Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home WINDBG

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

Quick way to parse records

AlbertAlbert Member - All Emails Posts: 489
in WINDBG

If a struct is defined like so:

typedef _S
{
Another_StructType Records[100];
} S;

is there a way in windbg to dump all the records in a loop just like we can if it was a LIST_ENTRY?

· Share on Facebook

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,907

    That's very different from the LIST_ENTRY thing. There are no pointers to follow here. The "dt" command has a "-r" to go recursive and a "-a" that tells it how many array entries it should show.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

    · Share on Facebook
  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,442

    Using the following:

    typedef struct _RECORD
{
    ULONG Foo;
    ULONG Bar;
} RECORD;

typedef struct _STATE
{
    RECORD Records[100];
} STATE;

int main()
{
    STATE localXyz;

    The old way to do this would be with a for loop:

    .for (r @$t0 = 0; @$t0 < @@(#RTL_NUMBER_OF(localXyz.Records)); r @$t0 = @$t0 + 1) { ?? localXyz.Records[@$t0] }

    That's ugly but you now have a way to execute a command for each entry.

    The new way to do this would be with the Debugger Object Model (DOM) and dx command. You can get an attractive little table with this:

    dx -r2 -g localXyz.Records

    If you want to customize the output or do something else with each entry then you would use NatVIS:

    https://www.osr.com/blog/2015/11/06/fun-windbg-natvis-support/

    Enjoy!

    -scott
    OSR

    · Share on Facebook
  • AlbertAlbert Member - All Emails Posts: 489

    Thanks a ton @Scott_Noone_(OSR) ! The first one was more than what I need, and the ability to execute additional commands is more helpful in my case.

    @Scott_Noone_(OSR) said:
    Using the following:

    typedef struct _RECORD
{
    ULONG Foo;
    ULONG Bar;
} RECORD;

typedef struct _STATE
{
    RECORD Records[100];
} STATE;

int main()
{
    STATE localXyz;

    The old way to do this would be with a for loop:

    .for (r @$t0 = 0; @$t0 < @@(#RTL_NUMBER_OF(localXyz.Records)); r @$t0 = @$t0 + 1) { ?? localXyz.Records[@$t0] }

    That's ugly but you now have a way to execute a command for each entry.

    The new way to do this would be with the Debugger Object Model (DOM) and dx command. You can get an attractive little table with this:

    dx -r2 -g localXyz.Records

    If you want to customize the output or do something else with each entry then you would use NatVIS:

    https://www.osr.com/blog/2015/11/06/fun-windbg-natvis-support/

    Enjoy!

    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Developing Minifilters 24 May 2021 Live, Online
Writing WDF Drivers 14 June 2021 Live, Online
Internals & Software Drivers 2 August 2021 Live, Online
Kernel Debugging 27 Sept 2021 Live, Online

Categories