Evaluation syntax for struct members?

I have a condition where I want to break only if a particular member of a
struct is a particular value. I could explicitly code that condition, but I
don’t need the code, so I would prefer to use WinDBG’s breakpoints to do it
for me. Except I can’t quite figure out how to use poi() to access the
members of the struct.



struct {
ULONG dword;
UINT word;
UCHAR byte;
} myStruct;

void myRoutine(myStruct *foo)
{
if(foo->byte != 0)
{
DoSomething(foo);
}
DoSomethingElse(foo);
return;
}

So I would like to stop if foo->byte == 0, without coding the else clause.
I believe that I can use ? and poi() to get WinDBG to show me when that
happens, but I haven’t figured out how, and the debugger docs have pretty
simple examples. Any suggestions?

Thanks,

Phil

* Philip D. Barila | (503) 264-8386
* Intel Corp. | M/S JF2-53 Office JF2-2-G6
* Storage Architecture and Performance
* Internet Systems Lab


You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

It would be something like this:
bp myroutine “j by(poi(foo) + 8) = 0 ‘g’ ; ‘’”

Let’s disect this command.

bp myroutine “j by(poi(foo) + 8) = 0 ‘g’ ; ‘’”

Means set a breakpoint on myrountine and then when it is hit
execute the associated command.

j by(poi(foo) + 8) = 0 ‘g’ ; ‘’

means if the expression “by(poi(foo) + 8) = 0” is true then
execute a “g” else do nothing. This effectivly hides the bp if the
expression is true.

by(poi(foo) + 8) = 0

means check if the result of "by(poi(foo) + 8) is equal to 0

by(poi(foo) + 8)

means get the low order byte from “poi(foo) + 8”

poi(foo) + 8

means add 8 to the result of “poi(foo)” 8 is the offset of the
field named “byte” in the struct pointed to by foo. I used “dt foo” to
get this information when building the command.

poi(foo)

means to get the value of foo. Evaluating a varaiable returns
the address of the variable. So we add poi() to defer that address and
read the actual value of the var. “? foo” in the debugger is “&foo” in
C. So “poi(foo)” in the debugger is “foo” in C.

I suggest reading the page “Expression Syntax” in the docs to learn more
about poi, by, etc… You can get to it by clicking the link from the
docs on the “j” command which is also a good thing to read.

One could also write an extension to do this is a more natural way. The
extension could take the name of the var and the field and then use type
information to determine the right expression to build. An extension
could also be used to implement a more complex bp that would be
difficult to express using the built in syntax.

Someday when we have real C++ evaluation in the debugger one should be
able to write something like
bp myroutine “j foo->byte = 0 ‘g’ ; ‘’”
but that is a ways off.

Enjoy.

-----Original Message-----
From: Barila, Phil [mailto:xxxxx@intel.com]
Sent: Tuesday, June 12, 2001 11:29 AM
To: Kernel Debugging Interest List
Subject: [windbg] Evaluation syntax for struct members?

I have a condition where I want to break only if a particular member of
a
struct is a particular value. I could explicitly code that condition,
but I
don’t need the code, so I would prefer to use WinDBG’s breakpoints to do
it
for me. Except I can’t quite figure out how to use poi() to access the
members of the struct.



struct {
ULONG dword;
UINT word;
UCHAR byte;
} myStruct;

void myRoutine(myStruct *foo)
{
if(foo->byte != 0)
{
DoSomething(foo);
}
DoSomethingElse(foo);
return;
}

So I would like to stop if foo->byte == 0, without coding the else
clause.
I believe that I can use ? and poi() to get WinDBG to show me when that
happens, but I haven’t figured out how, and the debugger docs have
pretty
simple examples. Any suggestions?

Thanks,

Phil

* Philip D. Barila | (503) 264-8386
* Intel Corp. | M/S JF2-53 Office JF2-2-G6
* Storage Architecture and Performance
* Internet Systems Lab


You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

This stuff is very cool. I sure wish somebody would write “10 Things You
Never Knew You Could Do With WinDbg” as an article for The NT Insider…

Ah, I can dream, can’t I??

Peter

(From on the road)

-----Original Message-----
From: Nathan Nesbit
To: Kernel Debugging Interest List
CC: xxxxx@intel.com
Sent: Tue Jun 12 20:03:33 2001
Subject: [windbg] RE: Evaluation syntax for struct members?

It would be something like this:
bp myroutine “j by(poi(foo) + 8) = 0 ‘g’ ; ‘’”

Let’s disect this command.

bp myroutine “j by(poi(foo) + 8) = 0 ‘g’ ; ‘’”

Means set a breakpoint on myrountine and then when it is hit
execute the associated command.

j by(poi(foo) + 8) = 0 ‘g’ ; ‘’

means if the expression “by(poi(foo) + 8) = 0” is true then
execute a “g” else do nothing. This effectivly hides the bp if the
expression is true.

by(poi(foo) + 8) = 0

means check if the result of "by(poi(foo) + 8) is equal to 0

by(poi(foo) + 8)

means get the low order byte from “poi(foo) + 8”

poi(foo) + 8

means add 8 to the result of “poi(foo)” 8 is the offset of the
field named “byte” in the struct pointed to by foo. I used “dt foo” to
get this information when building the command.

poi(foo)

means to get the value of foo. Evaluating a varaiable returns
the address of the variable. So we add poi() to defer that address and
read the actual value of the var. “? foo” in the debugger is “&foo” in
C. So “poi(foo)” in the debugger is “foo” in C.

