502
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PSModulePath=C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\Microsoft SQL Server\150\Tools\PowerShell\Modules\
PUBLIC=C:\Users\Public
SRCSRV_SHOW_TF_PROMPT=1
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\ADMINI~1\AppData\Local\Temp
TMP=C:\Users\ADMINI~1\AppData\Local\Temp
USERDOMAIN=SD-20210607OIBM
USERDOMAIN_ROAMINGPROFILE=SD-20210607OIBM
USERNAME=Administrator
USERPROFILE=C:\Users\Administrator
windir=C:\Windows
WXDRIVE_START_ARGS=--wxdrive-setting=0 --disable-gpu --disable-software-rasterizer --enable-features=NetworkServiceInProcess
ZES_ENABLE_SYSMAN=1
哈哈,这信息是不是相当多。。。。
4. 其他信息
很遗憾的是,我目前还不知道从 dump 中提取出当前机器的内存大小,如果有知道的,可以聊一聊。
