Syntax for viewing structs in the WinDbg Memory Window?

Question

So for whatever reason I happen to not use an IDE when programming. I compile my programs and generate their corresponding PDB's on the command line. As a consequence I use WinDbg for debugging which I don't mind. Anyhow please consider the following data:

typedef struct _ex
{
    char *ptr0;
    char *ptr1;
    char *ptr2;
} ex;

ex  *example; // assume example and members point to somewhere memory

How do you view members of the example struct in the Memory window? I've tried example->ptr0 and example.ptr0 as well as an * placed here and there but always get an Unable to retrieve information error. I have a workspace setup and would like to have a couple Memory windows ready with some struct values when they come into scope and not have to copy paste addresses, or worse type them out, every time. Is there a correct syntax to do this?

Answer 1

source

:>dir /b
disptype.cpp

:>type disptype.cpp
// compile with cl /Zi /W4 /O1 /analyze /nologo disptype.cpp /link /nologo /release
// either disable inlining or compile as debug
// optimisation will blow away stuffstruct function and load rcx,rdx,r8 with argv[]
// and call printf directly
#include <stdio.h>
#include <stdlib.h>
typedef struct _ex
{
    char *ptr0;
    char *ptr1;
    char *ptr2;
} ex;
__declspec(noinline) void stuffstruct (ex *myex,char *a,char *b,char *c) {
                myex->ptr0 = a;
                myex->ptr1 = b;
                myex->ptr2 = c;
                return;
}
int main (int argc, char * argv[])
{
        if(argc != 4)
        {
                printf( "usage %s how are you\n" , argv[0]);
                exit(0);
        }
        ex myex;
        stuffstruct(&myex,argv[1],argv[2],argv[3]);
        printf ("%s repeats 3 argv's \n%s\n%s\n%s\n",argv[0],myex.ptr0,myex.ptr1,myex.ptr2);
        return 0;
}

compile and link and use

:>cl /Zi /W4 /O1 /analyze /nologo disptype.cpp /link /nologo /release
disptype.cpp

:>disptype.exe
usage disptype.exe how are you

:>disptype.exe how are you
disptype.exe repeats 3 argv's
how
are
you

:>

windbg (using cdb for ease of copy paste )

:>cdb disptype.exe how are you

Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64

$$ go to the relevent function

0:000> g disptype!stuffstruct 
disptype!stuffstruct:
00007ff6`3f541000 488911          mov     qword ptr [rcx],rdx ds:00000044`02cffe60=000000000000001f

$$ run until return so our struct is initialised
0:000> pt
disptype!stuffstruct+0xb:
00007ff6`3f54100b c3              ret

if you have src / private pdb you can look at locals using dv

0:000> dv
           myex = 0x00000044`02cffe60
              a = 0x0000019c`437f65b5 "how"
              b = 0x0000019c`437f65b9 "are"
              c = 0x0000019c`437f65bd "you"

an example of c++ expression evaluator,dt and dx usage

0:000> ?? myex
struct _ex * 0x00000044`02cffe60
   +0x000 ptr0             : 0x0000019c`437f65b5  "how"
   +0x008 ptr1             : 0x0000019c`437f65b9  "are"
   +0x010 ptr2             : 0x0000019c`437f65bd  "you"

you can also ask windbg to display type and coerce pointer 
either with dt or the new dx 

0:000> dt /v disptype!myex

Local var [AddrFlags c8  AddrOff 0000000000000000  Reg/Val rcx (3)] @ rcx Type _ex*

disptype!myex = 4402cffe60
struct _ex, 3 elements, 0x18 bytes
   +0x000 ptr0             : 0x0000019c`437f65b5  "how"
   +0x008 ptr1             : 0x0000019c`437f65b9  "are"
   +0x010 ptr2             : 0x0000019c`437f65bd  "you"


 0:000> dx (disptype!_ex *) @rcx
(disptype!_ex *) @rcx : 0x4402cffe60 [Type: _ex *]
    [+0x000] ptr0             : 0x19c437f65b5 : "how" [Type: char *]
    [+0x008] ptr1             : 0x19c437f65b9 : "are" [Type: char *]
    [+0x010] ptr2             : 0x19c437f65bd : "you" [Type: char *]
0:000>

coercing an address to be interpreted as our struc

0:000> dx (disptype!_ex *) @rax
(disptype!_ex *) @rax : 0x19c437ff290 [Type: _ex *]
    [+0x000] ptr0             : 0x19c437f6880 : "ALLUSERSPROFILE=C:\ProgramData" [Type: char *]
    [+0x008] ptr1             : 0x19c437f5dc0 : "APPDATA=C:\Users\xxxx\AppData\Roaming" [Type: char *]
    [+0x010] ptr2             : 0x19c437f5e20 : "CommandPromptType=Native" [Type: char *]
0:000>

you are talking about memory window in gui (atl +5 ) that window cannot show types it can only show data as predefined type like bit , byte , word, dword, float , double,string etc

set up either locals or watches (in my humble opinion both are cumbersome use up real estate degrade performance blah blah but that is my opinion you can happily use them if you so wish )

here is screen shot