I know that the function ReturnModuleNameFromSBC() takes this SBc
entry and returns the name SBCName from it. The only parameter the
function takes is this structure. I know the address of this struct
entry ( from esp register)
I want to run dt comand on it to make my like easier.
But this is not and exported struct, is there a way where I can do
dt _SBC xxxxyyyy where xxxxyyyy is a memory location.
Yup, but I forget how. I did it before dt was introduced in WinDbg and that has been over 5 years ago. In essence you describe the structure, but you will need to chase down the proper calls to make in the debugger documentation. Of course the simplest way would be to add/define the structure in your own code, create a pointer to the struct and manually set the address to the data in the pointer. Voila … !
–
The personal opinion of
Gary G. Little
“Developer” wrote in message news:xxxxx@ntdev… There is an unexported structure
typedef struct _SBC { LIST_ENTRY Next; LIST_ENTRY Prev; PVOID Unused; UNICODE_STRING SBCName; ULONG Flags; } SBC, *PSBC;in a driver whose free build is running.I know that the function ReturnModuleNameFromSBC() takes this SBc entry and returns the name SBCName from it. The only parameter the function takes is this structure. I know the address of this struct entry ( from esp register) I want to run dt comand on it to make my like easier.But this is not and exported struct, is there a way where I can dodt _SBC xxxxyyyy where xxxxyyyy is a memory location.
You write a debugger extension that understands the structure layout. It is
rather trivial. Of course the debugger extension api is notoriously flakey.
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032 www.hollistech.com
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bedanto
Sent: Monday, September 05, 2005 11:01 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] data types
Heck!!! Even I would like to know how this can be achieved. Gary can
you please try to rack your brains and remember what you did five years
back.
Like Mark said, you write an extension and then load the extension. Writing
extensions are coverd by the KD docs. The truth though is that DT is so much
easier to use than developing your own extension.
–
Gary G. Little
“Mark Roddy” wrote in message news:xxxxx@ntdev… > You write a debugger extension that understands the structure layout. It > is > rather trivial. Of course the debugger extension api is notoriously > flakey. > > > ===================== > Mark Roddy DDK MVP > Windows 2003/XP/2000 Consulting > Hollis Technology Solutions 603-321-1032 > www.hollistech.com > > > > > ________________________________ > > From: xxxxx@lists.osr.com > [mailto:xxxxx@lists.osr.com] On Behalf Of Bedanto > Sent: Monday, September 05, 2005 11:01 AM > To: Windows System Software Devs Interest List > Subject: Re: [ntdev] data types > > > Heck!!! Even I would like to know how this can be achieved. Gary can > you please try to rack your brains and remember what you did five years > back. > > Jason, any suggestions!!! > > > — Questions? First check the Kernel Driver FAQ at > http://www.osronline.com/article.cfm?id=256 You are currently subscribed > to > ntdev as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank > email > to xxxxx@lists.osr.com > > > >
ya maybe, but then you you need to delve into undocumented structures like
those hidden by windows and third party driver writers, you gotta take the
harder path!!!