Dump Structure Type

Hi,

Does anyone knows if there is a command or a way to dump a C structure when it is not included in the symbol? I did a search on the windbg archives and did not find anything about it.

For instance, I have a pointer to a *CERT_INFO* structure, but the crypt32.pdb does not have this structure definition present (I verified it with the dt crypt32!*CERT_INFO* command). However I have this structure definition in the wincrypt.h and I could determine the members values manually, but this is time consuming.

I would like to know if there is a command or extension that could format this pointer if I inform this structure definition.

Thanks!

Regards,

-George

>I would like to know if there is a command or extension that could format

this pointer if I inform this structure definition.

Not that I’m aware of. You could do this real quick and dirty with a
debugger extension though, just read the memory into a local definition of
the structure and then print it out.

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“George Luiz Bittencourt” wrote in message
news:xxxxx@windbg…
Hi,

Does anyone knows if there is a command or a way to dump a C structure when
it is not included in the symbol? I did a search on the windbg archives and
did not find anything about it.

For instance, I have a pointer to a CERT_INFO structure, but the
crypt32.pdb does not have this structure definition present (I verified it
with the dt crypt32!CERT_INFO command). However I have this structure
definition in the wincrypt.h and I could determine the members values
manually, but this is time consuming.

I would like to know if there is a command or extension that could format
this pointer if I inform this structure definition.

Thanks!

Regards,

-George

There may be a windbg command/metacommand/(existing) extension command, but I don’t know of one.

What I usually do is define the type and create an instance of it in a source file and compile it, specifying the name of the existing pdb for the module in question (crypt32, in your case). This will update the pdb.

struct _TYPE1
{
int member1;
};

typedef struct _TYPE1 TYPE1;

TYPE1 type1;

cl -c -Zi -Fd -Tc <header.h>

Creating an instance of the type is important, as it won’t appear in the pdb (as I recall) without doing so.

You then to tell windbg to force the load by making sure that you’re pdb appears in the sympath ahead of the unmodified one

.sympath ;srvc:\symhttp://msdl.microsoft.com/download/symbols

and finally:

.reload -f -i <module.ext>=


where module.ext would be ‘crypt32.dll’ (for example), and would be whatever ‘lm m crypt32’ reports.

The ‘-i’ tells windbg to ignore any mismatched symbol errors, and the ‘-f’ tells it to load the symbols immediately, rather than wait until first use (though I think ‘-i’ implies ‘-f’ anyway).

For your immediate purposes - using ‘dt’ or thereabouts - you could just define the type in any module that you will be loading during your kd session. It’s quicker, but it doesn’t help if there are extensions that are failing because of a missing type that expect to find in a specific module. It might be possible to workaround this by enabling the most permissive form of symbol resolution, but I’ve never tried that, as it tends to make windbg disappear for long stretches at a time if you mistype something.

Good luck,

mm</module.ext></header.h>

Also, if you’ve a module of your own for which you’ve got private symbols for that is loaded into the desired process and uses that struct, chances are that the typeinfo for your module would have the struct definition.

  • S

-----Original Message-----
From: George Luiz Bittencourt
Sent: Thursday, October 29, 2009 10:43
To: Kernel Debugging Interest List
Subject: RES: RE:[windbg] Dump Structure Type

Scott and mm, thanks a lot! This solves my problem.

Regards,

-George


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer