ZaiRoN

Windbg “dt” output converter

Rate this Entry
How many times did you create a structure starting from Windbg's dt command output? It sometimes happens especially if you use Ida or if you need to code something. It’s something that makes me feel unhappy. It’s a boring job for sure, particularly when you have to deal with big structures (i.e. ethread). There are some ready made definitions online, but there’s not a standard definition for a single structure. Most of the time it depends on the OS you are running on.

All I want to do is to convert dt’s output into a struct definition. The output to convert is something like (obtained by Windbg using “dt _list_entry” command):
Code:
ntdll!_LIST_ENTRY
+0×000 Flink            : Ptr32 _LIST_ENTRY
+0×004 Blink            : Ptr32 _LIST_ENTRY
And this is what I want to generate:
Code:
typedef struct _LIST_ENTRY
{
struct _LIST_ENTRY* Flink;    // 0×000
struct _LIST_ENTRY* Blink;    // 0×004
} LIST_ENTRY, *PLIST_ENTRY;
I’m not a Windbg guru and I don’t know if there is a quickest way, so the idea is to write something able to perform (almost all) the convertion.

The gui is pretty simple, it contains two edit boxes and two buttons, nothing more. The convertion process starts by pressing the “Convert” button, the program converts the data stored inside the clipboard. The left box will be filled with the clipboard’s contents while the other box will contain the converted structure. What to store inside the clipboard? Look at the picture below:



Selected text is what you have to store into clipboard, everything starts from ‘_’ character. Once you have saved the text you can convert the structure. Here’s the result:



The edit box is editable, it’s necessary because most of the time it’s hard to predict the right type to display. I don’t know if it’s possible to perform a perfect convertion, the aim of this tool is to speed up the convertion process. With some minor changes you should be able to obtain a perfect convertion.

This tool is not totally complete, I have some more things to add. As usual I didn’t test it too much because I prefer to fix it when a bug occours. Anyway, it seems to work fine and you can contact me for comment/criticism/suggestion/etcetc.

ps. HAPPY NEW YEAR!!!
Attached Thumbnails Attached Files

Submit "Windbg “dt” output converter" to Digg Submit "Windbg “dt” output converter" to del.icio.us Submit "Windbg “dt” output converter" to StumbleUpon Submit "Windbg “dt” output converter" to Google

Categories
Uncategorized

Comments