Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home WINDBG

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


How to display the size value

Santhosh_Kumar-3Santhosh_Kumar-3 Member Posts: 127
in WINDBG

Hello,

I am returning to WinDbg after a 10-15 year break so pardon me for the basic question. I do know the size of systemHandles.size() = 7. How can I see that in Windbg Watch Window? thanks

· Share on Facebook

Comments

  • raj_rraj_r Member - All Emails Posts: 987
    edited July 2019

    @pgv i think there is a mail from me that is stuck in some queue
    @santosh_kumar std::vector->size() is a function i dont think watch windows can evaluate function results
    it can only typecast a memory location
    you can do dx systemHandles.size() using the new natvis expression evaluator it will provide you the vector size

    0:000> dv  
    g1 = { size=5 } 
    0:000> ?? g1 
    class std::vector<int,std::allocator > 
    +0x000 _Mypair : std::_Compressed_pair<std::allocator,std::_Vector_val<std::_Simple_types >,1> 
    0:000> dx g1.size() <<<<<<<<<<<<<<<<< 
    g1.size() : 5 <<<<<<<<<<<<<<<<<<< 

    0:000> dx -r 9 g1 
    g1 : { size=5 } [Type: std::vector<int,std::allocator >] 
    [] [Type: std::vector<int,std::allocator >] 
    [capacity] : 6 
    [allocator] : allocator [Type: std::_Compressed_pair<std::allocator,std::_Vector_val<std::_Simple_types >,1>] 
    [] [Type: std::_Compressed_pair<std::allocator,std::_Vector_val<std::_Simple_types >,1>] 
    [0] : 1 [Type: int] 
    [1] : 2 [Type: int] 
    [2] : 3 [Type: int] 
    [3] : 4 [Type: int] 
    [4] : 5 [Type: int] 

    check this stack overflow post

    Post edited by raj_r on
    · Share on Facebook
  • raj_rraj_r Member - All Emails Posts: 987
    edited July 2019

    the other day i was mucking around with some vectors in windbg and i happened
    to unassemble the vector::size() function
    looking at the disassembly and the crt src for the same function
    i happened to realize that you can set a transparent expression in the watch window to look at the vector::size()

    here is the disassembly of size() function for a vector in question

    :000> x vect!std::vector<int,std::allocator<int> >::size
00007ff7`57cfa6f0 vect!std::vector<int,std::allocator<int> >::size (void)
0:000> uf 7ff757cfa6f0
vect!std::vector<int,std::allocator<int> >::size 
 [c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\vector @ 1703]:
 1703 00007ff7`57cfa6f0 48894c2408      mov     qword ptr [rsp+8],rcx
 1703 00007ff7`57cfa6f5 4883ec38        sub     rsp,38h
 1704 00007ff7`57cfa6f9 488b4c2440      mov     rcx,qword ptr [rsp+40h]
 1704 00007ff7`57cfa6fe e8bca9feff      call    vect!ILT+16570
 1704 00007ff7`57cfa703 4889442420      mov     qword ptr [rsp+20h],rax
 1704 00007ff7`57cfa708 488b4c2440      mov     rcx,qword ptr [rsp+40h]
 1704 00007ff7`57cfa70d e85a93feff      call    vect!ILT+10855
 1704 00007ff7`57cfa712 488b00          mov     rax,qword ptr [rax]
 1704 00007ff7`57cfa715 488b4c2420      mov     rcx,qword ptr [rsp+20h]
 1704 00007ff7`57cfa71a 488b09          mov     rcx,qword ptr [rcx]
 1704 00007ff7`57cfa71d 482bc8          sub     rcx,rax
 1704 00007ff7`57cfa720 488bc1          mov     rax,rcx
 1704 00007ff7`57cfa723 48c1f802        sar     rax,2
 1705 00007ff7`57cfa727 4883c438        add     rsp,38h
 1705 00007ff7`57cfa72b c3              ret
windbg> .open -a 7ff757cfa6f0

    and the relevent src code from crt sources

                _NODISCARD size_type size() const noexcept
                {   // return length of sequence
                return (static_cast<size_type>(this->_Mylast() - this->_Myfirst()));
                }

    so basically if you set a watch expression like

    systemHandles._Mypair._Myval2._Mylast - systemHandles._Mypair._Myval2._Myfirst

    windbg will resolve the size() in the watch window (it will do the pointer arithmetic and display the actual size if you are wondering

    how address x - address y each being 8 bytes wide result in 5

    0:000> ?? g1._Mypair._Myval2._Mylast
int * 0x0000026f`5e0197a4
0:000> ?? g1._Mypair._Myval2._Mylast - g1._Mypair._Myval2._Myfirst
int64 0n5
0:000> ?? 0x0000026f`5e0197a4 - 0x0000026f`5e019790
int64 0n20
0:000> ?? ( 0x0000026f`5e0197a4 - 0x0000026f`5e019790 ) / sizeof(int)
unsigned int64 5

    Post edited by raj_r on
    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 26 Feb - 1 Mar 2024 Live, Online

Categories