Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Dump Structure Type
OSR_Community_User
Member Posts: 110,217
in WINDBG
Hi,
Does anyone knows if there is a command or a way to dump a C structure when it is not included in the symbol? I did a search on the windbg archives and did not find anything about it.
For instance, I have a pointer to a *CERT_INFO* structure, but the crypt32.pdb does not have this structure definition present (I verified it with the dt crypt32!*CERT_INFO* command). However I have this structure definition in the wincrypt.h and I could determine the members values manually, but this is time consuming.
I would like to know if there is a command or extension that could format this pointer if I inform this structure definition.
Thanks!
Regards,
-George
Does anyone knows if there is a command or a way to dump a C structure when it is not included in the symbol? I did a search on the windbg archives and did not find anything about it.
For instance, I have a pointer to a *CERT_INFO* structure, but the crypt32.pdb does not have this structure definition present (I verified it with the dt crypt32!*CERT_INFO* command). However I have this structure definition in the wincrypt.h and I could determine the members values manually, but this is time consuming.
I would like to know if there is a command or extension that could format this pointer if I inform this structure definition.
Thanks!
Regards,
-George
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Kernel Debugging | 30 January 2023 | Live, Online |
| Developing Minifilters | 20 March 2023 | Live, Online |
| Internals & Software Drivers | 17 April 2023 | Live, Online |
| Writing WDF Drivers | 22 May 2023 | Live, Online |
Comments
>this pointer if I inform this structure definition.
Not that I'm aware of. You could do this real quick and dirty with a
debugger extension though, just read the memory into a local definition of
the structure and then print it out.
-scott
--
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
"George Luiz Bittencourt" wrote in message
news:[email protected]
Hi,
Does anyone knows if there is a command or a way to dump a C structure when
it is not included in the symbol? I did a search on the windbg archives and
did not find anything about it.
For instance, I have a pointer to a *CERT_INFO* structure, but the
crypt32.pdb does not have this structure definition present (I verified it
with the dt crypt32!*CERT_INFO* command). However I have this structure
definition in the wincrypt.h and I could determine the members values
manually, but this is time consuming.
I would like to know if there is a command or extension that could format
this pointer if I inform this structure definition.
Thanks!
Regards,
-George
-scott
OSR
What I usually do is define the type and create an instance of it in a source file and compile it, specifying the name of the existing pdb for the module in question (crypt32, in your case). This will update the pdb.
struct _TYPE1
{
int member1;
};
typedef struct _TYPE1 TYPE1;
TYPE1 type1;
cl -c -Zi -Fd<pdb> -Tc <header.h>
Creating an instance of the type is important, as it won't appear in the pdb (as I recall) without doing so.
You then to tell windbg to force the load by making sure that you're pdb appears in the sympath ahead of the unmodified one
.sympath <newdir>;srv*c:\sym*http://msdl.microsoft.com/download/symbols
and finally:
.reload -f -i <module.ext>=<base address>
where module.ext would be 'crypt32.dll' (for example), and <base address> would be whatever 'lm m crypt32' reports.
The '-i' tells windbg to ignore any mismatched symbol errors, and the '-f' tells it to load the symbols immediately, rather than wait until first use (though I think '-i' implies '-f' anyway).
For your immediate purposes - using 'dt' or thereabouts - you could just define the type in any module that you will be loading during your kd session. It's quicker, but it doesn't help if there are extensions that are failing because of a missing type that expect to find in a specific module. It might be possible to workaround this by enabling the most permissive form of symbol resolution, but I've never tried that, as it tends to make windbg disappear for long stretches at a time if you mistype something.
Good luck,
mm
- S
-----Original Message-----
From: George Luiz Bittencourt <[email protected]>
Sent: Thursday, October 29, 2009 10:43
To: Kernel Debugging Interest List <[email protected]>
Subject: RES: RE:[windbg] Dump Structure Type
Scott and mm, thanks a lot! This solves my problem.
Regards,
-George
---
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer