Can someone give me some tips here?
Let say I have struct foo:
typedef struct _FOO {
ULONG data;
UNICODE_STRING name;
} FOO, *PFOO;
I also have a global:
PFOO myfoo;
With the old-style windbg I could issue
? {,mydriver}myfoo - to dump the structure.
or
? {,mydriver}myfoo->name - to dump the unicode string.
or if I wanted to cast an arbitrary address I could issue
? {,mydriver}((PFOO)0x
)->nameI'm having tremendous difficulty doing this with the
new windbg.
if is issue
? mydriver!myfoo - it gives me the address, but won't dump the structure.
I can then issue
dt -n mydriver!FOO address - That dumps the structure, but
for name it just writes _UNICODE_STRING. I can't for
the life of me figure out how to actually dump the contents of the
string.
Can someone give me the magic command syntax? Thanks.