do .printf command have any length of string constraint (constantly throws unknown exception on comp

raj_r · November 21, 2013, 8:25am

i have observed .printf failing in odd ways never bothered to check why

on a recent thread in ntdev (is there any cpu time extension) i
observed .printf failing oddly

when i tried to printf the process name along side
(_KTHREAD.UserTime,…KernelTime, Total @#Thread and
_ETHREAD->ThreadsProcess->ImageFileName printf was failing with
bad register error

so i attached windbg over windbg and took a peek
it seems the format string gets truncated

is there a length limitation (cant find any documentation saying so)

don’t have newer windbg’s handy results posted are from 6.12 and xp

the following command produces correct result

====================
common aliases used in !for_each_thread

as ut @@c++(((nt!_ETHREAD ) @#Thread )->Tcb.UserTime)
as kt @@c++(((nt!_ETHREAD ) @#Thread )->Tcb.KernelTime)
as fn @@c++( (((nt!_ETHREAD *) @#Thread )->ThreadsProcess)->ImageFileName )

alias

lkd> !for_each_thread “r $t0= kt;r $t1= ut;r $t2=@$t0+@$t1;r $t3=
fn;.printf "%04x %04x %04x %ma F\n",@$t0,@$t1,@$t2,@$t3”
0268 0000 0268 System F
0044 0000 0044 System F
004b 0000 004b System F

============================================
incorrect result (difference is just one character at end
lkd> !for_each_thread “r $t0= kt;r $t1= ut;r $t2=@$t0+@$t1;r $t3=
fn;.printf "%04x %04x %04x %ma Fo\n",@$t0,@$t1,@$t2,@$t3”
02d5 0000 02d5 Bad register error at ‘@$t’
004a 0000 004a Bad register error at ‘@$t’
0054 0000 0054 Bad register error at ‘@$t’

======================================

again incorrect result (difference is several added charecters in end
of command)
but output is truncated by a whole argument (total time is completely missing)

lkd> !for_each_thread “r $t0= kt;r $t1= ut;r $t2=@$t0+@$t1;r $t3=
fn;.printf "%04x %04x %04x %ma Fooling\n",@$t0,@$t1,@$t2,@$t3”
02d5 0000 Bad register error at ‘@$t’
004a 0000 Bad register error at ‘@$t’
0055 0000 Bad register error at ‘@$t’

============================================

two argument output have disappeared

lkd> !for_each_thread “r $t0= kt;r $t1= ut;r $t2=@$t0+@$t1;r $t3=
fn;.printf "%04x %04x %04x %ma Fooling with\n",@$t0,@$t1,@$t2,@$t3”
02d5 Bad register error at ‘@$t’
004a Bad register error at ‘@$t’
0056 Bad register error at ‘@$t’
0031 Bad register error at ‘@$t’

all output have disappeared

lkd> !for_each_thread “r $t0= kt;r $t1= ut;r $t2=@$t0+@$t1;r $t3=
fn;.printf "%04x %04x %04x %ma Fooling with
length\n",@$t0,@$t1,@$t2,@$t3”
Bad register error at ‘@’
Bad register error at ‘@’
Bad register error at ‘@’
Bad register error at ‘@’
Bad register error at ‘@’

========================================

attaching windbg over windbg and setting a bp on PrintHandler

0:004> bl
0 e 020f4ead 0001 (0001) 0:**** dbgeng!PrintHandler::Print+0x5dd
“du poi(esp); du poi(esp)+30 ;gc”

correct $t3 is full
009bdb06 “x %04x %04x %ma F.”
009bdb36 “0,@$t1,@$t2,@$t3”
009bdb10 “x %04x %ma F.”
009bdb40 “1,@$t2,@$t3”
009bdb1a “x %ma F.”
009bdb4a “2,@$t3”
009bdb20 “ma F.”
009bdb50 “$t3”

====================

incorrect 3 missing in $t3

009bdb06 “x %04x %04x %ma Fo.”
009bdb36 “t0,@$t1,@$t2,@$t”
009bdb10 “x %04x %ma Fo.”
009bdb40 “t1,@$t2,@$t”
009bdb1a “x %ma Fo.”
009bdb4a “t2,@$t”
009bdb20 “ma Fo.”
009bdb50 “@$t”
0202a48a “s error at ‘%s’.”
0202a4ba “.”
0202a4a4 “s’.”
0202a4d4 “me too long in”

==========================

incorrect 2 in $t2 missing $t3 completely missing

009bdb06 “x %04x %04x %ma Fooling.”
009bdb36 “”
009bdb10 “x %04x %ma Fooling.”
009bdb40 “t0,@$t1,@$t”
009bdb1a “x %ma Fooling.”
009bdb4a “t1,@$t”
0202a48a “s error at ‘%s’.”
0202a4ba “.”
0202a4a4 “s’.”
0202a4d4 “me too long in”

================================

incorrect all arguments disappeared

009bdb06 “x %04x %04x %ma Fooling with.”
009bdb36 “with.”
009bdb10 “x %04x %ma Fooling with.”
009bdb40 “”
0202a48a “s error at ‘%s’.”
0202a4ba “.”
0202a4a4 “s’.”
0202a4d4 “me too long in”

009bdb06 “x %04x %04x %ma Fooling with len”
009bdb46 “gth.”
009bdb36 “with length.”
0202a48a “s error at ‘%s’.”
0202a4ba “.”
0202a4a4 “s’.”
0202a4d4 “me too long in”
009bdb06 “x %04x %04x %ma Fooling with len”
009bdb46 “gth.”
009bdb36 “with length.”
0202a48a “s error at ‘%s’.”
0202a4ba “.”
0202a4a4 “s’.”
0202a4d4 “me too long in”

any pointers on how to avoid this problem are welcome

using expression evaluator ?? ? is possible and seems to work
but using ?? or ? in for_each_thread produces lots of garbage and is
not conducive to sorting and text parsing .

do .printf command have any length of string constraint (constantly throws unknown exception on comp

as ut @@c++(((nt!_ETHREAD *) @#Thread )->Tcb.UserTime) as kt @@c++(((nt!_ETHREAD *) @#Thread )->Tcb.KernelTime) as fn @@c++( (((nt!_ETHREAD *) @#Thread )->ThreadsProcess)->ImageFileName )

lkd> !for_each_thread “r $t0= kt;r $t1= ut;r $t2=@$t0+@$t1;r $t3= fn;.printf "%04x %04x %04x %ma Fooling with\n",@$t0,@$t1,@$t2,@$t3” 02d5 Bad register error at ‘@$t’ 004a Bad register error at ‘@$t’ 0056 Bad register error at ‘@$t’ 0031 Bad register error at ‘@$t’

as ut @@c++(((nt!_ETHREAD ) @#Thread )->Tcb.UserTime)
as kt @@c++(((nt!_ETHREAD ) @#Thread )->Tcb.KernelTime)
as fn @@c++( (((nt!_ETHREAD *) @#Thread )->ThreadsProcess)->ImageFileName )

lkd> !for_each_thread “r $t0= kt;r $t1= ut;r $t2=@$t0+@$t1;r $t3=
fn;.printf "%04x %04x %04x %ma Fooling with\n",@$t0,@$t1,@$t2,@$t3”
02d5 Bad register error at ‘@$t’
004a Bad register error at ‘@$t’
0056 Bad register error at ‘@$t’
0031 Bad register error at ‘@$t’