I suggest reading the page “Expression Syntax” in the docs to learn more
about poi, by, etc… You can get to it by clicking the link from the
docs on the “j” command which is also a good thing to read.

One could also write an extension to do this is a more natural way. The
extension could take the name of the var and the field and then use type
information to determine the right expression to build. An extension
could also be used to implement a more complex bp that would be
difficult to express using the built in syntax.

Someday when we have real C++ evaluation in the debugger one should be
able to write something like
bp myroutine “j foo->byte = 0 ‘g’ ; ‘’”
but that is a ways off.

Enjoy.

-----Original Message-----
From: Barila, Phil [mailto:xxxxx@intel.com]
Sent: Tuesday, June 12, 2001 11:29 AM
To: Kernel Debugging Interest List
Subject: [windbg] Evaluation syntax for struct members?

I have a condition where I want to break only if a particular member of
a
struct is a particular value. I could explicitly code that condition,
but I
don’t need the code, so I would prefer to use WinDBG’s breakpoints to do
it
for me. Except I can’t quite figure out how to use poi() to access the
members of the struct.



struct {
ULONG dword;
UINT word;
UCHAR byte;
} myStruct;

void myRoutine(myStruct foo)
{
if(foo->byte != 0)
{
DoSomething(foo);
}
DoSomethingElse(foo);
return;
}



So I would like to stop if foo->byte == 0, without coding the else
clause.
I believe that I can use ? and poi() to get WinDBG to show me when that
happens, but I haven’t figured out how, and the debugger docs have
pretty
simple examples. Any suggestions?

Thanks,

Phil

Philip D. Barila | (503) 264-8386
* Intel Corp. | M/S JF2-53 Office JF2-2-G6
* Storage Architecture and Performance
* Internet Systems Lab


You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to windbg as: xxxxx@osr.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Nathan,

Thanks for the confirmation that I did it right. I didn’t determine the
offset with dt, as I didn’t know about it, but I did end up adding the
offset to poi(foo). I was hoping there was a more elegant way, but it looks
like that’s not going to happen today or tomorrow. I just used
poi(poi(foo)+OFFSET)), since I didn’t know about by(), either. Fortunately,
the rest of the struct was zero at the time in question, so deref’ing didn’t
produce wrong results.

Peter’s right, it’s time for an NT Insider article. I know 2 of the 10
things now! Only 8 more to go! :smiley:

Phil

-----Original Message-----
From: Nathan Nesbit [mailto:xxxxx@windows.microsoft.com]
Sent: Tuesday, June 12, 2001 5:04 PM
To: Kernel Debugging Interest List
Cc: xxxxx@intel.com
Subject: [windbg] RE: Evaluation syntax for struct members?

It would be something like this:
bp myroutine “j by(poi(foo) + 8) = 0 ‘g’ ; ‘’”

Let’s disect this command.

bp myroutine “j by(poi(foo) + 8) = 0 ‘g’ ; ‘’”

Means set a breakpoint on myrountine and then when it is hit
execute the associated command.

j by(poi(foo) + 8) = 0 ‘g’ ; ‘’

means if the expression “by(poi(foo) + 8) = 0” is true then
execute a “g” else do nothing. This effectivly hides the bp if the
expression is true.

by(poi(foo) + 8) = 0

means check if the result of "by(poi(foo) + 8) is equal to 0

by(poi(foo) + 8)

means get the low order byte from “poi(foo) + 8”

poi(foo) + 8

means add 8 to the result of “poi(foo)” 8 is the offset of the
field named “byte” in the struct pointed to by foo. I used “dt foo” to
get this information when building the command.

poi(foo)

means to get the value of foo. Evaluating a varaiable returns
the address of the variable. So we add poi() to defer that address and
read the actual value of the var. “? foo” in the debugger is “&foo” in
C. So “poi(foo)” in the debugger is “foo” in C.

I suggest reading the page “Expression Syntax” in the docs to learn more
about poi, by, etc… You can get to it by clicking the link from the
docs on the “j” command which is also a good thing to read.

One could also write an extension to do this is a more natural way. The
extension could take the name of the var and the field and then use type
information to determine the right expression to build. An extension
could also be used to implement a more complex bp that would be
difficult to express using the built in syntax.

Someday when we have real C++ evaluation in the debugger one should be
able to write something like
bp myroutine “j foo->byte = 0 ‘g’ ; ‘’”
but that is a ways off.

Enjoy.

-----Original Message-----
From: Barila, Phil [mailto:xxxxx@intel.com]
Sent: Tuesday, June 12, 2001 11:29 AM
To: Kernel Debugging Interest List
Subject: [windbg] Evaluation syntax for struct members?

I have a condition where I want to break only if a particular member of
a
struct is a particular value. I could explicitly code that condition,
but I
don’t need the code, so I would prefer to use WinDBG’s breakpoints to do
it
for me. Except I can’t quite figure out how to use poi() to access the
members of the struct.



struct {
ULONG dword;
UINT word;
UCHAR byte;
} myStruct;

void myRoutine(myStruct *foo)
{
if(foo->byte != 0)
{
DoSomething(foo);
}
DoSomethingElse(foo);
return;
}

So I would like to stop if foo->byte == 0, without coding the else
clause.
I believe that I can use ? and poi() to get WinDBG to show me when that
happens, but I haven’t figured out how, and the debugger docs have
pretty
simple examples. Any suggestions?

Thanks,

Phil

* Philip D. Barila | (503) 264-8386
* Intel Corp. | M/S JF2-53 Office JF2-2-G6
* Storage Architecture and Performance
* Internet Systems Lab


You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to windbg as: xxxxx@intel.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com