Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Magic Pointers   (RSS)

Special Command—Using Variables and Retrieving Information through Pseudo-Registers

WinDbg for 32 bits and 64 bits has a set of internal pseudo-registers that you can use as variables or as a means to get specific information. The pseudo-registers are, according to WinDbg documentation: Pseudo-register Description $ea The effective address Read More...
Posted Monday, June 16, 2008 3:47 PM by Roberto Farah | 2 Comments

Special Command—Extracting Class and Struct Fields Using dt

dt is another command used almost all the time whenever you want to get the fields and type for a structure or class. For example, you may have a this pointer and use dt to get its fields and type. It’s a simple command with interesting variations that Read More...
Posted Tuesday, April 22, 2008 12:18 AM by Roberto Farah | 1 Comments

Special Command: Using ??, @@c++() and poi() with C/C++ Expressions

I really like using C/C++ expressions from WinDbg. It’s a natural way to extract information from C and C++ applications if you know these programming languages; therefore, I think it’s useful to share how to do this. First, let’s talk about poi(). poi() Read More...
Posted Tuesday, March 04, 2008 8:26 AM by Roberto Farah | 6 Comments

Understanding "Magic" Pointers and Offsets

With this blog post I try to explain how "magic" pointers and offsets work. I just copied the term "magic" to refer to these kinds of pointers or offsets: dd poi(0x129514 + 0x18) + 0x8 L2 du poi(0x0007de95) du poi(poi(poi(0x129514 + 0x9c)) + 0x4) dd poi(0x129514 Read More...
Posted Tuesday, August 07, 2007 6:40 PM by Roberto Farah | 8 Comments
 
Page view tracker