Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting... Please check out the Community Guidelines in the
Announcements and Administration Category.

Dump Structure Type

Hi,

Does anyone knows if there is a command or a way to dump a C structure when it is not included in the symbol? I did a search on the windbg archives and did not find anything about it.

For instance, I have a pointer to a *CERT_INFO* structure, but the crypt32.pdb does not have this structure definition present (I verified it with the dt crypt32!*CERT_INFO* command). However I have this structure definition in the wincrypt.h and I could determine the members values manually, but this is time consuming.

I would like to know if there is a command or extension that could format this pointer if I inform this structure definition.

Thanks!

Regards,

-George

Comments

  • >I would like to know if there is a command or extension that could format
    >this pointer if I inform this structure definition.

    Not that I'm aware of. You could do this real quick and dirty with a
    debugger extension though, just read the memory into a local definition of
    the structure and then print it out.

    -scott

    --
    Scott Noone
    Consulting Associate
    OSR Open Systems Resources, Inc.
    http://www.osronline.com


    "George Luiz Bittencourt" wrote in message
    news:xxxxx@windbg...
    Hi,

    Does anyone knows if there is a command or a way to dump a C structure when
    it is not included in the symbol? I did a search on the windbg archives and
    did not find anything about it.

    For instance, I have a pointer to a *CERT_INFO* structure, but the
    crypt32.pdb does not have this structure definition present (I verified it
    with the dt crypt32!*CERT_INFO* command). However I have this structure
    definition in the wincrypt.h and I could determine the members values
    manually, but this is time consuming.

    I would like to know if there is a command or extension that could format
    this pointer if I inform this structure definition.

    Thanks!

    Regards,

    -George

    -scott
    OSR

  • There may be a windbg command/metacommand/(existing) extension command, but I don't know of one.

    What I usually do is define the type and create an instance of it in a source file and compile it, specifying the name of the existing pdb for the module in question (crypt32, in your case). This will update the pdb.

    struct _TYPE1
    {
    int member1;
    };

    typedef struct _TYPE1 TYPE1;

    TYPE1 type1;

    cl -c -Zi -Fd<pdb> -Tc <header.h>

    Creating an instance of the type is important, as it won't appear in the pdb (as I recall) without doing so.

    You then to tell windbg to force the load by making sure that you're pdb appears in the sympath ahead of the unmodified one

    .sympath <newdir>;srv*c:\sym*http://msdl.microsoft.com/download/symbols

    and finally:

    .reload -f -i <module.ext>=<base address>

    where module.ext would be 'crypt32.dll' (for example), and <base address> would be whatever 'lm m crypt32' reports.

    The '-i' tells windbg to ignore any mismatched symbol errors, and the '-f' tells it to load the symbols immediately, rather than wait until first use (though I think '-i' implies '-f' anyway).

    For your immediate purposes - using 'dt' or thereabouts - you could just define the type in any module that you will be loading during your kd session. It's quicker, but it doesn't help if there are extensions that are failing because of a missing type that expect to find in a specific module. It might be possible to workaround this by enabling the most permissive form of symbol resolution, but I've never tried that, as it tends to make windbg disappear for long stretches at a time if you mistype something.

    Good luck,

    mm
  • Ken_JohnsonKen_Johnson Posts: 1,556
    Also, if you've a module of your own for which you've got private symbols for that is loaded into the desired process and uses that struct, chances are that the typeinfo for your module would have the struct definition.

    - S

    -----Original Message-----
    From: George Luiz Bittencourt <xxxxx@integral.inf.br>
    Sent: Thursday, October 29, 2009 10:43
    To: Kernel Debugging Interest List <xxxxx@lists.osr.com>
    Subject: RES: RE:[windbg] Dump Structure Type


    Scott and mm, thanks a lot! This solves my problem.

    Regards,

    -George

    ---
    WINDBG is sponsored by OSR

    For our schedule of WDF, WDM, debugging and other seminars visit:
    http://www.osr.com/seminars

    To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!