如何确定 WinDbg 中以空字符结尾的字符串的长度 [英] How to determine length of null-terminated string in WinDbg

问题描述

在调试中的目标进程的地址空间中存在以空字符结尾的 ASCII 字符串.我想写一个 WinDbg 脚本来打印出这个字符串的长度.假设我知道字符串起始字符的地址，我如何计算它的长度?

There is a null-terminated ASCII string existing in the address space of the target process under debugging. I want to write a WinDbg script to print out the length of this string. Assuming I know the address of the starting character of the string, how do I calculate its length?

推荐答案

恕我直言，它在 WinDbg 中并不方便，我尝试找到涉及 s、.foreach 和 .if 超过 15 分钟，但结果令人沮丧.在这种情况下，我使用 Python 等真正的编程语言和 PyKD.

IMHO it's not convenient in WinDbg and I tried finding a solution involving s, .foreach and .if for more than 15 minutes but the result was frustrating. In such a case I use a real programming language like Python with PyKD.

将以下内容保存到文件 strlen.py 中:

Save the following into a file strlen.py:

from pykd import *
import sys

addr = int(sys.argv[1], 16)
length = 0
while(0 != loadBytes(addr+length, 1)[0]):
    length += 1
dprintln(str(length))

然后以地址为参数运行它:

Then run it with the address as argument:

0:022> !py c:\tmp\strlen.py 773a004e
43
0:022> db 773a004e L0n44
773a004e  54 68 69 73 20 70 72 6f-67 72 61 6d 20 63 61 6e  This program can
773a005e  6e 6f 74 20 62 65 20 72-75 6e 20 69 6e 20 44 4f  not be run in DO
773a006e  53 20 6d 6f 64 65 2e 0d-0d 0a 24 00              S mode....$.

请注意，PyKd 不会自动将命名符号转换为地址(例如，您不能将 ntdll 作为地址传递)

Note that PyKd does not automatically convert named symbols to addresses (e.g. you can't pass ntdll as an address)

这篇关于如何确定 WinDbg 中以空字符结尾的字符串的长度的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！