print message

WINDBG
1

bp WSecKrl!GetFileNameFromPID+0x199 “;as /mu ${/v:FileName} pFileName;.echo;.printf"FileName:%ma",${FileName};.echo;g”

why always print Garbled

Thanks!!!
liu jing

2

A few problems that I see:

  1. What’s the /v here: ${/v:FileName}? I don’t see that described in the
    docs

  2. printf"FileName:%ma", - %ma is for ASCII, %mu is for UNICODE

  3. ${FileName} - printf wants a virtual address, I think you’re passing a
    string here.

You might want to just try doing something simpler like this:

“.echo;.printf"FileName:%mu",pFileName;.echo;g”

And see if that works.

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

<crazy2000_liu> wrote in message news:xxxxx@windbg…
> bp WSecKrl!GetFileNameFromPID+0x199 “;as /mu ${/v:FileName}
> pFileName;.echo;.printf"FileName:%ma",${FileName};.echo;g”
>
> why always print Garbled
>
> Thanks!!!
> liu jing
>
>
></crazy2000_liu>

3

This is I write code:

bp WSecKrl!GetFileNameFromPID+0x199 “echo;.printf"FileName:%ma", pFileName;.echo;g”
or
bp WSecKrl!GetFileNameFromPID+0x199 “echo;.printf"FileName:%ma", poi(pFileName);.echo;g”

fullPathName type is PCHAR*

print result is:
FileName:??

FileName:??

FileName:??

FileName:i?

FileName:i?

FileName:Y?

FileName:?%

FileName:??

why ???

thank you

4

This is I write code:

bp WSecKrl!GetFileNameFromPID+0x199 “echo;.printf"FileName:%ma",
pFileName;.echo;g”
or
bp WSecKrl!GetFileNameFromPID+0x199 “echo;.printf"FileName:%ma",
poi(pFileName);.echo;g”

pFileNametype is PCHAR*

print result is:
FileName:??

FileName:??

FileName:??

FileName:i?

FileName:i?

FileName:Y?

FileName:?%

FileName:??

why ???

thank you

5

  1. It looks like it might be UNICODE.

  2. Is it PCHAR or PCHAR *?

Good luck,

mm