Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

Go Back   OSR Online Lists > windbg
Welcome, Guest
You must login to post to this list
  Message 1 of 4  
29 Oct 09 13:05
windbg member 39566
xxxxxx@integral.inf.br
Join Date:
Posts To This List: 23
Dump Structure Type

Hi, Does anyone knows if there is a command or a way to dump a C structure when= it is not included in the symbol? I did a search on the windbg archives an= d did not find anything about it. For instance, I have a pointer to a *CERT_INFO* structure, but the crypt32.= pdb does not have this structure definition present (I verified it with the= dt crypt32!*CERT_INFO* command). However I have this structure definition = in the wincrypt.h and I could determine the members values manually, but th= is is time consuming. I would like to know if there is a command or extension that could format t= his pointer if I inform this structure definition. Thanks! Regards, -George
  Message 2 of 4  
29 Oct 09 13:27
Scott Noone
xxxxxx@osr.com
Join Date: 10 Jul 2002
Posts To This List: 553
List Moderator
Dump Structure Type

>I would like to know if there is a command or extension that could format >this pointer if I inform this structure definition. Not that I'm aware of. You could do this real quick and dirty with a debugger extension though, just read the memory into a local definition of the structure and then print it out. -scott -- Scott Noone Consulting Associate OSR Open Systems Resources, Inc. http://www.osronline.com "George Luiz Bittencourt" <xxxxx@integral.inf.br> wrote in message news:61815@windbg... Hi, Does anyone knows if there is a command or a way to dump a C structure when it is not included in the symbol? I did a search on the windbg archives and did not find anything about it. For instance, I have a pointer to a *CERT_INFO* structure, but the crypt32.pdb does not have this structure definition present (I verified it with the dt crypt32!*CERT_INFO* command). However I have this structure definition in the wincrypt.h and I could determine the members values manually, but this is time consuming. I would like to know if there is a command or extension that could format this pointer if I inform this structure definition. Thanks! Regards, -George
  Message 3 of 4  
29 Oct 09 13:36
windbg member 19758
xxxxxx@evitechnology.com
Join Date:
Posts To This List: 504
Dump Structure Type

There may be a windbg command/metacommand/(existing) extension command, but I don't know of one. What I usually do is define the type and create an instance of it in a source file and compile it, specifying the name of the existing pdb for the module in question (crypt32, in your case). This will update the pdb. struct _TYPE1 { int member1; }; typedef struct _TYPE1 TYPE1; TYPE1 type1; cl -c -Zi -Fd<pdb> -Tc <header.h> Creating an instance of the type is important, as it won't appear in the pdb (as I recall) without doing so. You then to tell windbg to force the load by making sure that you're pdb appears in the sympath ahead of the unmodified one .sympath <newdir>;srv*c:\sym*http://msdl.microsoft.com/download/symbols and finally: .reload -f -i <module.ext>=<base address> where module.ext would be 'crypt32.dll' (for example), and <base address> would be whatever 'lm m crypt32' reports. The '-i' tells windbg to ignore any mismatched symbol errors, and the '-f' tells it to load the symbols immediately, rather than wait until first use (though I think '-i' implies '-f' anyway). For your immediate purposes - using 'dt' or thereabouts - you could just define the type in any module that you will be loading during your kd session. It's quicker, but it doesn't help if there are extensions that are failing because of a missing type that expect to find in a specific module. It might be possible to workaround this by enabling the most permissive form of symbol resolution, but I've never tried that, as it tends to make windbg disappear for long stretches at a time if you mistype something. Good luck, mm
  Message 4 of 4  
30 Oct 09 14:11
Ken Johnson
xxxxxx@valhallalegends.com
Join Date: 24 Jul 2008
Posts To This List: 296
Dump Structure Type

Also, if you've a module of your own for which you've got private symbols f= or that is loaded into the desired process and uses that struct, chances ar= e that the typeinfo for your module would have the struct definition. - S -----Original Message----- From: George Luiz Bittencourt <xxxxx@integral.inf.br> Sent: Thursday, October 29, 2009 10:43 To: Kernel Debugging Interest List <xxxxx@lists.osr.com> Subject: RES: RE:[windbg] Dump Structure Type Scott and mm, thanks a lot! This solves my problem. Regards, -George --- WINDBG is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.o= sronline.com/page.cfm?name=3DListServer
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the windbg list to be able to post.

All times are GMT -5. The time now is 04:25.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license