WinDbg : Parsing Arrays In The Debugger
Many a times data structs like arrays need parsing in windbg. These don't lend themselves as well as the LIST_ENTRY based structs do, because the debugger can parse such lists. Here are 2 simple ways of parsing arrays.
typedef struct _RECORD
{
ULONG Foo;
ULONG Bar;
} RECORD;
typedef struct _STATE
{
RECORD Records[100];
} STATE;
int main()
{
STATE localXyz;
}Commands used:
- for
- dx
1: kd>.for (r @$t0 = 0; @$t0 < @@(#RTL_NUMBER_OF(localXyz.Records)); r @$t0 = @$t0 + 1) { ?? localXyz.Records[@$t0] }
struct _RECORD
+0x000 Foo :
+0x004 Bar :
There is another way of doing this in the latest version of Windbg, and that is using the dx command.
1: kd>dx -r2 -g localXyz.Records
Note : This example uses stack based objects, and hence uses the dot operator in the commands, however, if you are using a pointer to the struct you want to display, you will have to use the arrow operator instead of the dot.
No comments:
Post a Comment