Hello everyone.
Do you know a way to make tracing a bit more verbose,
I would like to know when using
t ta etc… commands to have in comment if any of the register/memory region is pointing to an ascii string/unicode string.
For example:
… tracing output…
00112244 mov [ebp+12] , eax eax=3D00ffabca ascii=“Hello World”
…
Any option to enable this ? or I have to code my own trace command ?
Scripting is out of question like I usually trace big routine
Thanks everyone
-Nico
There is no support to detect this automagically in the debugger. However, the .pcmd command lets you set a sequence of commands to run each time the debugger stops for a prompt; you could try and hack up some debugger commands to look for what might be a text string by reading from the memory location referred to by each register (treated as a pointer), etc.
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: Monday, October 26, 2009 8:51 PM
To: Kernel Debugging Interest List
Subject: [windbg] an option to make tracing a bit more verbose ?
Hello everyone.
Do you know a way to make tracing a bit more verbose,
I would like to know when using
t ta etc… commands to have in comment if any of the register/memory region is pointing to an ascii string/unicode string.
For example:
… tracing output…
00112244 mov [ebp+12] , eax eax=3D00ffabca ascii=“Hello World”
…
Any option to enable this ? or I have to code my own trace command ?
Scripting is out of question like I usually trace big routine
Thanks everyone
-Nico
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
You can also use the ‘dc’ command to help in dumping characters
d
Sent from my phone with no t9, all spilling mistakes are not intentional.
From: Skywing
Sent: Monday, October 26, 2009 9:46 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] an option to make tracing a bit more verbose ?
There is no support to detect this automagically in the debugger. However, the .pcmd command lets you set a sequence of commands to run each time the debugger stops for a prompt; you could try and hack up some debugger commands to look for what might be a text string by reading from the memory location referred to by each register (treated as a pointer), etc.
- S
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: Monday, October 26, 2009 8:51 PM
To: Kernel Debugging Interest List
Subject: [windbg] an option to make tracing a bit more verbose ?
Hello everyone.
Do you know a way to make tracing a bit more verbose,
I would like to know when using
t ta etc… commands to have in comment if any of the register/memory region is pointing to an ascii string/unicode string.
For example:
… tracing output…
00112244 mov [ebp+12] , eax eax=3D00ffabca ascii=“Hello World”
…
Any option to enable this ? or I have to code my own trace command ?
Scripting is out of question like I usually trace big routine
Thanks everyone
-Nico
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
You could also write a kd extension to do what you want and if you wanted to, you could use an alias to remap ‘t’ to your extension. Or something like that.
No matter how you do this, you will have to implement the heuristic(s) for ‘verbose.’
Good luck,
mm