Ask Learn
Preview
Please sign in to use this experience.
Sign inNote
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
I really like using C/C++ expressions from WinDbg. It’s a natural way to extract information from C and C++ applications if you know these programming languages; therefore, I think it’s useful to share how to do this.
First, let’s talk about poi().
poi() is used to get pointer-sized data. Think about the * operator for C and C++.
For example:
Therefore, poi is the best operator to use if you want pointer-sized data.
The double question mark ( ?? ) command evaluates and displays the value of an expression according to the C++ expression rules.
Now, let me show you how to get a pointer value using poi() and ?? .
The single question mark ( ? ) is used to evaluate expressions.
Tip: By using ?, you can easily convert a number from hexadecimal to decimal or vice versa. Remember to use the prefix 0x for hexadecimal and 0n for decimal.
Examples:
Finally, we have the C++ expression parser - @@c++() - that supports all forms of C++ expression syntax, such as:
- Numbers in C++ expressions
- Characters and strings in C++ expressions
- Symbols in C++ expressions. (see WinDbg documentation for details)
- Operators in C++ expressions
- Registers and pseudo-registers in C++ expressions
- Macros in C++ expressions
Examples:
For more information, you may want to read the Magic Pointers article.
Here you can see scripts that use the ?? , @@c++() or poi() commands.
Anonymous
March 03, 2008
PingBack from http://msdnrss.thecoderblogs.com/2008/03/04/special-commands-using-c-and-poi-with-cc-expressions/Anonymous
March 03, 2008
PingBack from http://www.secure-software-engineering.com/2008/03/04/special-commands-using-c-and-poi-with-cc-expressions/Anonymous
September 19, 2008
Hi, I'm trying to learn how to use C/C++ expressions in WinDbg. Thanks for your article! I am having trouble with the following: 0:000> ?? * (long*) ((@esp)+12) == -13 bool true 0:000> .if (-13 == -13) {.echo do whatever} do whatever so far, so good. But how do I use this in a conditional? --- 0:000> .if (?? * (long*) ((@esp)+12) == -13) {.echo do whatever} Syntax error at '?? * (long*) ((@esp)+12) == -13) {.echo do whatever}' 0:000> .if (? * (long*) ((@esp)+12) == -13) {.echo do whatever} Syntax error at '? * (long*) ((@esp)+12) == -13) {.echo do whatever}Anonymous
September 20, 2008
The comment has been removedAnonymous
September 22, 2008
Yes, thank you for your detailed explanation, that was very helpful! I guess I was confused when to use ?, when @@c++ and when ?? , but you cleared it up. Apologies if my question was unclear; I understand how to use registers, but I was trying to use a parameter on the stack, and it seemed I had to cast it the way I did.