Hi, i’m debugging a 1394 camera driver using WinDbg 6.3.
I know that some of the locals variables cannot be seen, although I debug
using checked build (without code optimization). Can I see them in the
registers? There is some way to see them?
Thank you.
Miguel.
Hi,
if the base pointer is setup, ebp-xx (where xx depends on the space
reserved for local variables) will give you the local variables.
-----Original Message-----
From: Miguel [mailto:xxxxx@hotmail.com]
Sent: 26 March, 2004 5:37 PM
To: Kernel Debugging Interest List
Subject: [windbg] Local Variables
Hi, i’m debugging a 1394 camera driver using WinDbg 6.3.
I know that some of the locals variables cannot be seen, although I debug
using checked build (without code optimization). Can I see them in the
registers? There is some way to see them?
Thank you.
Miguel.
You are currently subscribed to windbg as: xxxxx@ssdi.sharp.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
In the case where you have full symbols, the debugger will map the
locals (stack based) to the corresponding value in the original source
code. If you managed to have optimization turned on (and some versions
of the DDK, unfortunately, enabled local variable elimination even in
the checked build) then there’s no mapping from stack location to local
variable because they only exist in registers.
It may take a while but in my experience you can almost ALWAYS figure
out what was stored in the registers. Further, you can usually work out
(from the locals you do see, the registers you observe used in the
disassembly and the original source code) what the registers represent.
Further helping this along is the fact that the compiler tends to use
registers in very predictable ways (currently, the compiler likes to
load ESI with a structure pointer - often using it over and over again
throughout the function.)
If you have additional call frames the register contents have no doubt
been changed, but the C convention is “called function preserves
registers” (never EAX - the return register, and not ECX or EDX if it is
fastcall.) So if the register has been re-used, you’ll have to
disassemble the next called function to figure out where the value was
pushed on the stack - more than once I’ve used this particular trick to
resurrect the contents of a register.
The other way to figure the value in the register is to go back through
the load sequence. So if you see “MOV EBX, [ESI+0xc]”, figure out what
was in ESI (like that earlier “MOV ESI, EBP+0xc” - so grab paramter 2
off the stack and then look at the memory location for ESI+0xc.) Which
one you use often depends upon what looks easiest.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Miguel
Sent: Friday, March 26, 2004 7:07 AM
To: Kernel Debugging Interest List
Subject: [windbg] Local Variables
Hi, i’m debugging a 1394 camera driver using WinDbg 6.3.
I know that some of the locals variables cannot be seen, although I
debug using checked build (without code optimization). Can I see them
in the registers? There is some way to see them?
Thank you.
Miguel.
You are currently subscribed to windbg as: xxxxx@osr.com To unsubscribe
send a blank email to xxxxx@lists.osr.com